043d38cb50ef5e6f553620a54c0b8194_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

043d38cb50ef5e6f553620a54c0b8194_JaffaCakes118
Size

245KB
MD5

043d38cb50ef5e6f553620a54c0b8194
SHA1

4c9e0db84ceeb62e39597c049a5a8efa0dca2bbc
SHA256

418cc2999cd83a3b5eb7c83e76047ec5b7f2330b1eff8cbb65cdf1c9d4c66f1f
SHA512

6737ed61cada6303446c3c8a2f6356e686665f41c0be6ae2cdb5479ed583c2a5a5316614ffca3233df2a57a458dfa2782b7ab4eecaaa1856df30b567803cafef
SSDEEP

6144:3gdLk5s80vret84kSs40DUUe4OWMbxZktPemPNj6Cv:wdLPv66OGMbrEj6Cv

Score

1^/10

Malware Config

Signatures

Files

043d38cb50ef5e6f553620a54c0b8194_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7d324417698a8050d3fd2cff78e35ec8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:ef:4f:72:14:93:67:bc:c7:77:5d:00:00:90:9c:1d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

29/01/2010, 00:00

Not After

30/01/2012, 23:59

Subject

CN=VIRUSBLOKADA LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=VIRUSBLOKADA LTD.,L=Minsk,ST=none,C=BY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e4:a7:cc:09:22:ba:3d:dc:21:47:94:f9:b7:06:82:11:ea:76:b3:3f
Signer

Actual PE Digest

e4:a7:cc:09:22:ba:3d:dc:21:47:94:f9:b7:06:82:11:ea:76:b3:3f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
GetProcAddress
MultiByteToWideChar
GetWindowsDirectoryW
GetCPInfo
lstrcpyn
GetThreadPriority
GetModuleHandleA
GetHandleInformation
lstrcmp
AddAtomA
GetNumberFormatW
lstrcmpA
SetCalendarInfoA
GetEnvironmentStringsA
LoadLibraryW
GetAtomNameA
GetEnvironmentVariableW
GetSystemDefaultLangID
lstrcpy

user32

InvalidateRgn
DialogBoxIndirectParamW
CreateDialogParamW
SetFocus
GetTopWindow
EnumWindows
CreateDesktopA
ShowWindow
SendDlgItemMessageA
TrackPopupMenuEx
CreateMenu
DestroyMenu
PeekMessageW
PostMessageW
GetActiveWindow
LoadImageW
MessageBeep
SetTimer
MonitorFromRect
WinHelpW
UnregisterClassW
GetCapture
UnregisterClassA
RegisterClassExW
CreateAcceleratorTableA
PostQuitMessage
GetDCEx
ShowCaret
GetMessageW
EmptyClipboard
InvalidateRect
LoadBitmapA
SetWindowPos
SetCapture
CreateDialogIndirectParamW
SetWindowTextA
GetCaretPos
GetKeyState
GetSystemMetrics
DestroyIcon
wvsprintfA
GetCursorPos
GetMenuInfo
GetIconInfo
DialogBoxIndirectParamA
SetForegroundWindow
keybd_event
GetSysColorBrush
EnumClipboardFormats
GetKeyboardLayout
LoadCursorA
SetDlgItemTextA
MessageBoxW
ShowCursor
GetClassInfoW
SetActiveWindow
CheckMenuItem
WaitMessage
SetCursor
CopyRect

gdi32

CreateBitmap
ExtCreateRegion
CreateFontIndirectExW
CreateFontIndirectExA
CreateRoundRectRgn
RemoveFontResourceW
CreateSolidBrush
CreateMetaFileA
DeleteObject
CreateCompatibleDC
CreateFontA
RemoveFontResourceExW
GetMetaFileA
GetStockObject

shell32

ShellExecuteEx
SHGetSpecialFolderLocation
ExtractAssociatedIconExW
SHGetDataFromIDListW
SHBrowseForFolder
ShellExecuteExW
ExtractIconEx
DuplicateIcon
StrChrIA
SHCreateDirectory
ExtractIconExA
SHGetDataFromIDListA
ShellExecuteExA
FreeIconList
Shell_NotifyIcon
SHGetDiskFreeSpaceA

