39418dc1a3863cc8a1af3145d6485d8e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

39418dc1a3863cc8a1af3145d6485d8e_JaffaCakes118
Size

185KB
MD5

39418dc1a3863cc8a1af3145d6485d8e
SHA1

08709a693dfdf63275aabc50757be42c32e08c0c
SHA256

1470fdccb5505b50fdeeb33bf2e9c7bd18dc877b6648fa14c4f60201c1292e3d
SHA512

2268741731f010226b6c638c2bf308945e8f343e85a6d07ab984c749f1251e36d303c4739ccd084bb0c001c2d40dad556c0e6848402797b93cfee127b51cc414
SSDEEP

3072:h5NXMoE10FvoH8OoKXURWJLsrhwyAbtjkVNLEGgjR/fb9uiCH+T4ACo1dBI51:h140FvE7URULsrhwfRgVNQZdb9uiCH+

Score

1^/10

Malware Config

Signatures

Files

39418dc1a3863cc8a1af3145d6485d8e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a8c05495d56d567068b75adfbe69b618

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

IsWindow
GetParent
GetClassNameA
FindWindowExA
SendMessageA

ole32

CoTaskMemFree
StringFromCLSID
CoCreateGuid
CoInitialize
CoUninitialize
CoTaskMemAlloc

kernel32

GetCurrentProcess
HeapFree
HeapAlloc
GetProcessHeap
FreeLibrary
GetProcAddress
LoadLibraryW
WideCharToMultiByte
GetACP
lstrcpynW
LoadLibraryA
lstrlenA
GetVersion
ReadProcessMemory
LoadLibraryExA
GetModuleHandleA
lstrcmpA
CreateFileA
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
GetPrivateProfileStringA
CopyFileA
OpenProcess
Process32NextW
ProcessIdToSessionId
Process32FirstW
GetCurrentProcessId
GetPrivateProfileStructA
WritePrivateProfileStringA
lstrlenW
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalAlloc
ReadFile
FindFirstFileA
FindNextFileA
FindClose
RemoveDirectoryA
GetTempPathA
GetTempFileNameA
CreateDirectoryA
MultiByteToWideChar
GetLongPathNameA
DeleteFileA
GetWindowsDirectoryA
GetShortPathNameA
GetSystemDirectoryA
SetEvent
CreateEventA
WaitForSingleObject
MoveFileExA
CreateToolhelp32Snapshot
Process32First
Process32Next
lstrcpynA
lstrcatA
CreateProcessA
CreateMutexA
CloseHandle
GetModuleFileNameA
GetTickCount
Sleep
GetLastError
GetVersionExA
LocalFree
GetStartupInfoA

advapi32

GetLengthSid
SetTokenInformation
GetTokenInformation
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
GetNamedSecurityInfoA
SetEntriesInAclA
SetNamedSecurityInfoA
RegDeleteValueA
RegCreateKeyExA
RegCreateKeyA
AddAccessAllowedAce
SetSecurityDescriptorDacl
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
RegSetKeySecurity
FreeSid
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
ControlService
StartServiceA
QueryServiceStatus
DeleteService
OpenServiceA
ChangeServiceConfig2A
OpenSCManagerA
CreateServiceA
CloseServiceHandle
InitializeAcl

shlwapi

SHSetValueA
SHGetValueA
SHDeleteKeyA
PathFindFileNameA
PathIsDirectoryA
SHDeleteValueA
PathAppendA
PathRemoveBlanksA
PathRemoveBackslashA
PathRemoveFileSpecA
StrStrIA
wnsprintfA
PathFileExistsA

msvcirt

?sync@istream@@QAEHXZ
?getline@istream@@QAEAAV1@PADHD@Z
??5istream@@QAEAAV0@PAD@Z
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??6ostream@@QAEAAV0@PBD@Z

ws2_32

htons
ntohl
ntohs
WSACleanup
WSAStartup

msvcrt

_onexit
__dllonexit
_strnicmp
_wcsnicmp
_wcsicmp
_strlwr
fgetc
calloc
_exit
_iob
fputc
exit
memcpy
_CxxThrowException
_EH_prolog
strlen
atol
wcscpy
_except_handler3
??1type_info@@UAE@XZ
_controlfp
_XcptFilter
_acmdln
memset
strrchr
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
??2@YAPAXI@Z
_snprintf
_mbsicmp
rand
_mbsnbcpy
fseek
fclose
fputs
strstr
fgets
rewind
fopen
__CxxFrameHandler
wcslen
fwrite
_tempnam
strchr
fread
ftell
tolower
_ismbcupper
free
malloc
_mbscmp
sscanf
printf
_snwprintf
sprintf
time
localtime
memmove
atoi
_mbstok
strncpy
srand
__getmainargs

shell32

SHCreateDirectoryExA

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a8c05495d56d567068b75adfbe69b618

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9dCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

user32

ole32

kernel32

advapi32

shlwapi

msvcirt

ws2_32

msvcrt

shell32

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 45KB - Virtual size: 45KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 45KB - Virtual size: 45KB