42094c5129a9c03a42617b9a77f37dd5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42094c5129a9c03a42617b9a77f37dd5_JaffaCakes118
Size

1.5MB
MD5

42094c5129a9c03a42617b9a77f37dd5
SHA1

7681c1e89566fb117225aad0e1abff51e577e5aa
SHA256

04d7a637239373d1c4b6c868cfe08043c6c684ac0e2b3df367ca9d8e96532e0c
SHA512

436387c565c06d1f6429d116876c38c3ad58cf82f8d57ea9ddbc46aeea60d6d5c1ec56b873a5694889ed9637819bcbb2bf0ce7c38e970caab9d5047c7d4fdbfa
SSDEEP

24576:0dg/VQpTPPklf5Y/p1DfHzp928/G+jSBi5AaSZU5Mj6CXdGova02ZI:eTpTkf5Y/p1bVJvE8Aap5Mj6qZvavu

Score

1^/10

Malware Config

Signatures

Files

42094c5129a9c03a42617b9a77f37dd5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

740a494df44681ba6d10fb06eba8530a

Code Sign

4e:e3:08:63:6e:9a:f0
Certificate

Issuer

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

07/09/2012, 07:18

Not After

29/08/2013, 18:31

Subject

CN=GPV Entertainment\, LLC,O=GPV Entertainment\, LLC,L=San Francisco,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

29/06/2004, 17:06

Not After

29/06/2034, 17:06

Subject

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

03:01
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

16/11/2006, 01:54

Not After

16/11/2026, 01:54

Subject

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:cd:cd:96:9b:34:d9:1d:85:42:38:1d:db:0b:36:a7:d9:f6:d5:71
Signer

Actual PE Digest

06:cd:cd:96:9b:34:d9:1d:85:42:38:1d:db:0b:36:a7:d9:f6:d5:71

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
GetLastError
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
lstrlenA
lstrcmpiA
IsDBCSLeadByte
FlushInstructionCache
lstrcmpA
MulDiv
GetModuleFileNameA
GlobalUnlock
GlobalLock
GlobalAlloc
SetLastError
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
MoveFileExA
DeleteFileA
LocalFree
WaitForSingleObject
TerminateThread
SetCurrentDirectoryA
Process32Next
OpenProcess
TerminateProcess
Process32First
CreateToolhelp32Snapshot
SleepEx
ExitProcess
CreateMutexA
InterlockedExchange
FreeResource
LockResource
HeapAlloc
VerifyVersionInfoA
VerSetConditionMask
GetVersionExA
IsProcessorFeaturePresent
InterlockedCompareExchange
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
Sleep
GetConsoleMode
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetStdHandle
HeapReAlloc
VirtualFree
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualAlloc
VirtualProtect
RtlUnwind
GetExitCodeProcess
WriteFile
SetFileTime
GetCurrentDirectoryA
CreateDirectoryA
DosDateTimeToFileTime
LocalAlloc
DeleteCriticalSection
InitializeCriticalSection
RaiseException
MultiByteToWideChar
CreateThread
GetProcessHeap
HeapFree
GetCurrentThreadId
LoadLibraryA
GetProcAddress
FreeLibrary
GlobalFree
EnterCriticalSection
LeaveCriticalSection
lstrcatA
GetTempPathA
GetConsoleCP
CreateProcessA
SystemTimeToFileTime
ReadFile
CloseHandle
CreateFileA
GetCurrentProcess
DuplicateHandle
GetFileType
SetFilePointer
GetVolumeInformationA
SetStdHandle
GetComputerNameA

user32

LoadCursorA
SetCursor
SetWindowPos
BringWindowToTop
IsWindow
GetForegroundWindow
GetWindowThreadProcessId
SystemParametersInfoA
AttachThreadInput
AllowSetForegroundWindow
SetForegroundWindow
ShowWindow
IsWindowVisible
UnregisterClassA
UpdateWindow
PostQuitMessage
CopyRect
IsWindowEnabled
GetWindowRect
LoadIconA
SendMessageA
EnableWindow
CreateWindowExA
ReleaseDC
EndPaint
GetMessageA
DispatchMessageA
TranslateMessage
IsDialogMessageA
MessageBoxA
FindWindowA
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
CreateAcceleratorTableA
RegisterClassExA
GetClassInfoExA
GetDesktopWindow
SetFocus
GetFocus
GetWindow
DestroyAcceleratorTable
CallWindowProcA
DestroyWindow
FillRect
ReleaseCapture
GetClassNameA
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
GetDC
ScreenToClient
ClientToScreen
GetClientRect
MoveWindow
GetSysColor
DefWindowProcA
CharNextA
GetWindowLongA
SetWindowLongA
SetWindowTextA
GetDlgCtrlID
BeginPaint

gdi32

StretchBlt
GetDIBColorTable
SetDIBColorTable
GetDeviceCaps
CreateCompatibleBitmap
SetBkMode
GetStockObject
SetBkColor
SetTextColor
CreateCompatibleDC
SelectObject
GetObjectA
BitBlt
DeleteDC
CreateSolidBrush
DeleteObject
CreateDIBSection

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyExA
ConvertSidToStringSidA
LookupAccountNameA
GetUserNameA
RegDeleteValueA

shell32

ShellExecuteA
ShellExecuteExA
ord680
SHGetFolderPathA

ole32

CoUninitialize
OleUninitialize
OleInitialize
CoInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString
VarUI4FromStr
VariantInit
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysStringLen

shlwapi

wnsprintfA
StrStrIA
PathFileExistsA
AssocQueryStringA
ord176
SHDeleteKeyA

msimg32

AlphaBlend
TransparentBlt

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

wintrust

WinVerifyTrust

Sections

.text
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

740a494df44681ba6d10fb06eba8530a

Code Sign

4e:e3:08:63:6e:9a:f0Certificate

Extended Key Usages

Key Usages

Certificate

03:01Certificate

Key Usages

06:cd:cd:96:9b:34:d9:1d:85:42:38:1d:db:0b:36:a7:d9:f6:d5:71Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msimg32

wtsapi32

wintrust

Sections

.text Size: 165KB - Virtual size: 165KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 8KB - Virtual size: 18KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 18KB - Virtual size: 18KB

4e:e3:08:63:6e:9a:f0
Certificate

03:01
Certificate

06:cd:cd:96:9b:34:d9:1d:85:42:38:1d:db:0b:36:a7:d9:f6:d5:71
Signer

.text
Size: 165KB - Virtual size: 165KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 18KB - Virtual size: 18KB