82f30f15eb2b9d3872dea1e9ee679613_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

82f30f15eb2b9d3872dea1e9ee679613_JaffaCakes118
Size

23.6MB
MD5

82f30f15eb2b9d3872dea1e9ee679613
SHA1

23630a65ce4133038107f3175f8fc54a914bc2f3
SHA256

cbcf501a11c82c2b0a0c8d65f690814ea3e384be29889da850e62479b188f709
SHA512

c4ea9ea436e625d8af33b8e619530c00bd8ce0052509789c8163520a792e25e1efad7a03192863034629d6a9088665683dc0a8b25ba29bfd95d78f741032938e
SSDEEP

393216:Se2yYQCczF8+I+x28zCjZC7951Av3L3y1hckePrqJQNWGIx4IWShu4nIq/S:S7yYQCQ2+A8+Q7xnePSQex4IWULIq/S

Score

1^/10

Malware Config

Signatures

Files

82f30f15eb2b9d3872dea1e9ee679613_JaffaCakes118
.exe windows:4 windows x86 arch:x86

edfc6103bd5f493767e3d789f94656c3

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 07:00

Not After

31/12/1999, 07:00

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 07:00

Not After

31/12/1999, 07:00

Subject

OU=VeriSign Time Stamping Service+OU=VeriSign Trust Network+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign\, Inc.,L=Internet

55:0d:88:f5:3f:64:16:d7:0c:73:00:d8:45:92:16:34
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

19/03/1999, 00:00

Not After

16/04/2000, 23:59

Subject

CN=Microsoft Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Microsoft Corporation,O=VeriSign\, Inc.,L=Internet+L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CloseHandle
GetTempPathA
GetDriveTypeA
GetDiskFreeSpaceA
lstrcatA
DeleteFileA
GetExitCodeProcess
CreateFileA
WriteFile
lstrcpyA
GetFileAttributesA
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
lstrcmpiA
lstrlenA
LocalAlloc
LocalLock
LocalUnlock
LocalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FindResourceA
LoadResource
LockResource
FreeResource
RemoveDirectoryA
Sleep
CreateProcessA
FlushFileBuffers
GetModuleHandleA
GetStartupInfoA
GetStringTypeW
GetStringTypeA
GetProcAddress
LCMapStringA
LoadLibraryA
GetVersionExA
LCMapStringW
GetCommandLineA
GetACP
GetCPInfo
GetOEMCP
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
MultiByteToWideChar
FreeEnvironmentStringsA
FreeEnvironmentStringsW
UnhandledExceptionFilter
GetCurrentProcess
GetModuleFileNameA
SetStdHandle
GetStdHandle
TerminateProcess
SetEndOfFile
HeapAlloc
HeapFree
GetFileType
ReadFile
SetFilePointer
RtlUnwind
VirtualAlloc
SetHandleCount
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree

user32

TranslateMessage
UnregisterClassA
DispatchMessageA
UpdateWindow
GetMessageA
PostMessageA
GetSystemMetrics
ShowWindow
CreateWindowExA
FindWindowA
ReleaseDC
GetDC
RegisterClassA
MessageBoxA
LoadStringA
PeekMessageA
GetSysColorBrush
EndPaint
PostQuitMessage
BeginPaint
LoadCursorA
DefWindowProcA
DestroyWindow
SetCursor
IsDialogMessageA

gdi32

DeleteDC
GetDeviceCaps
BitBlt
SelectObject
RealizePalette
SelectPalette
CreateCompatibleDC
GetObjectA
CreateDIBitmap
CreatePalette
DeleteObject

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 951B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23.6MB - Virtual size: 23.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

edfc6103bd5f493767e3d789f94656c3

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10Certificate

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91Certificate

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60Certificate

55:0d:88:f5:3f:64:16:d7:0c:73:00:d8:45:92:16:34Certificate

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 37KB - Virtual size: 36KB

.rdata Size: 1024B - Virtual size: 951B

.data Size: 11KB - Virtual size: 21KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 23.6MB - Virtual size: 23.6MB

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

13:89:b4:d1:8a:e8:a7:c4:bd:35:c7:9b:8d:88:ca:1f:ca:53:56:91
Certificate

bd:11:9a:da:43:ed:21:fb:46:58:84:89:ca:46:88:90:25:ee:14:60
Certificate

55:0d:88:f5:3f:64:16:d7:0c:73:00:d8:45:92:16:34
Certificate

.text
Size: 37KB - Virtual size: 36KB

.rdata
Size: 1024B - Virtual size: 951B

.data
Size: 11KB - Virtual size: 21KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 23.6MB - Virtual size: 23.6MB