20f64d4cc3297aca0c48ce1afa8f9fc8_JaffaCakes118[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

20f64d4cc3297aca0c48ce1afa8f9fc8_JaffaCakes118.exe
Size

209KB
MD5

20f64d4cc3297aca0c48ce1afa8f9fc8
SHA1

4e32dfadbcbac9e0d0295e6f810d6bb8a677c030
SHA256

84d721511317155c72daf902df0920478243eb7941690806471708f778acc339
SHA512

fb5deeba116289e3b167b31ecd6565b663cbeb75368cd97d275d0e8db37c93a8855fbcc0d46d2cce37f11df4d071a217225a82890e69bb796edccd8900e88db1
SSDEEP

3072:eQcjk9tVRNIcjb4Ryfjijjx14hdeCXHKPJFo9zpE7Di0X0JuLL+o7BlpF9e:eQh9tVRm2kh34hdeCkcG7DEALLlnN

Score

1^/10

Malware Config

Signatures

Files

20f64d4cc3297aca0c48ce1afa8f9fc8_JaffaCakes118.exe
.exe windows:4 windows x86 arch:x86

cda83d02709aa3122667a945a10f311a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/02/2009, 00:00

Not After

11/02/2012, 23:59

Subject

CN=Avira GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development 2009,O=Avira GmbH,L=Tettnang,ST=Baden-Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReplaceFileW
GetSystemInfo
GetComputerNameA
GetCommandLineA
GetLongPathNameW
SetComputerNameA
ExpandEnvironmentStringsA
GetThreadPriority
BeginUpdateResourceW
GlobalAlloc
lstrcpyA
lstrcmp
CompareFileTime
GetModuleFileNameA
lstrlenA
OpenEventA
GetWindowsDirectoryW
MultiByteToWideChar
CopyFileA
ConnectNamedPipe
CompareStringA
SetCurrentDirectoryA
GetProcAddress
GetSystemDefaultLCID
GetFileAttributesA
Beep
GetUserDefaultLangID
CreateFileMappingA
GetACP
WinExec
EnumTimeFormatsA
CreateSemaphoreW
CreateEventW
lstrcmpiA
Sleep
IsBadStringPtrW
VirtualAlloc
QueryPerformanceFrequency

user32

CheckDlgButton
CopyIcon
GetIconInfo
AdjustWindowRect
PostMessageW
LoadBitmapA
RegisterClassW
GetClassInfoW
CheckRadioButton
DestroyCursor
GetMessageW
FlashWindow
SendMessageW
ActivateKeyboardLayout
LoadMenuA
CreateWindowExW
CharLowerW
DefDlgProcW
SetWindowTextW
OpenClipboard
WinHelpW
wvsprintfA
UnregisterClassA
CharPrevA
SetCursorPos
GetClientRect
GetSysColor
DialogBoxParamW
CreateDialogIndirectParamW
LoadImageA
GetMenuItemID
CreateCaret
DrawIcon
GetDesktopWindow
MessageBoxIndirectW
MoveWindow
IsDlgButtonChecked
PostMessageA
InsertMenuItemW
PeekMessageA
EnumDesktopWindows
LoadIconW
ArrangeIconicWindows
CloseWindow
SetWindowRgn

gdi32

CloseFigure
Pie
CopyEnhMetaFileA
ScaleWindowExtEx
GetGlyphIndicesW
GetDeviceCaps
GetGlyphOutlineW
RemoveFontResourceExA
SetViewportExtEx
SetTextAlign
PatBlt
SetPixel
SetDIBits
GetCharABCWidthsFloatA
GetEnhMetaFileBits
GetClipRgn
CreatePen
UpdateICMRegKeyW
CreateSolidBrush
BeginPath

advapi32

RegFlushKey
RegOpenKeyExW
RegQueryValueW
RegDeleteValueA
RegReplaceKeyW

shell32

SHGetFolderPathW

shlwapi

PathIsContentTypeW
PathCompactPathA
PathGetDriveNumberW
PathRemoveExtensionA

ole32

CoLoadLibrary

setupapi

CM_Modify_Res_Des_Ex
MyFree
SetupCommitFileQueueA
SetupRenameErrorA
SetupInstallServicesFromInfSectionA
CM_Get_Log_Conf_Priority_Ex

Sections

.u'!<(
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Y)V$5
Size: 1KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.8
Size: 1KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.oy3
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.-!R
Size: 1024B - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

."
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.5Wvj%
Size: 2KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cda83d02709aa3122667a945a10f311a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

ole32

setupapi

Sections

.u'!<( Size: 9KB - Virtual size: 12KB

.Y)V$5 Size: 1KB - Virtual size: 20KB

.8 Size: 1KB - Virtual size: 27KB

.oy3 Size: 4KB - Virtual size: 3KB

.-!R Size: 1024B - Virtual size: 35KB

." Size: 3KB - Virtual size: 15KB

.5Wvj% Size: 2KB - Virtual size: 20KB

.rsrc Size: 180KB - Virtual size: 268KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

.u'!<(
Size: 9KB - Virtual size: 12KB

.Y)V$5
Size: 1KB - Virtual size: 20KB

.8
Size: 1KB - Virtual size: 27KB

.oy3
Size: 4KB - Virtual size: 3KB

.-!R
Size: 1024B - Virtual size: 35KB

."
Size: 3KB - Virtual size: 15KB

.5Wvj%
Size: 2KB - Virtual size: 20KB

.rsrc
Size: 180KB - Virtual size: 268KB