f076afd1e1dda5527b38dc3ea0fbbad5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f076afd1e1dda5527b38dc3ea0fbbad5_JaffaCakes118
Size

1.5MB
MD5

f076afd1e1dda5527b38dc3ea0fbbad5
SHA1

70f69eb1cd945e10eeff7f9b56f718b27140c736
SHA256

38d85ca80e4196b839d45358d59a4d6e43b48f149e659fc4385cc41875fc9811
SHA512

4dbbd3623f73ab7eabf756283f84926078bbdf97bfb7d891f9fa7f3a8c2995f1fcd9e5e111ff97fd2e34f642aa64baadb036afc25dd17e9a4124d139998451b6
SSDEEP

24576:l3V8t3i1Trl2ZKEv7lAVbKAJDTqNamHzqJrUPx69LZ/An8jGrNzKCAS++AG:/8ty1TB2ZKEJOvDsiEA/xWl4

Score

1^/10

Malware Config

Signatures

Files

f076afd1e1dda5527b38dc3ea0fbbad5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a699bcf8a6da3f5ad02d17483dc1befd

Code Sign

06:47:ef:a2:54:f9:a0:b8:2a:42:e7:d7:76:71:16:09
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/10/2010, 00:00

Not After

26/10/2011, 23:59

Subject

CN=Arcadeweb LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Arcadeweb LLC,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

rpcrt4

UuidCreate
UuidToStringA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LoadResource
SizeofResource
FindResourceA
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
LoadLibraryExA
FreeLibrary
IsDBCSLeadByte
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
MulDiv
GlobalLock
GlobalUnlock
SetLastError
GetFileAttributesA
WritePrivateProfileStringA
CreateThread
WaitForSingleObject
CreateProcessA
WinExec
GetComputerNameA
GetVolumeInformationA
GetTickCount
GetCurrentProcessId
HeapReAlloc
SetFilePointer
GlobalMemoryStatusEx
GetDiskFreeSpaceExA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetHandleCount
lstrcatA
GetStringTypeA
LCMapStringW
LCMapStringA
HeapSize
GetStdHandle
MultiByteToWideChar
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapCreate
GetStartupInfoA
GetCommandLineA
GetConsoleMode
GetConsoleCP
GetFileType
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualProtect
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
WriteConsoleW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
RtlUnwind
GetLocaleInfoA
FlushFileBuffers
GetConsoleOutputCP
lstrcpynA
FindNextFileA
FindClose
FindFirstFileA
MoveFileExA
GetTempPathA
lstrcpyA
HeapFree
WriteFile
DeleteFileA
GetProcessHeap
HeapAlloc
CreateDirectoryA
GlobalAlloc
GetExitCodeProcess
SetCurrentDirectoryA
GetCurrentDirectoryA
Sleep
GetVersionExA
ExitProcess
CreateMutexA
LoadLibraryA
GetProcAddress
lstrcmpA
lstrcmpiA
lstrlenW
WideCharToMultiByte
GetPrivateProfileStringA
TlsFree
lstrlenA
ReadFile
GetFileSize
CreateFileA
GetModuleFileNameA
CloseHandle
GetLastError
LocalFree
LocalAlloc
SetStdHandle
SetEndOfFile
WriteConsoleA
GetStringTypeW

user32

SetCapture
RedrawWindow
InvalidateRgn
IsChild
GetParent
IsWindow
GetClassNameA
GetClassInfoExA
GetSysColor
DestroyAcceleratorTable
GetFocus
GetDesktopWindow
CreateAcceleratorTableA
ReleaseCapture
DrawTextA
CallWindowProcA
SetCursor
UpdateWindow
IsDlgButtonChecked
PostMessageA
CheckRadioButton
SystemParametersInfoA
LoadIconA
ExitWindowsEx
ScreenToClient
ClientToScreen
SetWindowPos
MoveWindow
GetWindowTextLengthA
GetWindowTextA
DestroyWindow
LoadCursorA
CharNextA
MessageBoxA
FillRect
GetWindowRect
GetDlgCtrlID
GetDlgItem
EnableWindow
SetWindowTextA
EndPaint
RegisterClassExA
GetWindowDC
BeginPaint
DrawFocusRect
SetWindowLongA
InvalidateRect
ReleaseDC
SetForegroundWindow
FindWindowA
IsDialogMessageA
SetFocus
TranslateMessage
DispatchMessageA
GetMessageA
ShowWindow
SendMessageA
PostQuitMessage
GetClientRect
GetDC
CreateWindowExA
DefWindowProcA
GetWindowLongA
GetWindow
RegisterWindowMessageA
UnregisterClassA

gdi32

CreateCompatibleBitmap
GetDeviceCaps
DeleteObject
DeleteDC
BitBlt
GetObjectA
CreateCompatibleDC
CreateSolidBrush
SetBkColor
SetTextColor
SelectObject
TextOutA
CreateFontA
SetBkMode
GetStockObject
CreateDIBitmap

advapi32

RegSetValueExA
AdjustTokenPrivileges
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
FreeSid
SetFileSecurityA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclA
AllocateAndInitializeSid
RegCloseKey
RegQueryInfoKeyA
OpenProcessToken
CheckTokenMembership
LookupPrivilegeValueA

shell32

ShellExecuteA
ShellExecuteExA
SHGetSpecialFolderPathA
SHGetFolderPathA

ole32

OleLockRunning
CoGetClassObject
CLSIDFromProgID
CreateStreamOnHGlobal
OleInitialize
CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
OleUninitialize
CLSIDFromString

oleaut32

SysFreeString
OleCreateFontIndirect
SysAllocStringLen
SysAllocString
SysStringLen
VariantInit
VariantClear
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi

shlwapi

wnsprintfA
StrStrIA
StrStrA
AssocQueryStringA
StrNCatA
StrToIntA
PathFileExistsA

Sections

.text
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a699bcf8a6da3f5ad02d17483dc1befd

Code Sign

06:47:ef:a2:54:f9:a0:b8:2a:42:e7:d7:76:71:16:09Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

rpcrt4

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 236KB - Virtual size: 236KB

.rdata Size: 67KB - Virtual size: 66KB

.data Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 26KB - Virtual size: 25KB

06:47:ef:a2:54:f9:a0:b8:2a:42:e7:d7:76:71:16:09
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 236KB - Virtual size: 236KB

.rdata
Size: 67KB - Virtual size: 66KB

.data
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 26KB - Virtual size: 25KB