ffb3763e4298448f46d87e29ddb16035_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ffb3763e4298448f46d87e29ddb16035_JaffaCakes118
Size

418KB
MD5

ffb3763e4298448f46d87e29ddb16035
SHA1

01efc621b4089b149c917bed03da93bb00ae74ea
SHA256

e3500e197c4916e48b779c0828ae50c868dd00e21fa7be42359d6f9063896d0b
SHA512

5e265318514bf18a934677281a9bef5298be4db0efa4c1d1f6cae66662e54cbcc8783d11a614afa6859d1897ae13dcc8b9c5e022f5a00b6813d251f7be83b375
SSDEEP

12288:Iiubd9gymVai75IduCcXcOIkdt/aag2ApnAs7:xuZ9wVaimsCcX1/ax2ApnJ7

Score

1^/10

Malware Config

Signatures

Files

ffb3763e4298448f46d87e29ddb16035_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f968009600c7108dda8aecb8c38d35d8

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

03/12/2001, 00:00

Not After

02/12/2011, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2001 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1a:45:42:d3:8a:e6:ae:cc:1d:e4:1a:b6:97:18:c7:c3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2001 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Not Before

10/10/2003, 00:00

Not After

31/10/2004, 23:59

Subject

CN=Adobe Systems\, Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Acrobat Engineering,O=Adobe Systems\, Incorporated,L=San Jose,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDiskFreeSpaceExA
GetFileInformationByHandle
CreateFileA
CreateProcessA
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
OpenProcess
HeapAlloc
HeapFree
GetProcessHeap
GetProcAddress
LoadLibraryA
WriteFile
ReadFile
CloseHandle
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
MoveFileA
CreateThread
IsDBCSLeadByte
WritePrivateProfileStringA
DeleteFileA
GetModuleFileNameA
SetCurrentDirectoryA
CreateDirectoryA
FindResourceExA
LoadResource
LockResource
GetSystemDefaultLCID
WideCharToMultiByte
GetVersionExA
GetCurrentThread
GetLastError
GetCurrentProcess
LocalAlloc
LocalFree
GetTempPathA
GetTempFileNameA
GetPrivateProfileStringA
SetFilePointer
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW

user32

GetWindowLongA
SetWindowLongA
PostMessageA
DefWindowProcA
CreateWindowExA
ShowWindow
UpdateWindow
RegisterClassExA
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
PostQuitMessage

advapi32

RegQueryValueExA
ImpersonateSelf
OpenThreadToken
OpenProcessToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
FreeSid
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteExA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f968009600c7108dda8aecb8c38d35d8

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69Certificate

Extended Key Usages

Key Usages

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

1a:45:42:d3:8a:e6:ae:cc:1d:e4:1a:b6:97:18:c7:c3Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 34KB - Virtual size: 33KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 11KB - Virtual size: 16KB

.rsrc Size: 17KB - Virtual size: 17KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

1a:45:42:d3:8a:e6:ae:cc:1d:e4:1a:b6:97:18:c7:c3
Certificate

.text
Size: 34KB - Virtual size: 33KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 11KB - Virtual size: 16KB

.rsrc
Size: 17KB - Virtual size: 17KB