51665e783b5eef08bdfa28906bf2b979_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

51665e783b5eef08bdfa28906bf2b979_JaffaCakes118
Size

2.2MB
MD5

51665e783b5eef08bdfa28906bf2b979
SHA1

df32814fcbd79eed18ef989bcde6b06c83012ad1
SHA256

46cfb428dbd95ea4ce9302481073c326c764cc14d9266f73b4f7c228f6ef19aa
SHA512

7e8b0db893cb9ed6db7c1231076cb949ee9ab556331d91af4acc1e3b4a7491aed27a55e456ffbad41c2b2439f3beaa77b9d91d8ed72089629fb5d5932e62de47
SSDEEP

49152:98q5Oed8CEzaDRw6qRH9jLoKk7Awc5xQADwo:35uCMa6jRH9jLO8weS6wo

Score

1^/10

Malware Config

Signatures

Files

51665e783b5eef08bdfa28906bf2b979_JaffaCakes118
.exe windows:6 windows x64 arch:x64

7107e9cfb89bbf299e8b67afd959bea8

Code Sign

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3f:fc:eb:a8:3f:e0:0f:ef:97:f6:3c:d9:2e:77:eb:b9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

05/08/2011, 00:00

Not After

04/08/2012, 23:59

Subject

CN=HT Srl,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=HT Srl,L=Milan,ST=Italy,C=IT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

46:a2:29:2b:4d:c3:41:da:3b:c5:f9:bf:fd:6e:ce:98:e4:40:7e:64
Signer

Actual PE Digest

46:a2:29:2b:4d:c3:41:da:3b:c5:f9:bf:fd:6e:ce:98:e4:40:7e:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDeviceAndSwapChain

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA

kernel32

AddVectoredExceptionHandler
GetThreadContext
SetCurrentDirectoryW
GetModuleHandleW
AllocConsole
ReadFile
GetLogicalDrives
FindNextFileW
WriteFile
SetFilePointer
FindClose
CreateFileW
SetFileAttributesW
LoadLibraryW
LocalFree
GetTickCount
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFileAttributesExW
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
GetFileSizeEx
GetConsoleCP
FlushFileBuffers
Sleep
GetUserDefaultLCID
IsValidLocale
HeapFree
HeapAlloc
GetFileType
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetCommandLineW
GetCommandLineA
CreateThread
ExitProcess
GetModuleFileNameW
GetStdHandle
LoadLibraryExW
FreeLibrary
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetCPInfo
GetStringTypeW
CloseHandle
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
GetFileAttributesW
GetTempPathW
TerminateProcess
GetCurrentProcess
QueryPerformanceCounter
GetProcAddress
QueryPerformanceFrequency
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
RtlUnwind
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetProcessHeap
HeapReAlloc
HeapSize
WriteConsoleW
GetLocaleInfoW
LCMapStringW
CompareStringW
DeleteFileW
Process32NextW
GetModuleHandleExW
GetLastError
SetEndOfFile
EnumSystemLocalesW
DecodePointer
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead

user32

GetClipboardData
SetClipboardData
EmptyClipboard
wsprintfW
DefWindowProcW
GetWindowRect
SetWindowPos
CreateWindowExW
UnregisterClassW
RegisterClassExW
ShowWindow
DispatchMessageW
PeekMessageW
MessageBoxA
TranslateMessage
PostQuitMessage
GetDesktopWindow
UpdateWindow
GetKeyState
ScreenToClient
GetCapture
ClientToScreen
IsChild
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard

advapi32

RegCreateKeyW
QueryServiceStatusEx
RegDeleteValueA
RegCloseKey
AllocateAndInitializeSid
SetEntriesInAclW
RegCreateKeyExW
SetNamedSecurityInfoW
RegEnumKeyExW
RegSetValueExW
FreeSid
RegCopyTreeW
RegOpenKeyExW
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateServiceW
CloseServiceHandle
OpenSCManagerW
OpenSCManagerA
DeleteService
ControlService
StartServiceA
RegSetValueExA
OpenProcessToken
RegOpenKeyExA
OpenServiceW
OpenServiceA

shell32

SHFileOperationW
SHGetFolderPathW

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

d3dcompiler_47

D3DCompile

xinput1_4

ord4
ord2

shlwapi

SHDeleteValueW
PathFileExistsW
SHDeleteKeyW

Sections

.text
Size: 547KB - Virtual size: 546KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.3MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7107e9cfb89bbf299e8b67afd959bea8

Code Sign

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

3f:fc:eb:a8:3f:e0:0f:ef:97:f6:3c:d9:2e:77:eb:b9Certificate

Extended Key Usages

Key Usages

46:a2:29:2b:4d:c3:41:da:3b:c5:f9:bf:fd:6e:ce:98:e4:40:7e:64Signer

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

wininet

kernel32

user32

advapi32

shell32

imm32

d3dcompiler_47

xinput1_4

shlwapi

Sections

.text Size: 547KB - Virtual size: 546KB

.rdata Size: 234KB - Virtual size: 234KB

.data Size: 132KB - Virtual size: 150KB

.pdata Size: 21KB - Virtual size: 20KB

_RDATA Size: 512B - Virtual size: 256B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1.3MB - Virtual size: 4.8MB

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

3f:fc:eb:a8:3f:e0:0f:ef:97:f6:3c:d9:2e:77:eb:b9
Certificate

46:a2:29:2b:4d:c3:41:da:3b:c5:f9:bf:fd:6e:ce:98:e4:40:7e:64
Signer

.text
Size: 547KB - Virtual size: 546KB

.rdata
Size: 234KB - Virtual size: 234KB

.data
Size: 132KB - Virtual size: 150KB

.pdata
Size: 21KB - Virtual size: 20KB

_RDATA
Size: 512B - Virtual size: 256B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1.3MB - Virtual size: 4.8MB