abe6613ca5ac326405481a5d64cfe397_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

abe6613ca5ac326405481a5d64cfe397_JaffaCakes118
Size

412KB
MD5

abe6613ca5ac326405481a5d64cfe397
SHA1

f27288ff9e39de49f5f26e97c5900dc2fa410ff4
SHA256

24bf39ba537414107402e64c68c8ac31ca8beff338345cfdf543f2aaee3522f7
SHA512

56895edac87d50dbc2b51aea96dd08d4cb155267eae602e5eb2d9c199b8fdca095139bc58dc522dd20bb525abd9d40dfa01bab6dab2808c70cdc2999ab0e5429
SSDEEP

6144:sHIf4s3trEXFWSV9nJ1cqKKoUrqJ/udDIvVIf4WcVy4K9nojDuUl5:tuXF7V9nJ1rSud4igH+NeDuUl

Score

1^/10

Malware Config

Signatures

Files

abe6613ca5ac326405481a5d64cfe397_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8176bf85713af96516d3bc724a911ba1

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

28:d2:02:39:8d:a9:29:fc:de:fa:15:a5:3c:d0:d7:80
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/08/2006, 00:00

Not After

05/09/2007, 23:59

Subject

CN=Hewlett Packard,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop Consumer Solutions,O=Hewlett Packard,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetCurrentProcessId
ReadFile
SetFilePointer
SetEndOfFile
GetThreadLocale
InterlockedIncrement
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
RtlUnwind
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LocalAlloc
HeapReAlloc
VirtualAlloc
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
HeapSize
SetStdHandle
GetFileType
GetACP
LCMapStringA
LCMapStringW
GetStdHandle
VirtualFree
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
InterlockedDecrement
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
FreeResource
GlobalLock
GlobalUnlock
OpenMutexA
GetUserDefaultLangID
GetStartupInfoA
CreateProcessA
GetExitCodeProcess
TerminateProcess
FlushFileBuffers
GlobalAlloc
GlobalFree
HeapFree
GetProcessHeap
HeapAlloc
GetFileTime
CompareFileTime
WritePrivateProfileStringA
lstrcmpA
DeleteFileA
Sleep
MoveFileA
GetDriveTypeA
GetSystemDirectoryA
GetShortPathNameA
GetTempPathA
GetLocaleInfoA
FormatMessageA
LocalFree
GetSystemDefaultLangID
GetVersionExA
InitializeCriticalSection
GetFileSize
DeleteCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
WriteFile
OutputDebugStringA
CreateFileA
GetEnvironmentVariableA
CompareStringW
CompareStringA
GetVersion
InterlockedExchange
CreateMutexA
WaitForSingleObject
ReleaseMutex
GetCommandLineA
FindResourceExA
SetLastError
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetWindowsDirectoryA
FindFirstFileA
FindNextFileA
FindClose
CreateEventA
SetEvent
CloseHandle
GetPrivateProfileStringA
GetCurrentDirectoryA
lstrlenA
MulDiv
GetProcAddress
GetCurrentProcess
FreeLibrary
LoadLibraryA
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThreadId
GetTickCount
GetModuleHandleA
GetModuleFileNameA
GetFullPathNameA
GetFileAttributesA
MultiByteToWideChar
GetLastError
EnterCriticalSection
LeaveCriticalSection
ExitProcess

user32

UnregisterClassA
DestroyMenu
LoadCursorA
GetSysColorBrush
SetCursor
GetMessageA
GetCursorPos
ValidateRect
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ShowWindow
IsDialogMessageA
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
IsWindow
WaitForInputIdle
MsgWaitForMultipleObjects
PostQuitMessage
GetWindowThreadProcessId
SetWindowTextA
GetSystemMetrics
MessageBoxA
LoadImageA
GetDesktopWindow
GetWindowRect
IsIconic
LoadBitmapA
GetWindowLongA
GetDC
SetWindowLongA
ReleaseDC
PeekMessageA
TranslateMessage
DispatchMessageA
PostMessageA
SendMessageA
RegisterWindowMessageA
LoadIconA
EnableWindow
GetClassInfoExA
GetMenuCheckMarkDimensions

gdi32

DeleteDC
GetStockObject
CreateSolidBrush
DeleteObject
ScaleWindowExtEx
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
CreateCompatibleDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
StretchBlt
BitBlt
GetObjectA
CreateFontA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegEnumKeyA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA
RegOpenKeyExA
RegDeleteKeyA
RegQueryValueExA

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantInit
VariantChangeType

Sections

.text
Size: 256KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8176bf85713af96516d3bc724a911ba1

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

28:d2:02:39:8d:a9:29:fc:de:fa:15:a5:3c:d0:d7:80Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

oleaut32

Sections

.text Size: 256KB - Virtual size: 252KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 12KB - Virtual size: 89KB

.rsrc Size: 76KB - Virtual size: 76KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

28:d2:02:39:8d:a9:29:fc:de:fa:15:a5:3c:d0:d7:80
Certificate

.text
Size: 256KB - Virtual size: 252KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 12KB - Virtual size: 89KB

.rsrc
Size: 76KB - Virtual size: 76KB