f1556231ac1cb20fd268e19e69772404_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f1556231ac1cb20fd268e19e69772404_JaffaCakes118
Size

62KB
MD5

f1556231ac1cb20fd268e19e69772404
SHA1

7f6a4ff8b93edece73f6c68a4583ff02b6adba20
SHA256

e16992d00d89b4ac9c5bfbb2c5c2a5ff9e70bed012f7b14fc371d0200ce03c72
SHA512

0b421fe8de858590138dab1a1a6ae2a7e1093b3c7ba694ea9c17eb6a46fb7712fb673bae5824f385ccce382b07c56478a7fde7c5635227f74e704883588e61fe
SSDEEP

1536:uoU+ioeX1j88DZmmRkDp08oFxJhE7QM4gqf2noz:uoU+iogm6jCQ/f2nU

Score

1^/10

Malware Config

Signatures

Files

f1556231ac1cb20fd268e19e69772404_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3468aab0888f86b016c19b337770ce33

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:58:93:97:b5:06:48:16:ed:14:9d:bb:96:ca:a7:e2
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

09/03/2006, 00:00

Not After

19/03/2007, 23:59

Subject

CN=Evolution World Wide Limited,OU=SECURE APPLICATION DEPARTMENT,O=Evolution World Wide Limited,L=HK,ST=HK,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c7:d2:fa:69:cb:99:3b:b8:55:81:b5:a1:ce:76:05:25:2e:34:e0:30
Signer

Actual PE Digest

c7:d2:fa:69:cb:99:3b:b8:55:81:b5:a1:ce:76:05:25:2e:34:e0:30

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
GetLastError
FindResourceA
GetModuleHandleA
DuplicateHandle
GetCurrentProcess
CreateFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
CloseHandle
LockFile
UnlockFile
SetEndOfFile
MoveFileA
DeleteFileA
FileTimeToLocalFileTime
FindClose
FindFirstFileA
FreeLibrary
LocalFree
FormatMessageA
LoadLibraryExA
GetTempPathA
GetTempFileNameA
LoadLibraryA
CreateProcessA
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
LCMapStringW
LCMapStringA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
HeapSize
TerminateProcess
HeapAlloc
HeapReAlloc
Sleep
lstrcmpiA
CreateThread
GetModuleFileNameA
lstrcpyA
GetTickCount
GetWindowsDirectoryA
lstrcatA
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
GlobalAlloc
GlobalFree
GetProcAddress
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
HeapFree
RaiseException
RtlUnwind

user32

PeekMessageA
DispatchMessageA
GetWindowLongA
GetParent
PostMessageA
GetClientRect
wsprintfA
GetMessageA
GetDlgItem
SendMessageA
SetWindowLongA
DefWindowProcA
RegisterClassExA
IsWindow
PostQuitMessage
SetDlgItemTextA
TranslateMessage
LoadStringA
LoadIconA
LoadCursorA
CreateWindowExA
CreateDialogParamA
UpdateWindow
GetSystemMetrics
MoveWindow
SetWindowTextA
DestroyWindow
ShowWindow

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegLoadKeyA
RegRestoreKeyA
RegSaveKeyA
RegCloseKey
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegFlushKey
RegOpenKeyExA

comctl32

InitCommonControlsEx

shlwapi

StrFormatByteSizeA

urlmon

URLDownloadToFileA

wininet

HttpQueryInfoA
HttpSendRequestA
DeleteUrlCacheEntry
InternetCloseHandle
InternetReadFile
InternetConnectA
InternetOpenA
InternetCrackUrlA
HttpOpenRequestA

ole32

OleSetContainedObject
CoUninitialize
CoInitialize
OleCreate
CoTaskMemAlloc

oleaut32

SafeArrayUnaccessData
SysFreeString
VariantInit
SysAllocString
VariantClear
SafeArrayCreate
SafeArrayAccessData
SafeArrayDestroy

Sections

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3468aab0888f86b016c19b337770ce33

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

18:58:93:97:b5:06:48:16:ed:14:9d:bb:96:ca:a7:e2Certificate

Extended Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c7:d2:fa:69:cb:99:3b:b8:55:81:b5:a1:ce:76:05:25:2e:34:e0:30Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

comctl32

shlwapi

urlmon

wininet

ole32

oleaut32

Sections

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 46KB - Virtual size: 51KB

.rsrc Size: 2KB - Virtual size: 1KB

01
Certificate

0a
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

18:58:93:97:b5:06:48:16:ed:14:9d:bb:96:ca:a7:e2
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c7:d2:fa:69:cb:99:3b:b8:55:81:b5:a1:ce:76:05:25:2e:34:e0:30
Signer

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 46KB - Virtual size: 51KB

.rsrc
Size: 2KB - Virtual size: 1KB