005e3f14e5629060cff6c41c6ea38239_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

005e3f14e5629060cff6c41c6ea38239_JaffaCakes118
Size

1.2MB
MD5

005e3f14e5629060cff6c41c6ea38239
SHA1

9a3ed9d62566a96964b81a240685d3d901367bf7
SHA256

448bcfb059ca0d8cf2a8f35199bc46a29c6ca8c6ef66287fb3bff64b1bcff3c5
SHA512

c6f15e7fb36786b1633142f058e2f22c70c392ec4e6d5cdd942580d506dfb8d39e76b6eaa2950f29d29a8055c7d497d925336b51cdc839f2d16f52d42813a39e
SSDEEP

24576:AwVA/Z7aMnCQY45i8WSA/jfT56PZrDBTBSFIRWWQ9NLbmyhzstJJkgAHVS:zVmaMCQYw7WSA/jfTgdFS+RWWQ3bm4z4

Score

1^/10

Malware Config

Signatures

Files

005e3f14e5629060cff6c41c6ea38239_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fb9bd4472fa6d4517ba5afa2f98e86bf

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

66:89:8e:e6:91:a9:0a:ae:88:a8:1b:ac:f7:6d:70:a9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

15/01/2012, 00:00

Not After

14/01/2013, 23:59

Subject

CN=inXile entertainment,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=FreeWorkz,O=inXile entertainment,L=Newport Beach,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

GetProfilesDirectoryA

shlwapi

AssocQueryStringA
wnsprintfA
PathFileExistsA
StrNCatA
StrStrA
SHDeleteKeyA
StrDupA
StrChrA
StrStrIA

kernel32

SetFilePointer
ReadFile
GetFileSize
WaitForSingleObject
LoadLibraryExA
DeleteFileA
CreateThread
GetVersionExA
GetLocalTime
InterlockedDecrement
MultiByteToWideChar
GetTempPathA
SetCurrentDirectoryA
GetCurrentDirectoryA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
GetModuleHandleA
IsDBCSLeadByte
FlushInstructionCache
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentThreadId
SetLastError
SizeofResource
LoadResource
FindResourceA
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
OpenMutexA
GetVolumeInformationA
GetComputerNameA
GetTickCount
GlobalFree
LockResource
FreeResource
GetFullPathNameA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
TerminateThread
GetSystemTimeAsFileTime
lstrcmpA
LCMapStringW
LCMapStringA
GetStdHandle
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetModuleFileNameA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetCommandLineA
GetConsoleMode
GetConsoleCP
GetFileType
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualProtect
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
ExpandEnvironmentStringsA
HeapFree
LocalFree
GetCurrentProcess
GetProcessHeap
HeapAlloc
OpenProcess
CloseHandle
GetLastError
LoadLibraryA
GetProcAddress
FreeLibrary
lstrcpynA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetHandleCount
SetStdHandle
SetEndOfFile
GetEnvironmentStrings
FreeEnvironmentStringsW
WriteConsoleA
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
GetConsoleOutputCP
WriteConsoleW
lstrcpyA
lstrcatA
FindFirstFileA
GetFileAttributesA
FindNextFileA
FindClose
CreateProcessA
SleepEx
WriteFile
CreateMutexA
ExitProcess
CreateToolhelp32Snapshot
Process32First
TerminateProcess
GetExitCodeProcess
Sleep
Process32Next
CreateDirectoryA
WritePrivateProfileStringA
lstrlenA
GetPrivateProfileStringA
CreateFileA
lstrlenW
lstrcmpiA
WideCharToMultiByte
GetStringTypeA
FreeEnvironmentStringsA

user32

IsWindow
GetDesktopWindow
GetWindow
DestroyAcceleratorTable
CallWindowProcA
ReleaseCapture
GetClassNameA
SetCapture
RedrawWindow
ScreenToClient
ClientToScreen
MoveWindow
GetSysColor
CharNextA
DrawEdge
DrawTextA
InvalidateRgn
GetWindowTextLengthA
EnableWindow
CheckRadioButton
IsDlgButtonChecked
GetDlgCtrlID
GetDlgItem
FillRect
SetWindowTextA
InvalidateRect
UpdateWindow
GetParent
SetWindowLongA
GetClassInfoExA
BeginPaint
GetFocus
IsWindowEnabled
LoadBitmapA
GetWindowTextA
EndPaint
PostMessageA
MessageBeep
GetDC
ReleaseDC
LoadCursorA
LoadIconA
RegisterClassExA
SystemParametersInfoA
CreateWindowExA
SetFocus
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
GetWindowLongA
DestroyWindow
SendMessageA
PostQuitMessage
PeekMessageA
GetWindowRect
GetClientRect
SetWindowPos
DefWindowProcA
MessageBoxA
ShowWindow
GetUserObjectSecurity
GetShellWindow
GetWindowThreadProcessId
CreateAcceleratorTableA
RegisterWindowMessageA
GetSysColorBrush
UnregisterClassA
DrawFocusRect
GetWindowDC
SetCursor
ExitWindowsEx
GetKeyState
IsChild

gdi32

SetMapMode
LPtoDP
DPtoLP
CreateDIBitmap
GetDeviceCaps
CreateCompatibleBitmap
CreateRectRgn
SetBkColor
CreateSolidBrush
CreateCompatibleDC
GetObjectA
CreateFontA
SetBkMode
GetTextExtentPointA
SetTextColor
TextOutA
BitBlt
DeleteDC
CreatePen
SelectObject
GetStockObject
SetROP2
Rectangle
DeleteObject
GetMapMode

advapi32

LookupAccountNameA
RegCloseKey
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
IsValidSid
GetSecurityDescriptorOwner
GetUserNameA
ConvertSidToStringSidA
RegCreateKeyA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyA
RegDeleteValueA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegEnumKeyA
CloseServiceHandle
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegEnumValueA
RegQueryValueExA

shell32

ord680
ShellExecuteA
ShellExecuteExA
SHGetFolderPathA

ole32

CoInitializeSecurity
CoSetProxyBlanket
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoGetClassObject
OleLockRunning
StringFromGUID2
CoInitializeEx
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoUninitialize
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleRun
CoTaskMemFree

oleaut32

GetErrorInfo
SysFreeString
VariantClear
SafeArrayGetVartype
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SysStringLen
SysAllocStringLen
SysAllocString
VarUI4FromStr
VariantInit
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
OleLoadPicture

Sections

.text
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 788KB - Virtual size: 788KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb9bd4472fa6d4517ba5afa2f98e86bf

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

66:89:8e:e6:91:a9:0a:ae:88:a8:1b:ac:f7:6d:70:a9Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

userenv

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 318KB - Virtual size: 317KB

.rdata Size: 68KB - Virtual size: 68KB

.data Size: 21KB - Virtual size: 32KB

.cdata Size: 13KB - Virtual size: 13KB

.rsrc Size: 788KB - Virtual size: 788KB

.reloc Size: 27KB - Virtual size: 27KB

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

66:89:8e:e6:91:a9:0a:ae:88:a8:1b:ac:f7:6d:70:a9
Certificate

.text
Size: 318KB - Virtual size: 317KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 21KB - Virtual size: 32KB

.cdata
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 788KB - Virtual size: 788KB

.reloc
Size: 27KB - Virtual size: 27KB