6e94bb48adbf023636c73e7db207a10f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6e94bb48adbf023636c73e7db207a10f_JaffaCakes118
Size

1.5MB
MD5

6e94bb48adbf023636c73e7db207a10f
SHA1

8639666c05ca7acb409f4633c04e608c61449380
SHA256

15de63660d855aca6c681073174ce3121d5ec33a3f9f203e5c2ac9a3307ddef6
SHA512

62b76227eb63407d4c943a1031762a4f254f64816250554e72f12c7ef7e46135cde6023d26d03ade976dab4bf1973e29fcf5154fc862768a0b69259f85103ee1
SSDEEP

24576:0dg/V6pTPPklf5Y/p1DfHzp928/G+jSBi5AaSZU5Mj6CXdGova02Zg:edpTkf5Y/p1bVJvE8Aap5Mj6qZvavm

Score

1^/10

Malware Config

Signatures

Files

6e94bb48adbf023636c73e7db207a10f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

740a494df44681ba6d10fb06eba8530a

Code Sign

4e:e3:08:63:6e:9a:f0
Certificate

Issuer

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

07/09/2012, 07:18

Not After

29/08/2013, 18:31

Subject

CN=GPV Entertainment\, LLC,O=GPV Entertainment\, LLC,L=San Francisco,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

29/06/2004, 17:06

Not After

29/06/2034, 17:06

Subject

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

03:01
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

16/11/2006, 01:54

Not After

16/11/2026, 01:54

Subject

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:5b:9a:42:ea:a2:19:78:3e:3c:dd:b6:42:91:b5:2d:13:56:38:9a
Signer

Actual PE Digest

25:5b:9a:42:ea:a2:19:78:3e:3c:dd:b6:42:91:b5:2d:13:56:38:9a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
GetLastError
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
lstrlenA
lstrcmpiA
IsDBCSLeadByte
FlushInstructionCache
lstrcmpA
MulDiv
GetModuleFileNameA
GlobalUnlock
GlobalLock
GlobalAlloc
SetLastError
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
MoveFileExA
DeleteFileA
LocalFree
WaitForSingleObject
TerminateThread
SetCurrentDirectoryA
Process32Next
OpenProcess
TerminateProcess
Process32First
CreateToolhelp32Snapshot
SleepEx
ExitProcess
CreateMutexA
InterlockedExchange
FreeResource
LockResource
HeapAlloc
VerifyVersionInfoA
VerSetConditionMask
GetVersionExA
IsProcessorFeaturePresent
InterlockedCompareExchange
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
Sleep
GetConsoleMode
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetStdHandle
HeapReAlloc
VirtualFree
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualAlloc
VirtualProtect
RtlUnwind
GetExitCodeProcess
WriteFile
SetFileTime
GetCurrentDirectoryA
CreateDirectoryA
DosDateTimeToFileTime
LocalAlloc
DeleteCriticalSection
InitializeCriticalSection
RaiseException
MultiByteToWideChar
CreateThread
GetProcessHeap
HeapFree
GetCurrentThreadId
LoadLibraryA
GetProcAddress
FreeLibrary
GlobalFree
EnterCriticalSection
LeaveCriticalSection
lstrcatA
GetTempPathA
GetConsoleCP
CreateProcessA
SystemTimeToFileTime
ReadFile
CloseHandle
CreateFileA
GetCurrentProcess
DuplicateHandle
GetFileType
SetFilePointer
GetVolumeInformationA
SetStdHandle
GetComputerNameA

user32

LoadCursorA
SetCursor
SetWindowPos
BringWindowToTop
IsWindow
GetForegroundWindow
GetWindowThreadProcessId
SystemParametersInfoA
AttachThreadInput
AllowSetForegroundWindow
SetForegroundWindow
ShowWindow
IsWindowVisible
UnregisterClassA
UpdateWindow
PostQuitMessage
CopyRect
IsWindowEnabled
GetWindowRect
LoadIconA
SendMessageA
EnableWindow
CreateWindowExA
ReleaseDC
EndPaint
GetMessageA
DispatchMessageA
TranslateMessage
IsDialogMessageA
MessageBoxA
FindWindowA
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
CreateAcceleratorTableA
RegisterClassExA
GetClassInfoExA
GetDesktopWindow
SetFocus
GetFocus
GetWindow
DestroyAcceleratorTable
CallWindowProcA
DestroyWindow
FillRect
ReleaseCapture
GetClassNameA
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
GetDC
ScreenToClient
ClientToScreen
GetClientRect
MoveWindow
GetSysColor
DefWindowProcA
CharNextA
GetWindowLongA
SetWindowLongA
SetWindowTextA
GetDlgCtrlID
BeginPaint

gdi32

StretchBlt
GetDIBColorTable
SetDIBColorTable
GetDeviceCaps
CreateCompatibleBitmap
SetBkMode
GetStockObject
SetBkColor
SetTextColor
CreateCompatibleDC
SelectObject
GetObjectA
BitBlt
DeleteDC
CreateSolidBrush
DeleteObject
CreateDIBSection

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyExA
ConvertSidToStringSidA
LookupAccountNameA
GetUserNameA
RegDeleteValueA

shell32

ShellExecuteA
ShellExecuteExA
ord680
SHGetFolderPathA

ole32

CoUninitialize
OleUninitialize
OleInitialize
CoInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString
VarUI4FromStr
VariantInit
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysStringLen

shlwapi

wnsprintfA
StrStrIA
PathFileExistsA
AssocQueryStringA
ord176
SHDeleteKeyA

msimg32

AlphaBlend
TransparentBlt

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

wintrust

WinVerifyTrust

Sections

.text
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

740a494df44681ba6d10fb06eba8530a

Code Sign

4e:e3:08:63:6e:9a:f0Certificate

Extended Key Usages

Key Usages

Certificate

03:01Certificate

Key Usages

25:5b:9a:42:ea:a2:19:78:3e:3c:dd:b6:42:91:b5:2d:13:56:38:9aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msimg32

wtsapi32

wintrust

Sections

.text Size: 165KB - Virtual size: 165KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 8KB - Virtual size: 18KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 18KB - Virtual size: 18KB

4e:e3:08:63:6e:9a:f0
Certificate

03:01
Certificate

25:5b:9a:42:ea:a2:19:78:3e:3c:dd:b6:42:91:b5:2d:13:56:38:9a
Signer

.text
Size: 165KB - Virtual size: 165KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 18KB - Virtual size: 18KB