f14c8a35265b403ce74476f1d4f33aee_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f14c8a35265b403ce74476f1d4f33aee_JaffaCakes118
Size

538KB
MD5

f14c8a35265b403ce74476f1d4f33aee
SHA1

e3874bee6f4b55bd0df2b466c70ebfb93442c4d9
SHA256

552fdf7918be5418fb4cb5b6a18c892fa59efe69629d3f4e05c1f12e0590685e
SHA512

782d502e4ac225edee8ebbd59b68509b7c8a9f8aefef4be75ed541d840b592574edf8df118f6845f653d7393b94ede40c0dfade910be1c397dbd2bd39ef5e471
SSDEEP

6144:4kvPDEUlmkJoquL9uGTirwS5/NllSuWF5KvQ8HWnED97LAyxViSP2Re8J2qQ:LvLNlm7qE9udLOuiAI82nEhLAyx0kuQ

Score

1^/10

Malware Config

Signatures

Files

f14c8a35265b403ce74476f1d4f33aee_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5e23ecb34c50ced00b281b75dc840cb7

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/10/2008, 21:24

Not After

22/01/2010, 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d9:ed:88:18:e1:be:c8:6a:b0:00:47:69:5f:a8:29:31:94:46:b0:d2
Signer

Actual PE Digest

d9:ed:88:18:e1:be:c8:6a:b0:00:47:69:5f:a8:29:31:94:46:b0:d2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\11238181823812318238.pdb

Imports

kernel32

FileTimeToSystemTime
GetSystemTimeAsFileTime
GetLocalTime
GetProcAddress
LoadLibraryExA
SetStdHandle
SetFilePointer
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
DebugBreak
RaiseException
LoadLibraryA
TerminateProcess
GetCurrentProcess
ExitProcess
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
GetModuleFileNameA
GetLastError
GetFileAttributesW
GetCPInfo
IsBadWritePtr
IsBadReadPtr
HeapValidate
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
RtlUnwind
HeapAlloc
GetProcessHeap
CloseHandle
FreeLibrary
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
SetConsoleCtrlHandler
GetTimeFormatA
GetDateFormatA
HeapReAlloc
VirtualAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
VirtualProtect
GetSystemInfo
VirtualQuery
GetACP
GetOEMCP
InterlockedExchange
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetTimeZoneInformation
GetLocaleInfoW
LCMapStringA
LCMapStringW
FlushFileBuffers

ole32

CoTaskMemAlloc

Sections

.rda1273
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e23ecb34c50ced00b281b75dc840cb7

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:06:27:81:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

61:49:7c:ed:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

d9:ed:88:18:e1:be:c8:6a:b0:00:47:69:5f:a8:29:31:94:46:b0:d2Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

ole32

Sections

.rda1273 Size: 64KB - Virtual size: 64KB

.text Size: 132KB - Virtual size: 128KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 68KB - Virtual size: 122KB

.idata Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:06:27:81:00:00:00:00:00:08
Certificate

61:49:7c:ed:00:00:00:00:00:05
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

d9:ed:88:18:e1:be:c8:6a:b0:00:47:69:5f:a8:29:31:94:46:b0:d2
Signer

.rda1273
Size: 64KB - Virtual size: 64KB

.text
Size: 132KB - Virtual size: 128KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 68KB - Virtual size: 122KB

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB