475646ca6417088e0412847572312d27_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

475646ca6417088e0412847572312d27_JaffaCakes118
Size

857KB
MD5

475646ca6417088e0412847572312d27
SHA1

36c853a3c73b6603eb59829cb629ab8ef724f3d2
SHA256

e37b90f2fe75db9915ce75f8d9423e2b57634cbfa7c16ee8049a7eac5e9fc039
SHA512

88413ec59cf9aee6c155917d8f3facc70e3339abed21344547d5b3c51bf856c60a6e9229385810132a650716c77a54fa1db3a312fcc788a933c435f0dca3d16e
SSDEEP

12288:lcsnuPZ1H1+1D3UtuvE6352M2X15KPXUdq23ffkkkkkwfUl:ysuPZ1H1aDJvE63W5eIfR

Score

1^/10

Malware Config

Signatures

Files

475646ca6417088e0412847572312d27_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4c8e8250dea04dfa40cd4331b1ae8bd4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1e:62:c6:23:1a:cc:ea:ba:0d:40:84:a2:33:00:01:34
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

23-01-2015 00:00

Not After

29-01-2017 23:59

Subject

CN=Masque Publishing\, Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=Masque Publishing\, Inc.,L=Highlands Ranch,ST=Colorado,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e9:01:63:45:ee:7b:f9:f4:dd:12:d6:ce:a0:99:80:7f:15:73:78:ff
Signer

Actual PE Digest

e9:01:63:45:ee:7b:f9:f4:dd:12:d6:ce:a0:99:80:7f:15:73:78:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

k:\masque\install\Bootstrap\exe\Release\setup.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

urlmon

URLDownloadToFileW

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlW
InternetOpenW

kernel32

SizeofResource
RaiseException
InitializeCriticalSection
LockResource
LoadResource
FindResourceExW
InterlockedDecrement
GetCommandLineW
GetCurrentThreadId
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
GetFileAttributesW
MultiByteToWideChar
GetModuleFileNameA
Sleep
GetLastError
SetFileAttributesW
GetModuleFileNameW
CreateDirectoryW
CopyFileW
GetVersionExW
LoadLibraryW
GetProcAddress
FreeLibrary
CloseHandle
CreateFileW
SetFilePointer
WriteFile
GetTempPathW
GetFileSize
ReadFile
GetSystemDirectoryW
DeleteCriticalSection
GetExitCodeProcess
lstrcmpiW
CreateThread
WaitForSingleObject
WideCharToMultiByte
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
ExitProcess
InterlockedIncrement
FindResourceW
SetStdHandle
SetLastError
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetWindowsDirectoryW
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
CreateFileA
GetConsoleMode
GetConsoleCP
GetModuleHandleA
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
TerminateProcess
UnhandledExceptionFilter

user32

UnregisterClassA
GetClientRect
GetSystemMetrics
LoadImageW
SetFocus
ShowWindow
GetDlgItem
SetWindowTextW
GetParent
GetSysColor
LoadCursorW
SetCursor
GetWindow
SystemParametersInfoW
GetWindowRect
MapWindowPoints
EndDialog
SetWindowPos
EnableWindow
ExitWindowsEx
CallWindowProcW
SendMessageW
DefWindowProcW
MessageBoxW
GetWindowLongW
GetKeyState
DialogBoxParamW
SetWindowLongW

gdi32

SetTextColor
SetBkMode
GetStockObject

advapi32

RegOpenKeyExW
RegCloseKey
FreeSid
EqualSid
GetTokenInformation
AllocateAndInitializeSid
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

shlwapi

PathRemoveFileSpecW
PathAppendW

Sections

.text
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 688KB - Virtual size: 686KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c8e8250dea04dfa40cd4331b1ae8bd4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1e:62:c6:23:1a:cc:ea:ba:0d:40:84:a2:33:00:01:34Certificate

Extended Key Usages

Key Usages

e9:01:63:45:ee:7b:f9:f4:dd:12:d6:ce:a0:99:80:7f:15:73:78:ffSigner

Headers

File Characteristics

PDB Paths

Imports

version

urlmon

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 120KB - Virtual size: 116KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 688KB - Virtual size: 686KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1e:62:c6:23:1a:cc:ea:ba:0d:40:84:a2:33:00:01:34
Certificate

e9:01:63:45:ee:7b:f9:f4:dd:12:d6:ce:a0:99:80:7f:15:73:78:ff
Signer

.text
Size: 120KB - Virtual size: 116KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 688KB - Virtual size: 686KB