ac98f065820be5a21ac59332620ab281_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ac98f065820be5a21ac59332620ab281_JaffaCakes118
Size

54KB
MD5

ac98f065820be5a21ac59332620ab281
SHA1

59af91ff38b7c2bb14d786feace7979221d18481
SHA256

72426bc2ffa43bce8ef81fd8534387bb04b386325159c821e82db7603c88d192
SHA512

6f019d52d3ecdba9b3ba16c9f4825f48f45aaf7f1664c6ff0b7eeaf13dc02309f38073f7c80096c7a05efd435444283d31fe33e0dba61ce1f5968334cfafacb2
SSDEEP

768:8ej6Xd42FPeAJ3dz60YXrbd/FjdLzZXTjcPh0v559n2iEDWm2m5clOg/Z+c97:RGNfeItnYXrbdNxzhTS2JXC0/Z/97

Score

1^/10

Malware Config

Signatures

Files

ac98f065820be5a21ac59332620ab281_JaffaCakes118
.exe windows:5 windows x86 arch:x86

09c7abb892bbe43730feac27809cb739

Code Sign

2c:96:6c:5a:93:a4:a2:9e:de:43:8c:6d:8a:d6:17:5c
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

10/02/2014, 00:00

Not After

12/03/2015, 23:59

Subject

CN=CNESTY Co.\, Ltd.,O=CNESTY Co.\, Ltd.,L=Geumcheon-gu,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:ad:fb:84:c9:5c:7c:61:35:84:7c:93:91:5f:63:b7:81:d9:3f:2c
Signer

Actual PE Digest

4f:ad:fb:84:c9:5c:7c:61:35:84:7c:93:91:5f:63:b7:81:d9:3f:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32Next
CloseHandle
TerminateProcess
GetExitCodeProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
FindClose
Sleep
FindNextFileA
DeleteFileA
RemoveDirectoryA
SetFileAttributesA
FindFirstFileA
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryExA
SetErrorMode
CreateFileW
HeapSize
WriteConsoleW
SetStdHandle
HeapReAlloc
RtlUnwind
LoadLibraryW
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
HeapAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcess
IsProcessorFeaturePresent
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
HeapCreate
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers

user32

MessageBoxA
wsprintfA

shell32

SHGetSpecialFolderPathA

ole32

OleInitialize
OleUninitialize

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09c7abb892bbe43730feac27809cb739

Code Sign

2c:96:6c:5a:93:a4:a2:9e:de:43:8c:6d:8a:d6:17:5cCertificate

Extended Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

4f:ad:fb:84:c9:5c:7c:61:35:84:7c:93:91:5f:63:b7:81:d9:3f:2cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 448B

.reloc Size: 3KB - Virtual size: 3KB

2c:96:6c:5a:93:a4:a2:9e:de:43:8c:6d:8a:d6:17:5c
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

4f:ad:fb:84:c9:5c:7c:61:35:84:7c:93:91:5f:63:b7:81:d9:3f:2c
Signer

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 448B

.reloc
Size: 3KB - Virtual size: 3KB