0176190704a35b941b42e6878db7efe6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0176190704a35b941b42e6878db7efe6_JaffaCakes118
Size

193KB
MD5

0176190704a35b941b42e6878db7efe6
SHA1

ac072ccce663bc30925e27719462ad3564ad61da
SHA256

586830398496b8ff0a75f769321b002ee7e41bf3667532f7fb3b5c37fc486573
SHA512

56c4dca7e5d75e2044a2cc031e602d28397e9ff553776b8ecec005318cdc0fb4ca7c95bfdfad746047659d34d03e4bfa6780c96fef69d351d2eb3af76501942c
SSDEEP

3072:sl1YQqGVnpc93B+sO2+uRmFphMgctXonAQayvScAXMq59IS8vWskNJQjDLGf:W1YQjVpc93RO2+ucMZonAQ9XFqbhULk

Score

1^/10

Malware Config

Signatures

Files

0176190704a35b941b42e6878db7efe6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b06d442af69f80ac28760b4b3e15f5fd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:0f:11:f1:24:a7:3b:de:cc:41:25:98:45:a8:a7:73
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/04/2010, 00:00

Not After

09/04/2011, 23:59

Subject

CN=TrustPort,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TrustPort,L=Brno,ST=Morava,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

86:99:b7:fe:73:cd:ae:cb:a8:53:3f:05:6b:e8:28:6c:c4:61:17:a8
Signer

Actual PE Digest

86:99:b7:fe:73:cd:ae:cb:a8:53:3f:05:6b:e8:28:6c:c4:61:17:a8

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msasn1

ASN1bitstring_cmp
ASN1_CreateEncoder
ASN1BERDecS32Val
ASN1CEREncZeroMultibyteString
ASN1uint32_uoctets
ASN1BERDecOctetString
ASN1BERDecOpenType
ASN1BEREncFlush
ASN1CEREncNewBlkElement
ASN1_FreeEncoded
ASN1Free
ASN1_Encode
ASN1CEREncMultibyteString
ASN1BERDecZeroChar16String
ASN1BERDecBitString
ASN1BEREncEndOfContents
ASN1ztchar16string_cmp
ASN1generalizedtime_cmp
ASN1BEREncRemoveZeroBits
ASN1CEREncGeneralizedTime
ASN1EncSetError
ASN1octetstring_cmp

mmcndmgr

DllUnregisterServer
DllCanUnloadNow
DllRegisterServer
DllGetClassObject

kbddv

KbdLayerDescriptor

kernel32

GetSystemInfo
TlsAlloc
SetConsoleScreenBufferSize
GetDiskFreeSpaceW
DeleteVolumeMountPointW
EnumDateFormatsA
GetTapeStatus
SetEnvironmentVariableW
VDMConsoleOperation
ExitVDM
GetConsoleInputExeNameA
GlobalMemoryStatus
GetProcAddress
FlushInstructionCache
CancelDeviceWakeupRequest
UnregisterWait
GetConsoleCommandHistoryA
EnumCalendarInfoExW
GlobalAlloc
FreeEnvironmentStringsA
GetTempPathW
UTRegister
WideCharToMultiByte
FindVolumeMountPointClose
HeapSummary
SetCommState
GetTempPathA
GetVersionExA
GetStringTypeExW
WriteFileEx
GetExpandedNameW
WriteProfileStringW
Heap32Next
GetTapeParameters
DnsHostnameToComputerNameA
AssignProcessToJobObject
DebugActiveProcessStop
FindResourceA
UnlockFileEx
FindResourceExW
WriteTapemark
_llseek
GetFullPathNameA
GetUserDefaultLangID
DeleteFileA
LZSeek
SetLastError
CreateWaitableTimerA
CreateNamedPipeA
CreateMailslotA
CompareFileTime
BackupSeek
HeapDestroy
GetSystemDefaultLCID
CancelIo
RtlZeroMemory
EnumResourceTypesW
LoadLibraryA
GetVDMCurrentDirectories
GlobalFlags
lstrcat

