04d130927727771d1a481f6bbe3dfb05_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

04d130927727771d1a481f6bbe3dfb05_JaffaCakes118
Size

539KB
MD5

04d130927727771d1a481f6bbe3dfb05
SHA1

42d34dd01f424fe9649979eecc920667ae8b7852
SHA256

00fa6c4c70595ea51169c3d666d6bb0cf20b48efcb1e0c6275f690e9abcc440a
SHA512

bf1e0b3fd8a200ac62c2c93372fb99fa4ab2aff287b66cf7421634cef16a5184390e83f3d245742ec6fd83d1f515e4162cd6b95a193178cb9e15cbb55507deb1
SSDEEP

12288:S7SGGCY4Nmme4HcxhQSApsU12exinYsUj9gboLAc8:S7lGCYdme4Hcxhsp3wYhWkLAc8

Score

1^/10

Malware Config

Signatures

Files

04d130927727771d1a481f6bbe3dfb05_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0b79e267e932990eaa12b8b77be20b7d

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:94:e8:2c:6c:bb:aa:0a:03:cc:05:1a:f4:7e:23:08
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

12/12/2011, 00:00

Not After

11/12/2012, 23:59

Subject

CN=RivalGaming,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=RivalGaming,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
GetModuleHandleA
SetFilePointer
ReadFile
CreateDirectoryA
LoadLibraryExA
DeleteFileA
GetVolumeInformationA
LocalFree
lstrlenA
SleepEx
lstrcatA
MultiByteToWideChar
GetCurrentDirectoryA
lstrcmpA
GetCurrentProcess
OpenProcess
GlobalAlloc
GlobalFree
lstrcmpiA
GetFullPathNameA
lstrcpyA
SetFileTime
GetFileTime
LocalFileTimeToFileTime
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
SetLastError
GetModuleFileNameA
GetVersionExA
GetSystemTimeAsFileTime
ExitProcess
GetCurrentProcessId
SetEndOfFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteFile
Sleep
GetProcessHeap
HeapFree
HeapAlloc
OpenMutexA
GetFileAttributesA
CreateFileA
OpenFileMappingA
CloseHandle
CreateToolhelp32Snapshot
CreateFileMappingA
Process32Next
LoadLibraryA
GetProcAddress
GetLastError
WideCharToMultiByte
ExpandEnvironmentStringsA
Process32First
InterlockedDecrement
FreeLibrary
lstrcpynA
DosDateTimeToFileTime
MapViewOfFile
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
HeapSize
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapReAlloc
VirtualAlloc
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
DeleteCriticalSection
GetFileType
SetHandleCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
RaiseException
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualQuery

user32

GetWindowThreadProcessId
GetClassNameA
EnumWindows
IsWindow
IsWindowVisible
GetUserObjectSecurity
GetShellWindow

advapi32

GetUserNameA
IsValidSid
GetSecurityDescriptorOwner
LookupPrivilegeValueA
LookupAccountSidA
GetTokenInformation
OpenProcessToken
ConvertSidToStringSidA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyA
RegEnumKeyA
RegCloseKey
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
OpenSCManagerA
QueryServiceStatus
CloseServiceHandle
OpenServiceA
AdjustTokenPrivileges

shell32

ShellExecuteA
ord680
SHGetFolderPathA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantClear

shlwapi

AssocQueryStringA
StrStrIA
wnsprintfA
StrChrA
StrDupA
PathFileExistsA

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 355KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b79e267e932990eaa12b8b77be20b7d

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

4b:94:e8:2c:6c:bb:aa:0a:03:cc:05:1a:f4:7e:23:08Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 123KB - Virtual size: 123KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 13KB - Virtual size: 23KB

.rsrc Size: 355KB - Virtual size: 355KB

.reloc Size: 10KB - Virtual size: 10KB

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

4b:94:e8:2c:6c:bb:aa:0a:03:cc:05:1a:f4:7e:23:08
Certificate

.text
Size: 123KB - Virtual size: 123KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 13KB - Virtual size: 23KB

.rsrc
Size: 355KB - Virtual size: 355KB

.reloc
Size: 10KB - Virtual size: 10KB