06e25ddeecf0f90debe01d180108ff26_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

06e25ddeecf0f90debe01d180108ff26_JaffaCakes118
Size

488KB
MD5

06e25ddeecf0f90debe01d180108ff26
SHA1

beaa95aa12f36087732cfa537ce2b23aa11ef36a
SHA256

1572313c10b7e213671bd1401bbf85cf2ef8d30b0ced9b4dcd60d51118f5ff8a
SHA512

b4c19cdaec808d468e15c67fb3ae5f699be5b133dc5be4ae3312d1f3b92372959953eecce05150c230e7546edc7c9a9e8971409e9c46d7b3e65efe08631d6571
SSDEEP

12288:nYAOgKyl56Yh7NH/MW/Wm7MDgTuaZxZMma:Ybgjl56Y5NJt7kgqSM

Score

1^/10

Malware Config

Signatures

Files

06e25ddeecf0f90debe01d180108ff26_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7cf74e362f3a7aa9617588975cb5b8ca

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a9:2c:56:8b:cc:18:e5:0f:67:fe:bc:f3:32:dd:6f:31:ca:d2:18:a8
Signer

Actual PE Digest

a9:2c:56:8b:cc:18:e5:0f:67:fe:bc:f3:32:dd:6f:31:ca:d2:18:a8

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\vqq_debug\release\pdb\QQImeRegDict.pdb

Imports

kernel32

FindResourceW
GetCurrentProcess
WideCharToMultiByte
SizeofResource
MultiByteToWideChar
LockResource
LoadResource
FindResourceExW
CreateFileW
DeleteFileW
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
InitializeCriticalSection
FlushInstructionCache
SetLastError
lstrlenW
DeleteCriticalSection
RaiseException
GetCommandLineW
GetLastError
EnterCriticalSection
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
CloseHandle
SetFilePointer
WriteFile
FreeLibrary
GetCPInfo
FindClose
FindFirstFileW
GetProcAddress
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
LoadLibraryW
GetCurrentThreadId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InterlockedCompareExchange
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
HeapCreate
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
Sleep
GetModuleFileNameW
FreeEnvironmentStringsA

user32

GetParent
GetWindowRect
GetMessageW
SetWindowLongW
ScreenToClient
MoveWindow
PostQuitMessage
LoadImageW
DestroyWindow
DispatchMessageW
TranslateMessage
IsDialogMessageW
CreateDialogParamW
UnregisterClassA
EnableWindow
SetFocus
GetDlgItem
SetWindowTextW
IsWindow
SendMessageW
PostMessageW
MessageBoxW
SetForegroundWindow
ShowWindow

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

ole32

CoCreateInstance
CreateBindCtx

oleaut32

SysAllocString
SysFreeString

comctl32

ord17

urlmon

RegisterBindStatusCallback
CreateURLMoniker

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Fv�
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7cf74e362f3a7aa9617588975cb5b8ca

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

a9:2c:56:8b:cc:18:e5:0f:67:fe:bc:f3:32:dd:6f:31:ca:d2:18:a8Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

comctl32

urlmon

Sections

.text Size: 104KB - Virtual size: 101KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 100KB - Virtual size: 98KB

Fv� Size: 236KB - Virtual size: 236KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

a9:2c:56:8b:cc:18:e5:0f:67:fe:bc:f3:32:dd:6f:31:ca:d2:18:a8
Signer

.text
Size: 104KB - Virtual size: 101KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 100KB - Virtual size: 98KB

Fv�
Size: 236KB - Virtual size: 236KB