b5351f8bbbf93682e1367b626f065017_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b5351f8bbbf93682e1367b626f065017_JaffaCakes118
Size

1.5MB
MD5

b5351f8bbbf93682e1367b626f065017
SHA1

48a851533b7995fd6f12e0bb23e1150b3cebdb32
SHA256

1591df8f10fe13ce34fc47772c8a42438279164a76715d6d3112c8a26e90b273
SHA512

040a2e35cb12232d3abd21494b504f9f42e4bb070220df11cb62cd75b58b8e8d25dae4f9f69903e4ba348a9c079e8699d259ff2079ccc8a51c8d9c148149fde5
SSDEEP

24576:0dg/VQpTPPklf5Y/p1DfHzp928/G+jSBi5AaSZU5Mj6CXdGova02Z2:enpTkf5Y/p1bVJvE8Aap5Mj6qZvavM

Score

1^/10

Malware Config

Signatures

Files

b5351f8bbbf93682e1367b626f065017_JaffaCakes118
.exe windows:5 windows x86 arch:x86

740a494df44681ba6d10fb06eba8530a

Code Sign

4e:e3:08:63:6e:9a:f0
Certificate

Issuer

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

07/09/2012, 07:18

Not After

29/08/2013, 18:31

Subject

CN=GPV Entertainment\, LLC,O=GPV Entertainment\, LLC,L=San Francisco,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

29/06/2004, 17:06

Not After

29/06/2034, 17:06

Subject

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

03:01
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

16/11/2006, 01:54

Not After

16/11/2026, 01:54

Subject

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:17:26:25:53:b2:08:3a:d5:b7:e3:30:a9:da:15:02:ac:ff:b6:b5
Signer

Actual PE Digest

1f:17:26:25:53:b2:08:3a:d5:b7:e3:30:a9:da:15:02:ac:ff:b6:b5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
GetLastError
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
lstrlenA
lstrcmpiA
IsDBCSLeadByte
FlushInstructionCache
lstrcmpA
MulDiv
GetModuleFileNameA
GlobalUnlock
GlobalLock
GlobalAlloc
SetLastError
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
MoveFileExA
DeleteFileA
LocalFree
WaitForSingleObject
TerminateThread
SetCurrentDirectoryA
Process32Next
OpenProcess
TerminateProcess
Process32First
CreateToolhelp32Snapshot
SleepEx
ExitProcess
CreateMutexA
InterlockedExchange
FreeResource
LockResource
HeapAlloc
VerifyVersionInfoA
VerSetConditionMask
GetVersionExA
IsProcessorFeaturePresent
InterlockedCompareExchange
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
Sleep
GetConsoleMode
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetStdHandle
HeapReAlloc
VirtualFree
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualAlloc
VirtualProtect
RtlUnwind
GetExitCodeProcess
WriteFile
SetFileTime
GetCurrentDirectoryA
CreateDirectoryA
DosDateTimeToFileTime
LocalAlloc
DeleteCriticalSection
InitializeCriticalSection
RaiseException
MultiByteToWideChar
CreateThread
GetProcessHeap
HeapFree
GetCurrentThreadId
LoadLibraryA
GetProcAddress
FreeLibrary
GlobalFree
EnterCriticalSection
LeaveCriticalSection
lstrcatA
GetTempPathA
GetConsoleCP
CreateProcessA
SystemTimeToFileTime
ReadFile
CloseHandle
CreateFileA
GetCurrentProcess
DuplicateHandle
GetFileType
SetFilePointer
GetVolumeInformationA
SetStdHandle
GetComputerNameA

user32

LoadCursorA
SetCursor
SetWindowPos
BringWindowToTop
IsWindow
GetForegroundWindow
GetWindowThreadProcessId
SystemParametersInfoA
AttachThreadInput
AllowSetForegroundWindow
SetForegroundWindow
ShowWindow
IsWindowVisible
UnregisterClassA
UpdateWindow
PostQuitMessage
CopyRect
IsWindowEnabled
GetWindowRect
LoadIconA
SendMessageA
EnableWindow
CreateWindowExA
ReleaseDC
EndPaint
GetMessageA
DispatchMessageA
TranslateMessage
IsDialogMessageA
MessageBoxA
FindWindowA
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
CreateAcceleratorTableA
RegisterClassExA
GetClassInfoExA
GetDesktopWindow
SetFocus
GetFocus
GetWindow
DestroyAcceleratorTable
CallWindowProcA
DestroyWindow
FillRect
ReleaseCapture
GetClassNameA
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
GetDC
ScreenToClient
ClientToScreen
GetClientRect
MoveWindow
GetSysColor
DefWindowProcA
CharNextA
GetWindowLongA
SetWindowLongA
SetWindowTextA
GetDlgCtrlID
BeginPaint

gdi32

StretchBlt
GetDIBColorTable
SetDIBColorTable
GetDeviceCaps
CreateCompatibleBitmap
SetBkMode
GetStockObject
SetBkColor
SetTextColor
CreateCompatibleDC
SelectObject
GetObjectA
BitBlt
DeleteDC
CreateSolidBrush
DeleteObject
CreateDIBSection

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyExA
ConvertSidToStringSidA
LookupAccountNameA
GetUserNameA
RegDeleteValueA

shell32

ShellExecuteA
ShellExecuteExA
ord680
SHGetFolderPathA

ole32

CoUninitialize
OleUninitialize
OleInitialize
CoInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString
VarUI4FromStr
VariantInit
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysStringLen

shlwapi

wnsprintfA
StrStrIA
PathFileExistsA
AssocQueryStringA
ord176
SHDeleteKeyA

msimg32

AlphaBlend
TransparentBlt

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

wintrust

WinVerifyTrust

Sections

.text
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

740a494df44681ba6d10fb06eba8530a

Code Sign

4e:e3:08:63:6e:9a:f0Certificate

Extended Key Usages

Key Usages

Certificate

03:01Certificate

Key Usages

1f:17:26:25:53:b2:08:3a:d5:b7:e3:30:a9:da:15:02:ac:ff:b6:b5Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msimg32

wtsapi32

wintrust

Sections

.text Size: 165KB - Virtual size: 165KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 8KB - Virtual size: 18KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 18KB - Virtual size: 18KB

4e:e3:08:63:6e:9a:f0
Certificate

03:01
Certificate

1f:17:26:25:53:b2:08:3a:d5:b7:e3:30:a9:da:15:02:ac:ff:b6:b5
Signer

.text
Size: 165KB - Virtual size: 165KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 18KB - Virtual size: 18KB