6c2a27989754596466faea3c0c280ebf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6c2a27989754596466faea3c0c280ebf_JaffaCakes118
Size

872KB
MD5

6c2a27989754596466faea3c0c280ebf
SHA1

30a0c8195e9439cf48e065b6608c41d47f6554d3
SHA256

64ab9636c4b1be724aacf8245de4739b164d115f888b2aa8ff5438c4ee04513e
SHA512

c9e3f51722a51839856bab155c75cfb92e5df2044042f26cac961982822303c2469bbdcad6253903b0855f925a148cd255cfe428d393600f9408bf6c6b7b9e47
SSDEEP

24576:yiuVTdMwFIA/mcXa4ZVPX3JEwMmB4RP8+V0iDpf:utdpjXa4PPKC45H9

Score

1^/10

Malware Config

Signatures

Files

6c2a27989754596466faea3c0c280ebf_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e1b0243e34da763332c08e2037dd5deb

Code Sign

2a:88:93:82:75:43:55:ce:92:7e:ae:3a:2e:a7:32:cb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/06/2015, 00:00

Not After

09/06/2016, 23:59

Subject

CN=TRUSTED INSTALL SOFTWARE,O=TRUSTED INSTALL SOFTWARE,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a4:23:2e:52:a5:55:4b:ce:dd:70:e3:53:1e:ba:9e:4a:14:4d:67:e2
Signer

Actual PE Digest

a4:23:2e:52:a5:55:4b:ce:dd:70:e3:53:1e:ba:9e:4a:14:4d:67:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

debug.pdb

Imports

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

kernel32

FreeLibrary
DeleteFileA
MapViewOfFile
CloseHandle
SetEnvironmentVariableA
DuplicateHandle
GetCurrentProcess
GetCurrentProcessId
CreateFileMappingA
GetEnvironmentVariableA
GetExitCodeProcess
WaitForSingleObject
TerminateProcess
ResumeThread
CreateProcessA
GetCommandLineA
GetLastError
LoadLibraryA
lstrcmpiA
CreateFileA
FlushFileBuffers
WriteFile
SetCurrentDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
GetModuleHandleA
ReadConsoleA
WriteConsoleA
GetModuleFileNameA
GetFullPathNameA
SetErrorMode
VirtualAllocEx
GetProcessPriorityBoost
QueueUserWorkItem
HeapWalk
DeleteTimerQueueTimer
InitializeCriticalSection
GetProcessTimes
GetProcessIoCounters
CreateTimerQueueTimer
Sleep
SetInformationJobObject
PeekNamedPipe
HeapCompact
OpenJobObjectA
GetProcAddress
MultiByteToWideChar
ReleaseMutex
GetFileSize
CreateMutexA
GetVersionExA
LocalFree
FormatMessageA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
RtlUnwind
ExitProcess
lstrcpynA
OutputDebugStringA
GetVersion
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetStdHandle
GetSystemTimeAsFileTime

user32

UserHandleGrantAccess
CreateWindowExA
GetMessageA
SendMessageA
BeginPaint
EndPaint
RegisterClassA
GetDC
DrawTextA
ShowWindow
SendMessageW
DrawTextW
DispatchMessageA
TranslateMessage
PostMessageA
GetWindowLongA

gdi32

CreateBitmap
SetMetaRgn
CreateFontA
CreateFontIndirectA
DeleteObject
EnumObjects
SelectObject
MoveToEx

ole32

CoTaskMemFree
CoGetObject
CoInitializeEx
OleInitialize
CoCreateInstance

shell32

SHGetDiskFreeSpaceExA
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteExA
SHFileOperationA

msvcrt

_snprintf
atoi
realloc
rand
memset
srand
_pgmptr
__argc
__argv
__CxxFrameHandler
memmove
??0exception@@QAE@XZ
memcpy
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
_callnewh
_ismbblead
__getmainargs
_cexit
_exit
_XcptFilter
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_controlfp
free
malloc
_time64
?what@exception@@UBEPBDXZ

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1b0243e34da763332c08e2037dd5deb

Code Sign

2a:88:93:82:75:43:55:ce:92:7e:ae:3a:2e:a7:32:cbCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

a4:23:2e:52:a5:55:4b:ce:dd:70:e3:53:1e:ba:9e:4a:14:4d:67:e2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comdlg32

kernel32

user32

gdi32

ole32

shell32

msvcrt

Sections

.text Size: 54KB - Virtual size: 53KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 7KB - Virtual size: 6KB

2a:88:93:82:75:43:55:ce:92:7e:ae:3a:2e:a7:32:cb
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

a4:23:2e:52:a5:55:4b:ce:dd:70:e3:53:1e:ba:9e:4a:14:4d:67:e2
Signer

.text
Size: 54KB - Virtual size: 53KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 7KB - Virtual size: 6KB