41815447017f7ac4140dcfab4cc73260_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

41815447017f7ac4140dcfab4cc73260_JaffaCakes118
Size

7.7MB
MD5

41815447017f7ac4140dcfab4cc73260
SHA1

19e3034c452e59a400ab5d8e59c321177d844c99
SHA256

517bfd4eee6cc641820946698ace7d6308880a1d64c73f7e49acb97f601a45bf
SHA512

06416454cd216503518a5f2ada36c8ba27e259c9f5dc16d0fc2a43bb663ecc803cf2c71e523542aacab3710be1c8f870b2ac7b5c85ab132e9375c4a9ba2d8411
SSDEEP

98304:M+rj/koJoxx8bSLTSNL9i7NEiY8LpJU/Exlr3AkwWQtd8XQINEBRfKmMqa9adzPc:ioJoUENEiY6pbBAkgjBRfjD+Z331Zx

Score

1^/10

Malware Config

Signatures

Files

41815447017f7ac4140dcfab4cc73260_JaffaCakes118
.exe windows:6 windows x86 arch:x86

63f511b5c34d2dc68f55d7c3d5ce4e1b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05/03/2014, 00:00

Not After

04/03/2017, 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:cb:97:c8:76:fa:b2:59:95:56:b8:e8:8c:be:b0:0e
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21/12/2015, 00:00

Not After

04/03/2017, 23:59

Subject

CN=McAfee\, Inc.,OU=Engineering,O=McAfee\, Inc.,L=Santa Clara,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

96:b3:eb:68:aa:41:4a:4e:6c:be:38:6c:36:df:1b:bf:56:c3:84:ab:81:28:a5:75:b5:8f:42:6a:c2:c0:92:8f
Signer

Actual PE Digest

96:b3:eb:68:aa:41:4a:4e:6c:be:38:6c:36:df:1b:bf:56:c3:84:ab:81:28:a5:75:b5:8f:42:6a:c2:c0:92:8f

Digest Algorithm

sha256

PE Digest Matches

true

0a:c0:cd:9f:a0:b7:40:90:c9:25:2e:75:07:8a:a0:e0:26:d7:e5:c0
Signer

Actual PE Digest

0a:c0:cd:9f:a0:b7:40:90:c9:25:2e:75:07:8a:a0:e0:26:d7:e5:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\BuildEngineSpace\Temp\2cb41452-c7eb-4b17-ae12-ac338b45ce5c\build\Win32\Release\DMSelfExtractor.pdb

Imports

shlwapi

PathFileExistsA
PathFileExistsW
PathFindFileNameA
PathAppendW
PathRemoveExtensionA
PathRemoveFileSpecW
PathStripToRootW
PathRemoveFileSpecA
SHDeleteKeyW
PathFindExtensionW
PathAddExtensionA

wintrust

WinVerifyTrust

crypt32

CryptMsgGetParam
CryptDecodeObject
CertCloseStore
CertGetSubjectCertificateFromStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringW
CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptMsgClose

kernel32

LoadResource
FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
VirtualQuery
CreateDirectoryW
GetLongPathNameW
WriteFile
GetTempPathW
CreateFileW
GetSystemDirectoryW
CloseHandle
LoadLibraryW
GetProcAddress
FreeLibrary
WideCharToMultiByte
lstrcmpW
SetLastError
LoadLibraryExW
ReleaseSRWLockShared
AcquireSRWLockShared
GlobalFindAtomW
IsBadReadPtr
SystemTimeToFileTime
GetCurrentProcessId
OutputDebugStringW
LockFileEx
UnlockFileEx
FindResourceExW
AcquireSRWLockExclusive
GetWindowsDirectoryW
GlobalAddAtomW
CopyFileW
MoveFileW
MoveFileExW
ReplaceFileW
DeleteFileA
SetFileAttributesA
GetTempPathA
GetTempFileNameA
GetModuleHandleW
FindClose
FindFirstFileW
GetFileAttributesW
SetFilePointer
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetCurrentThreadId
GetLocalTime
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
HeapFree
SizeofResource
RaiseException
HeapReAlloc
LockResource
GetLastError
Sleep
MultiByteToWideChar
HeapSize
VirtualAlloc
InitializeCriticalSectionEx
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
ReleaseSRWLockExclusive
lstrlenW
VerifyVersionInfoW
VerSetConditionMask
LocalFree
LocalAlloc
GetSystemInfo
VirtualProtect
LoadLibraryExA
IsDebuggerPresent
FormatMessageW
GetStringTypeW
EncodePointer
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwind
SetFilePointerEx
ReadFile
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetFileType
ExitProcess
GetModuleHandleExW
GetStdHandle
GetModuleFileNameA
GetACP
FlushFileBuffers
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
WriteConsoleW
SetEndOfFile
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineA
GetCommandLineW
FindFirstFileExA
FindNextFileA
WritePrivateProfileStringW
WritePrivateProfileStructW
GetCurrentDirectoryW

advapi32

GetTraceEnableFlags
RegGetKeySecurity
RegFlushKey
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
FreeSid
RegSetValueExA
RegQueryValueExA
SystemFunction036
RegOpenKeyExA
RegSetKeySecurity
RegSetValueExW
RegNotifyChangeKeyValue
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
TraceEvent
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

ole32

CLSIDFromString
StringFromGUID2

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.4MB - Virtual size: 7.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63f511b5c34d2dc68f55d7c3d5ce4e1b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

44:cb:97:c8:76:fa:b2:59:95:56:b8:e8:8c:be:b0:0eCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9eCertificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

96:b3:eb:68:aa:41:4a:4e:6c:be:38:6c:36:df:1b:bf:56:c3:84:ab:81:28:a5:75:b5:8f:42:6a:c2:c0:92:8fSigner

0a:c0:cd:9f:a0:b7:40:90:c9:25:2e:75:07:8a:a0:e0:26:d7:e5:c0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

wintrust

crypt32

kernel32

advapi32

ole32

version

Sections

.text Size: 268KB - Virtual size: 267KB

.rdata Size: 72KB - Virtual size: 72KB

.data Size: 7KB - Virtual size: 10KB

.gfids Size: 1024B - Virtual size: 632B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 7.4MB - Virtual size: 7.4MB

.reloc Size: 15KB - Virtual size: 14KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5d:c9:8b:9a:dd:1b:30:09:09:83:cb:e5:3b:9e:64:06
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

44:cb:97:c8:76:fa:b2:59:95:56:b8:e8:8c:be:b0:0e
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

96:b3:eb:68:aa:41:4a:4e:6c:be:38:6c:36:df:1b:bf:56:c3:84:ab:81:28:a5:75:b5:8f:42:6a:c2:c0:92:8f
Signer

0a:c0:cd:9f:a0:b7:40:90:c9:25:2e:75:07:8a:a0:e0:26:d7:e5:c0
Signer

.text
Size: 268KB - Virtual size: 267KB

.rdata
Size: 72KB - Virtual size: 72KB

.data
Size: 7KB - Virtual size: 10KB

.gfids
Size: 1024B - Virtual size: 632B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 7.4MB - Virtual size: 7.4MB

.reloc
Size: 15KB - Virtual size: 14KB