shlwapi

PathCombineA
StrCmpLogicalW
StrToInt64ExW
AssocQueryKeyW
PathIsUNCServerW
SHQueryValueExA
StrCmpNIW

oleaut32

VarI4FromDisp
VarUI1FromI4
SafeArraySetIID
VarI1FromDate
VarCyFromUI1

ws2_32

getprotobynumber
WSASendTo
recv
WSAAccept
select
WSADuplicateSocketW
ioctlsocket
WSASend
WSACleanup
getservbyname
gethostbyname
htons
WSAEnumProtocolsW
shutdown
connect

urlmon

CoInternetParseUrl
HlinkSimpleNavigateToString
CoGetClassObjectFromURL
PrivateCoInstall
CoInternetCompareUrl
CompareSecurityIds
DllRegisterServer
HlinkSimpleNavigateToMoniker
DllRegisterServerEx
UrlMkBuildVersion
URLDownloadToFileW
HlinkGoBack
GetClassFileOrMime
CoInternetGetSession

rasman

RasFreeBuffer
RasDeAllocateRoute
RasEnumLanNets
RasGetBuffer
RasGetConnectionUserData

inetcomm

MimeOleSetCompatMode
MimeOleCreateHeaderTable
HrDoAttachmentVerb
MimeOleParseRfc822AddressW
MimeOleGetFileInfoW
MimeOleOpenFileStream
MimeOleStripHeaders
MimeOleParseMhtmlUrl
MimeOleGenerateCID
MimeOleCreateByteStream
MimeOleGetBodyPropW
MimeOleDecodeHeader
HrSaveAttachToFile
MimeOleSetDefaultCharset

Sections

.m
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SEJn
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.F
Size: 4KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Qjz
Size: 4KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.FatYZR
Size: 5KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.F
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Bt
Size: 5KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.XSM
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vVN
Size: 12KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CqQhE
Size: 4KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d324417698a8050d3fd2cff78e35ec8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

2b:ef:4f:72:14:93:67:bc:c7:77:5d:00:00:90:9c:1dCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

e4:a7:cc:09:22:ba:3d:dc:21:47:94:f9:b7:06:82:11:ea:76:b3:3fSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

shlwapi

oleaut32

ws2_32

urlmon

rasman

inetcomm

Sections

.m Size: 3KB - Virtual size: 3KB

.SEJn Size: 91KB - Virtual size: 90KB

.F Size: 4KB - Virtual size: 350KB

.Qjz Size: 4KB - Virtual size: 202KB

.FatYZR Size: 5KB - Virtual size: 307KB

.F Size: 11KB - Virtual size: 11KB

.Bt Size: 5KB - Virtual size: 22KB

.XSM Size: 90KB - Virtual size: 90KB

.vVN Size: 12KB - Virtual size: 112KB

.CqQhE Size: 4KB - Virtual size: 384KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 1024B - Virtual size: 1024B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

2b:ef:4f:72:14:93:67:bc:c7:77:5d:00:00:90:9c:1d
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

e4:a7:cc:09:22:ba:3d:dc:21:47:94:f9:b7:06:82:11:ea:76:b3:3f
Signer

.m
Size: 3KB - Virtual size: 3KB

.SEJn
Size: 91KB - Virtual size: 90KB

.F
Size: 4KB - Virtual size: 350KB

.Qjz
Size: 4KB - Virtual size: 202KB

.FatYZR
Size: 5KB - Virtual size: 307KB

.F
Size: 11KB - Virtual size: 11KB

.Bt
Size: 5KB - Virtual size: 22KB

.XSM
Size: 90KB - Virtual size: 90KB

.vVN
Size: 12KB - Virtual size: 112KB

.CqQhE
Size: 4KB - Virtual size: 384KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 1024B