25f620b974af87936cf05e21741667cd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

25f620b974af87936cf05e21741667cd_JaffaCakes118
Size

677KB
MD5

25f620b974af87936cf05e21741667cd
SHA1

f17b346b5aa5f011b26e6e287c9ff3d4dc8d07c1
SHA256

2074df24ec6b1d9c6308c9a83bbeee49f91bfd374df77cc03af42962d6bcb895
SHA512

d080f829ce0dee86155204ea954aa20851cbd4feb165613e0d9b14dcc0ddc4dfa7154acbd55e8b97f615b36f7b184502480e12b52e1ad6436f0a225458c75d23
SSDEEP

12288:MRVFIvHiHovIBjj4lKcE2lk2LBoayKGxk4QHiHovIBjj4lKcE2lk2LBoayKGxk43:MZIvXVtEMpB/jEvQXVtEMpB/jEv3

Score

1^/10

Malware Config

Signatures

Files

25f620b974af87936cf05e21741667cd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cc3d30310a2c54cf61fa03ce1e77e3de

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

43:b0:32:6a:97:58:f7:be:75:fb:6d:38:f5:92:99:9d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/05/2019, 00:00

Not After

11/05/2020, 23:59

Subject

CN=Midtronics\,Inc.,O=Midtronics\,Inc.,L=Willowbrook,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

72:83:67:ab:18:11:31:79:11:79:8e:6b:7c:9e:ce:db:7c:75:ab:d1
Signer

Actual PE Digest

72:83:67:ab:18:11:31:79:11:79:8e:6b:7c:9e:ce:db:7c:75:ab:d1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
FindExecutableA

user32

GetSysColor
GetClientRect
SetRect
EndPaint
LoadCursorA
GetLastActivePopup
ShowWindow
PostMessageA
SendMessageA
EnableWindow
GetWindowLongA
SetWindowLongA
SetWindowTextA
SetForegroundWindow
SetActiveWindow
DialogBoxIndirectParamA
GetDlgItemTextA
EndDialog
GetWindowRect
BeginPaint
SetWindowPos
GetKeyState
CharUpperBuffA
SetTimer
KillTimer
SendDlgItemMessageA
UpdateWindow
SetDlgItemTextA
GetDlgItem
InvalidateRect
OemToCharBuffA
PeekMessageA
TranslateMessage
DispatchMessageA
GetParent
MessageBoxA
SetCursor
CharNextA
SetWindowWord
GetWindowWord
DefWindowProcA
RegisterClassA
GetSystemMetrics

kernel32

lstrlenA
SetStdHandle
GetLocaleInfoA
GetSystemInfo
VirtualProtect
VirtualAlloc
GetCPInfo
GetOEMCP
GetACP
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
HeapAlloc
HeapReAlloc
VirtualQuery
InterlockedExchange
LoadLibraryA
GetStringTypeW
GetStringTypeA
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetLastError
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
FindClose
FindFirstFileA
GetCurrentDirectoryA
CreateDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
LocalAlloc
_lopen
GetDriveTypeA
GetEnvironmentVariableA
GlobalFree
GlobalUnlock
GlobalHandle
_lclose
_llseek
_lread
GlobalLock
GlobalAlloc
LocalFree
GlobalMemoryStatus
GetVersion
GetModuleFileNameA
WriteFile
GetSystemTime
ExitProcess
CloseHandle
CreateFileA
SetCurrentDirectoryA
FlushFileBuffers
_lcreat
GetVolumeInformationA
GetWindowsDirectoryA
SetFilePointer
WinExec
_lwrite
lstrcmpiA
SetErrorMode
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
GetStdHandle

gdi32

SelectObject
SetTextAlign
SetBkColor
SetTextColor
DeleteObject
GetBkColor
GetTextExtentPoint32A
ExtTextOutA
CreateDCA
GetDeviceCaps
CreateFontIndirectA
DeleteDC

advapi32

RegQueryValueA

comctl32

ord17

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_winzip_
Size: 580KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc3d30310a2c54cf61fa03ce1e77e3de

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

43:b0:32:6a:97:58:f7:be:75:fb:6d:38:f5:92:99:9dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

72:83:67:ab:18:11:31:79:11:79:8e:6b:7c:9e:ce:db:7c:75:ab:d1Signer

Headers

File Characteristics

Imports

shell32

user32

kernel32

gdi32

advapi32

comctl32

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 28KB - Virtual size: 25KB

_winzip_ Size: 580KB - Virtual size: 580KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

43:b0:32:6a:97:58:f7:be:75:fb:6d:38:f5:92:99:9d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

72:83:67:ab:18:11:31:79:11:79:8e:6b:7c:9e:ce:db:7c:75:ab:d1
Signer

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 28KB - Virtual size: 25KB

_winzip_
Size: 580KB - Virtual size: 580KB