user32

FindWindowExW
RegisterRawInputDevices
AppendMenuA
FindWindowExA
ChangeDisplaySettingsW
LoadKeyboardLayoutA
DrawTextExW
GetGuiResources
MB_GetString
CreateCursor
GetKeyboardLayoutNameW
CharToOemA
DrawMenuBarTemp
LockWorkStation
MenuItemFromPoint
EndMenu
SetSystemMenu
LoadCursorFromFileW
SetClassLongA
CliImmSetHotKey
DefWindowProcA
DrawFrame
DefWindowProcW
LoadMenuA
MapWindowPoints
HideCaret
LoadCursorFromFileA
DdeAccessData
GetMenuItemCount
InSendMessageEx
GetUserObjectInformationA
LoadMenuW
MessageBoxW
EnumDisplayDevicesW
GetMonitorInfoA
PaintMenuBar
UserLpkPSMTextOut
UnhookWindowsHookEx
EnumDisplaySettingsExA
CharLowerA
PostThreadMessageW
TabbedTextOutW
LoadIconW
SetWindowTextA
MoveWindow
GetDesktopWindow
UserRealizePalette
GetWindowLongW
ImpersonateDdeClientWindow
IsZoomed
MessageBoxExW
CreateAcceleratorTableW
GetRawInputDeviceInfoW
GetRegisteredRawInputDevices
CharNextExA
CharUpperBuffA
CharUpperBuffW
GetRawInputDeviceInfoA
GetAltTabInfoA
SystemParametersInfoA
AlignRects
CreateIcon
EnumWindowStationsA
SetDebugErrorLevel
GetMouseMovePointsEx
EditWndProc
SetPropA
GetProcessDefaultLayout
CloseWindowStation
GetDlgItemTextW

atl

AtlRegisterClassCategoriesHelper
AtlComPtrAssign
AtlModuleRegisterWndClassInfoA
AtlModuleUpdateRegistryFromResourceD
AtlModuleAddCreateWndData
AtlAxCreateDialogW
AtlWaitWithMessageLoop
AtlModuleLoadTypeLib
DllUnregisterServer
AtlModuleRevokeClassObjects
AtlAxCreateDialogA
AtlIPersistStreamInit_Save
AtlFreeMarshalStream
AtlIPersistPropertyBag_Load
AtlUnmarshalPtr
AtlModuleInit
DllCanUnloadNow

Sections

.shOi
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.cX
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.fQVLQ
Size: 132KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.iFqASt
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lZgSXB
Size: 2KB - Virtual size: 45KB

IMAGE_SCN_MEM_READ

.GuwOP
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b06d442af69f80ac28760b4b3e15f5fd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:0f:11:f1:24:a7:3b:de:cc:41:25:98:45:a8:a7:73Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

86:99:b7:fe:73:cd:ae:cb:a8:53:3f:05:6b:e8:28:6c:c4:61:17:a8Signer

Headers

File Characteristics

Imports

msasn1

mmcndmgr

kbddv

kernel32

user32

atl

Sections

.shOi Size: 1024B - Virtual size: 632B

.cX Size: 24KB - Virtual size: 23KB

.fQVLQ Size: 132KB - Virtual size: 250KB

.iFqASt Size: 10KB - Virtual size: 21KB

.lZgSXB Size: 2KB - Virtual size: 45KB

.GuwOP Size: 5KB - Virtual size: 5KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 3KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:0f:11:f1:24:a7:3b:de:cc:41:25:98:45:a8:a7:73
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

86:99:b7:fe:73:cd:ae:cb:a8:53:3f:05:6b:e8:28:6c:c4:61:17:a8
Signer

.shOi
Size: 1024B - Virtual size: 632B

.cX
Size: 24KB - Virtual size: 23KB

.fQVLQ
Size: 132KB - Virtual size: 250KB

.iFqASt
Size: 10KB - Virtual size: 21KB

.lZgSXB
Size: 2KB - Virtual size: 45KB

.GuwOP
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 3KB - Virtual size: 4KB