7f901773f1ed083400a9cdc5dd9b13a5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7f901773f1ed083400a9cdc5dd9b13a5_JaffaCakes118
Size

23KB
MD5

7f901773f1ed083400a9cdc5dd9b13a5
SHA1

e9bddf3b9a190a0b87d5f9b6b52fc322936c094a
SHA256

ece8e631d4b38cbc1509f84ee7cfbc1f5ad5f58600e2407d803b579058505a73
SHA512

ec801ea710aa9938340377c264e8eda3bf134cd7b3008468635ff48abfc2a922eb50baeab5676d1166ed44024d7d3efc4116630b9b1bafd38bb7de29d4bddf0b
SSDEEP

384:0wO148+OnMYM5aaCnZWs9Kfrt2O2AUQHRK1/QUBUIl5JNNzFwhhiDD:0p47HY4aaP9frt2O2A/63whoD

Score

1^/10

Malware Config

Signatures

Files

7f901773f1ed083400a9cdc5dd9b13a5_JaffaCakes118
.exe windows:6 windows x86 arch:x86

4ed6b3ae1618ae1f15ad045dc3ebc8ee

Code Sign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:1c:31:9e:da:4f:52:40:f1:80:2b:a4:71:e1:1b:b9
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

01/03/2016, 00:00

Not After

01/03/2019, 23:59

Subject

SERIALNUMBER=1145963121,CN=ManyCam (VISICOM MÉDIA INC.),O=ManyCam (VISICOM MÉDIA INC.),L=Brossard,ST=Quebec,C=CA,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1306517565626563,1.3.6.1.4.1.311.60.2.1.3=#13024341

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b8:11:e7:ec:c3:ae:18:d2:49:97:f1:0d:92:25:28:22:1b:c1:53:15:f2:b8:40:1a:05:98:20:73:75:78:84:8d
Signer

Actual PE Digest

b8:11:e7:ec:c3:ae:18:d2:49:97:f1:0d:92:25:28:22:1b:c1:53:15:f2:b8:40:1a:05:98:20:73:75:78:84:8d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Projects\win\prebuild\win-game-capture\install\bin\connect_game_x86.pdb

Imports

kernel32

SetErrorMode
GetCurrentProcess
WaitForSingleObject
Sleep
GetLastError
GetExitCodeThread
GetModuleFileNameA
GetModuleHandleA
CloseHandle
QueryPerformanceCounter
IsProcessorFeaturePresent
GetProcAddress
SetLastError
GetSystemTimeAsFileTime
GetCurrentThreadId
IsDebuggerPresent
DecodePointer
EncodePointer
GetCurrentProcessId

user32

PostThreadMessageA

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

msvcp120

?_Xlength_error@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Winerror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z

msvcr120

_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z
memchr
strtol
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
_XcptFilter
__getmainargs
__set_app_type
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__initenv
_fmode
_commode
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except_handler4_common
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
memmove
_amsg_exit
_CxxThrowException
__CxxFrameHandler3
memcpy

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ed6b3ae1618ae1f15ad045dc3ebc8ee

Code Sign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

04:1c:31:9e:da:4f:52:40:f1:80:2b:a4:71:e1:1b:b9Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

b8:11:e7:ec:c3:ae:18:d2:49:97:f1:0d:92:25:28:22:1b:c1:53:15:f2:b8:40:1a:05:98:20:73:75:78:84:8dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcp120

msvcr120

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 840B

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

04:1c:31:9e:da:4f:52:40:f1:80:2b:a4:71:e1:1b:b9
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

b8:11:e7:ec:c3:ae:18:d2:49:97:f1:0d:92:25:28:22:1b:c1:53:15:f2:b8:40:1a:05:98:20:73:75:78:84:8d
Signer

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 840B