9c4a13dcbc19a91bb61febe0a9605bfe_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9c4a13dcbc19a91bb61febe0a9605bfe_JaffaCakes118
Size

2.7MB
MD5

9c4a13dcbc19a91bb61febe0a9605bfe
SHA1

377557b6c30a6768cce53db6ec55b4dfd8339ee2
SHA256

f7484b65671ac83b80bccbc5205c25da796a21f1ee2f6723a0299d9f0ba6b9c3
SHA512

ddfc4545fe3422e188a24fcf0d36c981e447a702fb084f6a1679fc758ecafa2d24fa1049f998cf60ee9b1a3de6c49fadcb89571908272c48f66a8b8dddc0250f
SSDEEP

49152:4NTupkjK1vqQZKAhA8RbaBgWHAXO68C0+ib657d6i0iNkosIc0xuzhUM:04SmGmWHbVvcd6t0ncQOx

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Internet Download Manager 5.15 Build 4 + Patch + Keygen/Patch and Keygen/Keygen.exe
unpack001/Internet Download Manager 5.15 Build 4 + Patch + Keygen/Patch and Keygen/Patch.exe

Files

9c4a13dcbc19a91bb61febe0a9605bfe_JaffaCakes118
.rar
Internet Download Manager 5.15 Build 4 + Patch + Keygen/Patch and Keygen/Keygen.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

CODE
Size: 33KB - Virtual size: 328KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Internet Download Manager 5.15 Build 4 + Patch + Keygen/Patch and Keygen/Patch.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.BRD
Size: 32KB - Virtual size: 528KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BRD
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Internet Download Manager 5.15 Build 4 + Patch + Keygen/idman515.exe
.exe windows:4 windows x86 arch:x86

aee11e1593c3561eef3f944a78b7f2e6

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

37:c3:1a:45:58:1e:e6:ae:2c:92:eb:b8:7e:82:c5:37
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

15/05/2008, 00:00

Not After

30/05/2010, 23:59

Subject

CN=Tonec Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
_splitpath
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
free
calloc
memcpy
_except_handler3
memchr
memcmp
strstr
_itoa
??2@YAPAXI@Z
??3@YAXPAX@Z
strchr
strlen
memset
strncpy
__CxxFrameHandler

kernel32

GetTempPathA
GetStartupInfoA
lstrcpyA
GetFileSize
CreateFileMappingA
GetFileTime
SetFileTime
MapViewOfFile
ExitThread
GetModuleFileNameA
UnmapViewOfFile
FormatMessageA
CreateFileA
SetFilePointer
WriteFile
lstrlenA
LocalFree
WaitForSingleObject
GetExitCodeThread
CreateProcessA
CloseHandle
ResumeThread
CreateMutexA
GetLastError
ExitProcess
lstrcatA
GetFileAttributesA
CreateDirectoryA
CreateThread
MultiByteToWideChar
LoadLibraryA
GetDiskFreeSpaceA
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
FreeLibrary

user32

SendMessageA
SetWindowTextA
CreateDialogParamA
MessageBoxA
SetForegroundWindow
GetMessageA
FindWindowA
wsprintfA
DestroyWindow
PostQuitMessage
TranslateMessage
ShowWindow
DispatchMessageA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Sections

CODE Size: 33KB - Virtual size: 328KB

.rsrc Size: 6KB - Virtual size: 8KB

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Sections

.BRD Size: 32KB - Virtual size: 528KB

.BRD Size: 10KB - Virtual size: 12KB

aee11e1593c3561eef3f944a78b7f2e6

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

37:c3:1a:45:58:1e:e6:ae:2c:92:eb:b8:7e:82:c5:37Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

shell32

Sections

.text Size: 14KB - Virtual size: 14KB

.data Size: 6KB - Virtual size: 6KB

.rsrc Size: 5KB - Virtual size: 5KB

CODE
Size: 33KB - Virtual size: 328KB

.rsrc
Size: 6KB - Virtual size: 8KB

.BRD
Size: 32KB - Virtual size: 528KB

.BRD
Size: 10KB - Virtual size: 12KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

37:c3:1a:45:58:1e:e6:ae:2c:92:eb:b8:7e:82:c5:37
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

.text
Size: 14KB - Virtual size: 14KB

.data
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 5KB - Virtual size: 5KB