81f15fc1837f300544fa63004b623f2b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

81f15fc1837f300544fa63004b623f2b_JaffaCakes118
Size

12.3MB
MD5

81f15fc1837f300544fa63004b623f2b
SHA1

a0691692be8fc7b106cdf03698b8f82fbb3c54d6
SHA256

c835d42f5b5e80f7440472cd1baac2eb4af3d8b956179f8ce8415544d6ed7e68
SHA512

013adb4dc4074981883990d4a15864e01fbba0aef29382b10e47596bc311da09d7653ca39b056b461e134986c4f67eeb705d606e39e17f1fc4b6b1468d581369
SSDEEP

393216:MswBe8DcUIfer5Dl9PR84gYHtMHUMm3dcXsTo1CoU:MB/zrjqQWHo8sTo0P

Score

1^/10

Malware Config

Signatures

Files

81f15fc1837f300544fa63004b623f2b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

273e02e9ee5ac68d190b8d6f874dbbad

Code Sign

3b:44:27:3f:35:00:a9:5a:ee:2c:a9:69:9e:66:dd:d0
Certificate

Issuer

CN=Root SGC Authority

Not Before

20-08-1999 00:30

Not After

28-01-2014 07:00

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageMicrosoftServerGatedCrypto
ExtKeyUsageNetscapeServerGatedCrypto

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01-05-2012 00:00

Not After

31-12-2012 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

13-04-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:21:ed:79:89:65:5e:9d:7f:0a:c8:fb:60:9b:be:63:cd
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

04-10-2012 16:18

Not After

05-10-2014 16:18

Subject

CN=PC DYNAMICS INC.,O=PC DYNAMICS INC.,ST=CA,C=US,1.2.840.113549.1.9.1=#0c16737570706f727440706364796e616d6963732e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:00

Not After

23-05-2016 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:40:a3:3e:e9:bf:3f:1a:87:43:4c:fe:c3:9e:06:ad:0a:4a:99:76
Signer

Actual PE Digest

37:40:a3:3e:e9:bf:3f:1a:87:43:4c:fe:c3:9e:06:ad:0a:4a:99:76

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RemoveDirectoryA
CreateDirectoryA
lstrcmpiA
CompareFileTime
FindNextFileA
GetShortPathNameA
DeviceIoControl
GetPrivateProfileStringA
GetTempFileNameA
GetModuleHandleA
DeleteFileA
CreateThread
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetSystemTimeAsFileTime
GetTempPathA
GetModuleFileNameA
GetSystemDirectoryA
FindClose
LoadLibraryA
GetProcAddress
ResumeThread
SuspendThread
TerminateThread
SetFileTime
Sleep
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
SetStdHandle
FlushFileBuffers
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
InterlockedIncrement
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
lstrcatA
GetWindowsDirectoryA
EnterCriticalSection
GetDiskFreeSpaceA
MultiByteToWideChar
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
GetLastError
MulDiv
GetVersionExA
WideCharToMultiByte
LeaveCriticalSection
SetLastError
HeapFree
GetCurrentProcess
InterlockedDecrement
FindFirstFileA
GetDriveTypeA
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
WriteFile
FindResourceA
LoadResource
SizeofResource
LockResource
FreeResource
LoadLibraryExA
FreeLibrary
CreateFileA
ReadFile
CloseHandle
HeapReAlloc
GetLocalTime
GetFullPathNameA
lstrcpyA
HeapAlloc
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSection
HeapSize
TerminateProcess
GlobalReAlloc
LocalUnlock
GetCurrentDirectoryA
ExitProcess
GetStartupInfoA
RtlUnwind
lstrcmpA
GetSystemTime
SystemTimeToFileTime
LocalLock
GetTimeZoneInformation
LocalAlloc
GetTickCount
lstrcpynA
lstrlenA
TlsAlloc
GlobalFree
GlobalUnlock
GlobalHandle
TlsSetValue
GlobalAlloc
TlsFree
IsBadReadPtr
TlsGetValue
SetFilePointer
GlobalLock
IsDBCSLeadByte
GetVolumeInformationA
GetCommandLineA
LocalFree
GetFileSize
InterlockedExchange
SetFileAttributesA
GetFileAttributesA
FileTimeToDosDateTime
FileTimeToLocalFileTime
IsBadStringPtrA
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileType
GetVersion
RaiseException
GetCurrentThreadId
QueryPerformanceCounter
GetStdHandle
GetCurrentProcessId
GlobalMemoryStatus

