a19af884f239123a8ff28fc657c26057_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a19af884f239123a8ff28fc657c26057_JaffaCakes118
Size

26KB
MD5

a19af884f239123a8ff28fc657c26057
SHA1

53df68add7db2baff2ab4fdaaf6647dfaad60231
SHA256

a597940dffd85ab8fc94c19dd4e23d96f170d4f48a72eaa6e7677086e8bc66e0
SHA512

62fdde60650ae59797269f67547e559e319ee834eb1b90e8f43d798a7359aa6ef13eeda861d6c982217779a8edf1ed3745fedb533a727f5c13a7dec162f23b67
SSDEEP

768:Wjk6op6yPmkH5MelrLjCZSDDGnSSFr4O378IT6xbUu:ZuSPG31dHT6h3

Score

1^/10

Malware Config

Signatures

Files

a19af884f239123a8ff28fc657c26057_JaffaCakes118
.dll windows:4 windows x86 arch:x86

956d3d93238e60519e0162ae85a7905c

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:ad:db:11:a0:ab:4a:63:a1:7e:c5:b8:47:db:93:28
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

14/11/2007, 00:00

Not After

12/01/2009, 23:59

Subject

CN=Altiris Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering Team,O=Altiris Inc,L=Lindon,ST=UTAH,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6b:7f:f6:6f:cc:b8:14:9a:b5:14:ff:99:63:39:b5:21:e6:dc:50:e6
Signer

Actual PE Digest

6b:7f:f6:6f:cc:b8:14:9a:b5:14:ff:99:63:39:b5:21:e6:dc:50:e6

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msi

ord46
ord121
ord64
ord170
ord49
ord120
ord17
ord124
ord103
ord117
ord160
ord31
ord159
ord158
ord8
ord73
ord144

kernel32

MoveFileA
GetLastError
WaitForMultipleObjects
OpenEventA
GetProcessHeap
HeapAlloc
GetModuleFileNameA
_lopen
_llseek
SetEvent
CreateEventA
FormatMessageA
lstrcpyA
ExpandEnvironmentStringsA
GetVersionExA
GetFileAttributesA
CreateDirectoryA
lstrlenA
lstrcatA
GetWindowsDirectoryA
LocalFree
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
DebugBreak
ResetEvent
Sleep
GetCurrentProcessId
_lclose
_lwrite
_lcreat
_lread
WritePrivateProfileStringA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
FindFirstFileA
HeapFree
FreeLibrary
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetProcAddress
LoadLibraryExA
SetErrorMode
GetPrivateProfileStringA
lstrcmpA

user32

wsprintfA
MessageBoxA

advapi32

RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyExA

shell32

ShellExecuteA

Exports

Exports

AltStartup
Cleanup
Startup
WiseDotNetSec
WiseGetDotNetVersion
f0
f1
f10
f100
f101
f102
f103
f104
f105
f106
f107
f108
f109
f11
f110
f111
f112
f113
f114
f115
f116
f117
f118
f119
f12
f120
f121
f122
f123
f124
f125
f126
f127
f13
f14
f15
f16
f17
f18
f19
f2
f20
f21
f22
f23
f24
f25
f26
f27
f28
f29
f3
f30
f31
f32
f33
f34
f35
f36
f37
f38
f39
f4
f40
f41
f42
f43
f44
f45
f46
f47
f48
f49
f5
f50
f51
f52
f53
f54
f55
f56
f57
f58
f59
f6
f60
f61
f62
f63
f64
f65
f66
f67
f68
f69
f7
f70
f71
f72
f73
f74
f75
f76
f77
f78
f79
f8
f80
f81
f82
f83
f84
f85
f86
f87
f88
f89
f9
f90
f91
f92
f93
f94
f95
f96
f97
f98
f99
g0
g1
g10
g100
g101
g102
g103
g104
g105
g106
g107
g108
g109
g11
g110
g111
g112
g113
g114
g115
g116
g117
g118
g119
g12
g120
g121
g122
g123
g124
g125
g126
g127
g13
g14
g15
g16
g17
g18
g19
g2
g20
g21
g22
g23
g24
g25
g26
g27
g28
g29
g3
g30
g31
g32
g33
g34
g35
g36
g37
g38
g39
g4
g40
g41
g42
g43
g44
g45
g46
g47
g48
g49
g5
g50
g51
g52
g53
g54
g55
g56
g57
g58
g59
g6
g60
g61
g62
g63
g64
g65
g66
g67
g68
g69
g7
g70
g71
g72
g73
g74
g75
g76
g77
g78
g79
g8
g80
g81
g82
g83
g84
g85
g86
g87
g88
g89
g9
g90
g91
g92
g93
g94
g95
g96
g97
g98
g99

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

956d3d93238e60519e0162ae85a7905c

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

6b:ad:db:11:a0:ab:4a:63:a1:7e:c5:b8:47:db:93:28Certificate

Extended Key Usages

Key Usages

6b:7f:f6:6f:cc:b8:14:9a:b5:14:ff:99:63:39:b5:21:e6:dc:50:e6Signer

Headers

File Characteristics

Imports

msi

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: - Virtual size: 8B

.rsrc Size: 1024B - Virtual size: 752B

.reloc Size: 1024B - Virtual size: 824B

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

6b:ad:db:11:a0:ab:4a:63:a1:7e:c5:b8:47:db:93:28
Certificate

6b:7f:f6:6f:cc:b8:14:9a:b5:14:ff:99:63:39:b5:21:e6:dc:50:e6
Signer

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: - Virtual size: 8B

.rsrc
Size: 1024B - Virtual size: 752B

.reloc
Size: 1024B - Virtual size: 824B