01a97e67c1b07fa56d73b40264d7755c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

01a97e67c1b07fa56d73b40264d7755c_JaffaCakes118
Size

185KB
MD5

01a97e67c1b07fa56d73b40264d7755c
SHA1

5b62c3346c6605a71639b4afd0e7e87511d09e1b
SHA256

2a547d511acdf8ea2b383443e90a91e469bf7abd197e380df80cb0fd78764c71
SHA512

483498a09514588fb2c9c792b4ed68fa6899556c1bb4e75f6c2c4b8d461459bde954df5d398cbab7470bd6690b20a16360a0872386beb47f11178ecf7d063c2f
SSDEEP

3072:uOuMo5SPaiW6mMBLkAbrZURieg9gkwKZuSlS1BOlk7q0C5yG8Y4:Bo5Ss67BLkaZUC9fw+aX0Y

Score

1^/10

Malware Config

Signatures

Files

01a97e67c1b07fa56d73b40264d7755c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

209e668e55346c27569e6e03ff55a185

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:a8:ad:7c:51:6c:55:4d:7c:96:34:13:2f:ca:57:f1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

08/04/2005, 00:00

Not After

08/04/2006, 23:59

Subject

CN=Streamcast Networks\, Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Morpheus,O=Streamcast Networks\, Inc,L=Woodland Hills,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_addr
recv
send
__WSAFDIsSet
select
WSAGetLastError
connect
closesocket
shutdown
ioctlsocket
htons
gethostbyname
socket
WSACleanup
WSAStartup

kernel32

OpenMutexA
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetProcessHeap
ReleaseMutex
CreateMutexA
CreateEventA
SetEvent
WaitForSingleObject
ResetEvent
GetSystemDirectoryA
GetTempPathA
GetCurrentThreadId
GetPrivateProfileStringA
FlushInstructionCache
GetCurrentProcess
HeapAlloc
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
lstrlenA
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenW
MulDiv
lstrcmpA
WideCharToMultiByte
GetModuleFileNameA
GetModuleHandleA
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
CreateThread
lstrcpyA
DeleteFileA
WriteFile
Sleep
CloseHandle
CreateFileA
SetUnhandledExceptionFilter
GetProcAddress
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetCommandLineA
GetStartupInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
ExitThread
HeapReAlloc
ExitProcess
GetFileType
RtlUnwind
GetStdHandle
SetStdHandle
SetFilePointer
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
OpenFile
GetLastError
GetSystemTimeAsFileTime
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
SetHandleCount
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
GetOEMCP
GetCPInfo
LoadLibraryA
GetExitCodeProcess
CreateProcessA
GetFileAttributesA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
FlushFileBuffers
GetTickCount

user32

InvalidateRect
ReleaseDC
GetDC
FillRect
SetCapture
ReleaseCapture
GetSysColor
CreateDialogParamA
InvalidateRgn
LoadCursorA
RegisterClassExA
GetWindowTextLengthA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetDesktopWindow
DestroyAcceleratorTable
IsChild
GetFocus
SetFocus
IsWindow
RedrawWindow
GetClassNameA
CharNextA
CreateAcceleratorTableA
CreateWindowExA
ShowWindow
EndPaint
wsprintfA
GetClassInfoExA
BeginPaint
DialogBoxParamA
CheckRadioButton
EndDialog
IsDlgButtonChecked
CallWindowProcA
DefWindowProcA
LoadBitmapA
RegisterWindowMessageA
SetWindowLongA
GetSystemMetrics
LoadImageA
PostQuitMessage
MessageBoxIndirectA
EnumWindows
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
IsDialogMessageA
MessageBoxA
GetDlgItem
SetWindowTextA
PostMessageA
GetWindowLongA
SendMessageA
DestroyWindow
SendMessageTimeoutA
UnregisterClassA
GetWindowTextA

gdi32

CreateSolidBrush
GetStockObject
GetDeviceCaps
BitBlt
GetObjectA
DeleteObject
DeleteDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC

advapi32

RegSetValueExA
RegCreateKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance
CreateStreamOnHGlobal
OleUninitialize
StringFromGUID2
CoTaskMemAlloc
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoInitialize
OleInitialize

oleaut32

VarUI4FromStr
LoadTypeLi
VariantInit
VariantClear
OleCreateFontIndirect
SysStringByteLen
SysStringLen
SysFreeString
SysAllocString
SysAllocStringLen
LoadRegTypeLi

comctl32

InitCommonControlsEx

msimg32

TransparentBlt

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

209e668e55346c27569e6e03ff55a185

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

5d:a8:ad:7c:51:6c:55:4d:7c:96:34:13:2f:ca:57:f1Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

Sections

.text Size: 104KB - Virtual size: 103KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 21KB

.rsrc Size: 44KB - Virtual size: 43KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

5d:a8:ad:7c:51:6c:55:4d:7c:96:34:13:2f:ca:57:f1
Certificate

.text
Size: 104KB - Virtual size: 103KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 21KB

.rsrc
Size: 44KB - Virtual size: 43KB