a3e6a77ba3360ba659533e490cd5d22d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a3e6a77ba3360ba659533e490cd5d22d_JaffaCakes118
Size

1.1MB
MD5

a3e6a77ba3360ba659533e490cd5d22d
SHA1

f19fc9d02ec867af9bf5bd933adf9b52eb917ff0
SHA256

241a9cd83eea580b4e89bb313611cf4047ff756166fd035277e676ea97cbbd17
SHA512

fca3d8e9752513b8c01e3782b7cb781c2bdd2b78c90a404573f94433f82a466c1e4e3fd589dc928f194116ed99c622a642b37b0458d4e1301cf0ea34d443834b
SSDEEP

12288:ltYH1nv2LkFnYJP2J2VhLrq2W9Y/StaH2IcK12nCInXGLse219oj+M4D:D01v2oFnYJP2J2VRe2zStW2I/12P2B1q

Score

1^/10

Malware Config

Signatures

Files

a3e6a77ba3360ba659533e490cd5d22d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0fd6dc8cd2571a479d16ba8664d74a42

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

22/02/2012, 09:18

Not After

22/02/2015, 09:18

Subject

CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e6:3f:36:9b:91:22:f6:11:8d:ca:df:8d:0f:93:95:5c:b9:68:16:06
Signer

Actual PE Digest

e6:3f:36:9b:91:22:f6:11:8d:ca:df:8d:0f:93:95:5c:b9:68:16:06

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\XBUILD\bdkv_qgj_bind\Basic\Tools\NSIS\Plugins\bind.pdb

Imports

wininet

InternetOpenW
InternetCloseHandle
InternetOpenUrlW
InternetReadFile
HttpQueryInfoW

kernel32

ReadFile
CloseHandle
GetFileSize
CreateFileW
lstrcmpiW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetWindowsDirectoryW
Sleep
CreateDirectoryW
WideCharToMultiByte
FindResourceW
ExpandEnvironmentStringsW
WriteFile
WaitForSingleObject
LoadResource
SetFilePointer
LockResource
SizeofResource
FreeResource
GetModuleFileNameW
GetSystemDirectoryW
FindResourceExW
LoadLibraryW
GetModuleHandleW
GetVersion
GetTickCount
GetLastError
FindFirstFileW
GetProcAddress
FreeLibrary
SetEvent
ResetEvent
GetCommandLineA
DeleteFileW
CreateEventW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetFileAttributesW
CreateFileA
WriteConsoleW
GetConsoleOutputCP
MultiByteToWideChar
RaiseException
WriteConsoleA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetModuleHandleA
ExitProcess
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetStdHandle
GetModuleFileNameA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
VirtualFree
VirtualAlloc
LoadLibraryA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetStdHandle

user32

wsprintfW
UnregisterClassA

advapi32

RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteExW

shlwapi

PathFileExistsW

Sections

.text
Size: 540KB - Virtual size: 536KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 520KB - Virtual size: 516KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0fd6dc8cd2571a479d16ba8664d74a42

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24Certificate

Extended Key Usages

Key Usages

61:29:15:27:00:00:00:00:00:2aCertificate

Key Usages

e6:3f:36:9b:91:22:f6:11:8d:ca:df:8d:0f:93:95:5c:b9:68:16:06Signer

Headers

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

advapi32

shell32

shlwapi

Sections

.text Size: 540KB - Virtual size: 536KB

.rdata Size: 80KB - Virtual size: 76KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 520KB - Virtual size: 516KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:df:76:75:aa:a0:8d:1b:49:a8:3a:48:0f:14:85:5d:24
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

e6:3f:36:9b:91:22:f6:11:8d:ca:df:8d:0f:93:95:5c:b9:68:16:06
Signer

.text
Size: 540KB - Virtual size: 536KB

.rdata
Size: 80KB - Virtual size: 76KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 520KB - Virtual size: 516KB