fad91a8e7e1c089ae25a344be42e4a1c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fad91a8e7e1c089ae25a344be42e4a1c_JaffaCakes118
Size

148KB
MD5

fad91a8e7e1c089ae25a344be42e4a1c
SHA1

3762116116c76d648db86254101f839b75d8765d
SHA256

2e7a987a6d33592f2bba60663ab0166e9a02b426524d24b1c0e384c11499deda
SHA512

03e06351477d693fcd347a9bf05a7cdd0190b26b9880ed1b7f6949d3d1561aa22171dd43ecb93a915a222f004c0a71cd591e80c95d106d59ef54ec5db7fe8f29
SSDEEP

3072:w2Gh4HoROHLkXikTQsKU83YDgmnvdCqoCWedSEVxvm+hyP7:8h5383+nvc5CWeRxe1z

Score

1^/10

Malware Config

Signatures

Files

fad91a8e7e1c089ae25a344be42e4a1c_JaffaCakes118
.exe windows:0 windows x86 arch:x86

6f2fe38dbad7dfd5cf3134b8b7525fb2

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/09/2006, 00:00

Not After

24/11/2007, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:8d:76:1a:1a:70:cc:75:ce:b4:b1:27:4b:78:2a:e6:23:70:78:61
Signer

Actual PE Digest

19:8d:76:1a:1a:70:cc:75:ce:b4:b1:27:4b:78:2a:e6:23:70:78:61

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegisterTraceGuidsW
StartTraceW
TraceEvent
LookupAccountSidA
LookupAccountSidW
OpenTraceW
ProcessTrace
CloseTrace
StopTraceW

kernel32

FindNextFileW
FindFirstFileW
SetThreadLocale
GetSystemDefaultLCID
GetConsoleOutputCP
GetThreadLocale
GetUserDefaultUILanguage
LocalFree
WriteConsoleW
GetFileType
FormatMessageW
GetModuleHandleW
ReadConsoleW
MultiByteToWideChar
ReadFile
SetConsoleMode
GetConsoleMode
CloseHandle
CreateFileW
SystemTimeToFileTime
FreeLibrary
DeleteFileW
LockResource
LoadResource
FindResourceW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersionExA
ExitProcess
GetLastError
GetModuleHandleA
GetACP
GetOEMCP
GetCPInfo
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
WideCharToMultiByte
GetSystemInfo
VirtualQuery
LCMapStringA
LCMapStringW
RtlUnwind
InterlockedExchange
GetStringTypeA
GetStringTypeW
HeapReAlloc
SetFilePointer
GetLocaleInfoA
RaiseException
SetStdHandle
FlushFileBuffers
SetEndOfFile
Sleep
lstrlenA
FileTimeToLocalFileTime
FileTimeToSystemTime
SetLastError
ExpandEnvironmentStringsW
GetStringTypeExW
GetLocaleInfoW
SetConsoleTextAttribute
GetStdHandle
GetConsoleScreenBufferInfo
GetProcessHeap
HeapAlloc
HeapFree
SetEvent
lstrlenW
GetLocalTime
VirtualAllocEx

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

user32

LoadStringW
CharToOemW
wsprintfW
GetSystemMenu
CreateWindowExA

rpcrt4

UuidCreate

ole32

CoCreateInstance
CoInitialize
CoSetProxyBlanket

oleaut32

SafeArrayUnaccessData
VariantClear
SysAllocString
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SysFreeString
SafeArrayGetElement
VariantInit
VariantChangeType
SafeArrayDestroy

ntdll

RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlFreeUnicodeString
RtlStringFromGUID
RtlEnterCriticalSection
RtlAnsiCharToUnicodeChar

msi

MsiGetLanguage
MsiOpenProductW
MsiSourceListAddSourceA
MsiInvalidateFeatureCache
MsiDatabaseExportW
MsiConfigureProductExW
MsiSourceListForceResolutionW
MsiOpenPackageExA
MsiSourceListClearMediaDiskA
MsiRecordGetStringA
MsiGetSummaryInformationW
DllGetVersion
MsiGetComponentStateW
MsiGetPatchInfoW
MsiGetComponentPathA
MsiGetProductCodeA
MsiRecordSetStringW
MsiEnumFeaturesW
MsiGetProductInfoFromScriptW
MsiProcessAdvertiseScriptW
MsiExtractPatchXMLDataA
MsiSourceListClearSourceW

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f2fe38dbad7dfd5cf3134b8b7525fb2

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4Certificate

Extended Key Usages

Key Usages

19:8d:76:1a:1a:70:cc:75:ce:b4:b1:27:4b:78:2a:e6:23:70:78:61Signer

Headers

File Characteristics

Imports

advapi32

kernel32

version

user32

rpcrt4

ole32

oleaut32

ntdll

msi

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 9KB - Virtual size: 108KB

.rsrc Size: 103KB - Virtual size: 102KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

19:8d:76:1a:1a:70:cc:75:ce:b4:b1:27:4b:78:2a:e6:23:70:78:61
Signer

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 9KB - Virtual size: 108KB

.rsrc
Size: 103KB - Virtual size: 102KB