14bc6ee4c0f840a3b3ec0eaf9b3b9916_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

14bc6ee4c0f840a3b3ec0eaf9b3b9916_JaffaCakes118
Size

263KB
MD5

14bc6ee4c0f840a3b3ec0eaf9b3b9916
SHA1

089076263c4ded05c86758a5dce68b0c86cdf20d
SHA256

5eaa5dae152e930af814111181c872b8442f30cc5bfe868bbb86bf949b501aba
SHA512

74f1e2f1131bb5621a31e6ad4ff061bb6838b8267196918d5a4a628b3c71256462bcb06b9527e5457d08b336fb7474f6c8fe77ed7dc09964341561207ab14c10
SSDEEP

6144:+O2TeNo7sGzfX09WR1jGdzNFrjFFSloiEF:xGz

Score

1^/10

Malware Config

Signatures

Files

14bc6ee4c0f840a3b3ec0eaf9b3b9916_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bb1fe9341578d8a1518b96e5103ac1cc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:3d:0b:ec:14:63:43:ae:69:21:45:ef:8e:20:3f:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

10-05-2007 00:00

Not After

09-05-2008 23:59

Subject

CN=ACD Systems International Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=ACD Systems International Inc,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

z:\autobuilder\builds\delphinii-acdseepro2\acdseepro-other_dlls.ini\common\acddnlmgr\release\ACDDnlMgr.pdb

Imports

wininet

InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetCloseHandle
InternetOpenA

mfc80

ord2537
ord2991
ord4486
ord1551
ord2862
ord1670
ord5200
ord1671
ord1599
ord4890
ord3292
ord1655
ord5182
ord1656
ord1964
ord3441
ord5175
ord3255
ord310
ord1362
ord4967
ord354
ord5807
ord3345
ord605
ord6277
ord3802
ord6279
ord2095
ord1522
ord1591
ord2172
ord4240
ord2178
ord2405
ord572
ord2387
ord2385
ord3317
ord2325
ord2403
ord715
ord2415
ord2164
ord2392
ord2408
ord1185
ord2413
ord2396
ord2398
ord6286
ord2400
ord578
ord1181
ord2394
ord5320
ord2410
ord745
ord2390
ord934
ord930
ord1794
ord932
ord928
ord741
ord3641
ord2731
ord2086
ord4035
ord5233
ord1545
ord5235
ord4232
ord304
ord5960
ord6090
ord1600
ord4735
ord4282
ord4580
ord4722
ord3164
ord3403
ord2168
ord266
ord6067
ord6297
ord5331
ord2657
ord5203
ord4185
ord6275
ord265
ord5073
ord2368
ord1908
ord2835
ord1187
ord4244
ord1401
ord587
ord3946
ord1643
ord762
ord1617
ord1581
ord1620
ord6725
ord5912
ord5915
ord6724
ord1402
ord5214
ord4262
ord5491
ord781
ord3850
ord911
ord907
ord2322
ord2469
ord5715
ord5716
ord557
ord2468
ord5403
ord6703
ord784
ord299
ord1489
ord757
ord4307
ord566
ord2714
ord2838
ord2540
ord2646
ord2533
ord3683
ord3718
ord3719
ord4541
ord3709
ord2644
ord3949
ord4481
ord4261
ord3333
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord2248
ord5102
ord2020
ord6219
ord5382
ord3832
ord1054
ord1920
ord3830
ord2931
ord5224
ord5226
ord3948
ord4568
ord5230
ord5213
ord5566
ord764
ord1207
ord1084
ord923
ord5152

msvcr80

_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__CxxFrameHandler3
_setmbcp
atol
_beginthreadex
memcpy_s
memset
_CxxThrowException
_controlfp_s

kernel32

SetEvent
WaitForSingleObject
InterlockedExchange
CloseHandle
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
GetACP
CreateEventA
GetTempPathA
CreateDirectoryA
Sleep
GetTempFileNameA
GetThreadLocale
GetVersionExA
CreateFileA
DeleteFileA
WriteFile

user32

PostMessageA
EnableWindow
SendMessageA

gdi32

GetObjectA
CreateFontIndirectA
DeleteObject
GetStockObject

advapi32

RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegQueryValueExA

shell32

ShellExecuteA
ShellExecuteExA

comctl32

ord17

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 227KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bb1fe9341578d8a1518b96e5103ac1cc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

50:3d:0b:ec:14:63:43:ae:69:21:45:ef:8e:20:3f:32Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

wininet

mfc80

msvcr80

kernel32

user32

gdi32

advapi32

shell32

comctl32

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 227KB - Virtual size: 247KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

50:3d:0b:ec:14:63:43:ae:69:21:45:ef:8e:20:3f:32
Certificate

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 227KB - Virtual size: 247KB