2d132a2d2ae50c030ec1a52f3a635362_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2d132a2d2ae50c030ec1a52f3a635362_JaffaCakes118
Size

13.3MB
MD5

2d132a2d2ae50c030ec1a52f3a635362
SHA1

678dc3befb8b0b5f06d629f7883bab219dcb617a
SHA256

397c299ee262598d2a8488ba6c562d97bc15161ac66b93b23ec0bc9e7ced6e86
SHA512

3739ed6a08da55be8ffc5543c3bdd269ba6608dfa70b2f899ed1223f4099bdad5edc38c7543f811e0f8a9800e8ac664ef54456bc5c1e26bbcb7577a14d136b2a
SSDEEP

393216:EI45gO1avmh3Gr8KWwgRy4JPkYRSR/Y/Ko:V6GdWDRyU8R/po

Score

1^/10

Malware Config

Signatures

Files

2d132a2d2ae50c030ec1a52f3a635362_JaffaCakes118
.exe windows:4 windows x86 arch:x86

42ee3a07b5a94bf7812cb9fef49ada27

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

41:00:26:b7:ae:29:96:3b:60:8d:61:91:1b:77:1e:16
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/05/2012, 00:00

Not After

10/08/2015, 23:59

Subject

CN=Beijing Rising Information Technology Corporation Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Rising Information Technology Corporation Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

da:d0:cf:e2:47:12:de:19:d8:15:25:c2:bb:13:91:8c:bb:5f:7f:6b
Signer

Actual PE Digest

da:d0:cf:e2:47:12:de:19:d8:15:25:c2:bb:13:91:8c:bb:5f:7f:6b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\DistributedAutoLink\Temp\CompileOutputDir\7zSfx.pdb

Imports

user32

CharUpperW
CharUpperA
GetSystemMenu
GetMenuItemCount
GetMenuItemID
EnableMenuItem
EnableWindow
ShowWindow
SendMessageA
LoadStringA
GetDlgItem
MessageBoxA
PostMessageA
CharNextA

oleaut32

SysFreeString
VariantClear
SysAllocString

kernel32

GetSystemTimeAsFileTime
VirtualProtect
LoadLibraryA
IsBadCodePtr
IsBadReadPtr
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetFileType
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetFileAttributesA
CloseHandle
WriteFile
ReadFile
SetFilePointer
GetFileSize
CreateFileA
GetLastError
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
lstrcatA
lstrlenA
GetStartupInfoA
DeleteFileA
lstrcpyA
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
CreateDirectoryA
lstrcpynA
RemoveDirectoryA
FindClose
FindNextFileA
SetFileAttributesA
FindFirstFileA
Sleep
GetTempPathA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetModuleFileNameA
GetDiskFreeSpaceA
GetProcAddress
GetModuleHandleA
ReleaseMutex
CreateThread
GetCommandLineA
CreateMutexA
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
VirtualAlloc
VirtualFree
DeleteCriticalSection
CreateEventA
SetEvent
ResetEvent
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
SetFileTime
CreateFileW
SetLastError
SetFileAttributesW
CreateDirectoryW
DeleteFileW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
FindFirstFileW
SetEndOfFile
GetSystemInfo
RtlUnwind
RaiseException
HeapFree
HeapReAlloc
HeapAlloc
ExitThread
GetOEMCP
GetCPInfo
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
IsBadWritePtr
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
VirtualQuery

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42ee3a07b5a94bf7812cb9fef49ada27

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

41:00:26:b7:ae:29:96:3b:60:8d:61:91:1b:77:1e:16Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

da:d0:cf:e2:47:12:de:19:d8:15:25:c2:bb:13:91:8c:bb:5f:7f:6bSigner

Headers

File Characteristics

PDB Paths

Imports

user32

oleaut32

kernel32

Sections

.text Size: 108KB - Virtual size: 104KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 8KB - Virtual size: 1.0MB

.rsrc Size: 32KB - Virtual size: 29KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

41:00:26:b7:ae:29:96:3b:60:8d:61:91:1b:77:1e:16
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

da:d0:cf:e2:47:12:de:19:d8:15:25:c2:bb:13:91:8c:bb:5f:7f:6b
Signer

.text
Size: 108KB - Virtual size: 104KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 1.0MB

.rsrc
Size: 32KB - Virtual size: 29KB