user32

MsgWaitForMultipleObjects
PeekMessageA
CharLowerA
FindWindowA
LoadImageA
ReleaseDC
GetDC
GetSystemMetrics
LoadBitmapA
DestroyIcon
wsprintfA
EndPaint
GetSysColor
SystemParametersInfoA
DialogBoxParamA
EndDialog
GetDesktopWindow
CopyRect
OffsetRect
IsDlgButtonChecked
CheckDlgButton
EnableWindow
ShowWindow
GetDlgItemTextA
SetDlgItemTextA
SetWindowLongA
GetParent
GetWindowRect
SetWindowPos
SendMessageA
BeginPaint
CharNextA
UpdateWindow
MessageBoxA
ExitWindowsEx
SetCursor
TranslateMessage
DispatchMessageA
PostMessageA
CharUpperA
SendDlgItemMessageA
GetDlgItem
CharUpperBuffA
CharPrevA
SetWindowTextA
OemToCharA
GetWindowThreadProcessId
EnumWindows
LoadCursorA
GetActiveWindow
SetForegroundWindow
GetProcessWindowStation
GetUserObjectInformationW
WaitForInputIdle
IsWindow
GetClientRect

gdi32

PatBlt
GetBkColor
CreateFontIndirectA
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
GetStockObject
StretchBlt
BitBlt
DeleteDC
SelectObject
DeleteObject
GetDeviceCaps
SetBkMode
SetTextColor
SetBkColor

advapi32

CloseServiceHandle
RegisterEventSourceA
QueryServiceStatus
OpenSCManagerA
ReportEventA
DeregisterEventSource
RegCloseKey
RegCreateKeyExA
ControlService
StartServiceA
OpenServiceA
DeleteService
CreateServiceA
RegQueryValueExA
RegDeleteValueA
RegEnumKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
RegDeleteKeyA
RegCreateKeyA
RegOpenKeyExA

shell32

SHGetPathFromIDListA
SHChangeNotify
SHFileOperationA
SHBrowseForFolderA

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid
CoTaskMemFree
CoInitializeSecurity
StringFromGUID2

oleaut32

SysAllocString
VariantClear
SysFreeString
VariantInit

comctl32

ord17
PropertySheetA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

atl

ord47
ord42

comdlg32

GetSaveFileNameA

Sections

.text
Size: 268KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11.9MB - Virtual size: 11.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

273e02e9ee5ac68d190b8d6f874dbbad

Code Sign

3b:44:27:3f:35:00:a9:5a:ee:2c:a9:69:9e:66:dd:d0Certificate

Extended Key Usages

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

11:21:21:ed:79:89:65:5e:9d:7f:0a:c8:fb:60:9b:be:63:cdCertificate

Extended Key Usages

Key Usages

61:0b:7f:6b:00:00:00:00:00:19Certificate

Key Usages

37:40:a3:3e:e9:bf:3f:1a:87:43:4c:fe:c3:9e:06:ad:0a:4a:99:76Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

version

atl

comdlg32

Sections

.text Size: 268KB - Virtual size: 264KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 68KB - Virtual size: 79KB

.rsrc Size: 11.9MB - Virtual size: 11.9MB

3b:44:27:3f:35:00:a9:5a:ee:2c:a9:69:9e:66:dd:d0
Certificate

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:21:ed:79:89:65:5e:9d:7f:0a:c8:fb:60:9b:be:63:cd
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

37:40:a3:3e:e9:bf:3f:1a:87:43:4c:fe:c3:9e:06:ad:0a:4a:99:76
Signer

.text
Size: 268KB - Virtual size: 264KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 68KB - Virtual size: 79KB

.rsrc
Size: 11.9MB - Virtual size: 11.9MB