123cd2b876d614e14567cfdeb1d034c7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

123cd2b876d614e14567cfdeb1d034c7_JaffaCakes118
Size

54KB
MD5

123cd2b876d614e14567cfdeb1d034c7
SHA1

69e73dcc3483da7ab2d52722de94aae82e4f8ee9
SHA256

8cedd0d017e578c110b758acd8b3ee17f28db1b83c62263a34267a44f7b918dc
SHA512

01a5f3b16d6712f7e885d7dd81dd89a07485338b6c95d73ef39684662e83d426ba0116105cf90cba8c0cbdefa72d1121f729b97a3132c31f86ff4c29a5a7a324
SSDEEP

768:X2IebFb3/GDDEApDtg9JYcIdW2w1OYLh2GVq:X2Db3/GyJpkW20N2GVq

Score

1^/10

Malware Config

Signatures

Files

123cd2b876d614e14567cfdeb1d034c7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

353662d12b3eae9b12e89ea61aae58c8

Code Sign

75:b3:62:d1:5a:6d:51:e2:5b:63:78:3f:30:ba:3d:e1
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:f4:aa:2c:85:7e:59:e5:73:f0:b8:3c:57:21:8d:8f
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/09/2008, 00:00

Not After

30/05/2020, 10:48

Subject

CN=The Code Project Code Signing CA,O=The Code Project,C=CA

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b5:11:80:67:b7:1e:99:8b:ec:4d:ef:4e:19:56:af:82
Certificate

Issuer

CN=The Code Project Code Signing CA,O=The Code Project,C=CA

Not Before

19/10/2010, 00:00

Not After

18/10/2013, 23:59

Subject

CN=Biz Secure Labs Pvt. Ltd.,O=Biz Secure Labs Pvt. Ltd.,POSTALCODE=411030,STREET=1206\, Sadashiv Peth\, Tilak Road,L=Pune,ST=Maharashtra,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:5b:43:3f:a6:b3:35:c2:f3:32:56:e1:96:96:7e:d0:56:d6:27:d6
Signer

Actual PE Digest

6a:5b:43:3f:a6:b3:35:c2:f3:32:56:e1:96:96:7e:d0:56:d6:27:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

mfc42

ord3574
ord4407
ord3402
ord3721
ord2582
ord6055
ord4078
ord1776
ord4402
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3370
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3640
ord609
ord795
ord641
ord4396
ord324
ord825
ord693
ord2302
ord4234
ord3996
ord4710
ord3089
ord4476
ord6907
ord3998
ord1168
ord2645
ord4224
ord800
ord858
ord2820
ord3811
ord540
ord3302
ord6199
ord2642
ord1576
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord2621
ord1134
ord1146
ord4160
ord2863
ord2379
ord755
ord470
ord2575
ord3597
ord4425
ord5280
ord1775
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord567
ord4673

msvcrt

_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_exit
_onexit
__dllonexit
malloc
free
strncpy
fopen
fputs
fclose
exit
sprintf
__CxxFrameHandler
_setmbcp
_strupr
_mkdir
_strcmpi

kernel32

FindNextFileA
GetStartupInfoA
GetModuleHandleA
FindClose
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CopyFileA
MoveFileExA
CloseHandle
CreateFileA
GetLastError
GetVolumeInformationA
GetDriveTypeA
DeleteFileA
FindFirstFileA

user32

AppendMenuA
GetSystemMenu
DrawIcon
GetClientRect
LoadIconA
IsIconic
wsprintfA
SendMessageA
GetSystemMetrics
EnableWindow

gdi32

CreateSolidBrush

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

353662d12b3eae9b12e89ea61aae58c8

Code Sign

75:b3:62:d1:5a:6d:51:e2:5b:63:78:3f:30:ba:3d:e1Certificate

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:f4:aa:2c:85:7e:59:e5:73:f0:b8:3c:57:21:8d:8fCertificate

Key Usages

b5:11:80:67:b7:1e:99:8b:ec:4d:ef:4e:19:56:af:82Certificate

Extended Key Usages

Key Usages

6a:5b:43:3f:a6:b3:35:c2:f3:32:56:e1:96:96:7e:d0:56:d6:27:d6Signer

Headers

File Characteristics

Imports

shlwapi

version

mfc42

msvcrt

kernel32

user32

gdi32

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 20KB - Virtual size: 16KB

75:b3:62:d1:5a:6d:51:e2:5b:63:78:3f:30:ba:3d:e1
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:f4:aa:2c:85:7e:59:e5:73:f0:b8:3c:57:21:8d:8f
Certificate

b5:11:80:67:b7:1e:99:8b:ec:4d:ef:4e:19:56:af:82
Certificate

6a:5b:43:3f:a6:b3:35:c2:f3:32:56:e1:96:96:7e:d0:56:d6:27:d6
Signer

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 20KB - Virtual size: 16KB