086fcb8f0fb2b8b84994f5c9896c079b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

086fcb8f0fb2b8b84994f5c9896c079b_JaffaCakes118
Size

876KB
MD5

086fcb8f0fb2b8b84994f5c9896c079b
SHA1

3fbae1f793d542207a98314de60544ec6951d16a
SHA256

489a4d5137bb0b339f54777f430c5019786073d93fd6f42b6c530b573fd1dd8a
SHA512

eca13d6735d3bc39a773f496aed07d37c20d16088072935bba8f9b5b6fbb014f50ea57cc8bb14816677b2d9af942849449fec6cf18e40d532b86f0663e6bec61
SSDEEP

24576:VFfmh5DzGDX1TuuGmdjZmvqirzqif2p2r:jmh5fGjqmdjZtiqi1

Score

1^/10

Malware Config

Signatures

Files

086fcb8f0fb2b8b84994f5c9896c079b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

584e3e540b62485095ce651c4a4ae9a8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

3d:49:cd:33:c1:1e:6c:1b:ba:e2:97:1e:37:76:c7:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/02/2008, 00:00

Not After

31/01/2009, 23:59

Subject

CN=InstallProvider Inc.,O=InstallProvider Inc.,POSTALCODE=DM,STREET=15 Cornwall Street,L=Roseau,ST=Dominica,C=DM

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsUNCA
UrlIsOpaqueA
SHRegOpenUSKeyA
SHRegWriteUSValueA
HashData
PathMakePrettyA
SHRegEnumUSKeyA
PathFindOnPathA
SHCreateStreamWrapper
StrRChrIA
StrSpnA
SHAutoComplete
SHRegCreateUSKeyA
SHIsLowMemoryMachine
AssocQueryStringA
PathCommonPrefixA
SHDeleteValueA
PathFileExistsA
PathQuoteSpacesA
PathGetDriveNumberA
ColorHLSToRGB
StrChrIA
PathAppendA
StrFormatByteSize64A
PathRemoveBlanksA
PathStripToRootA
PathIsFileSpecA
UrlCombineA
StrIsIntlEqualA

kernel32

DisconnectNamedPipe
GetPrivateProfileIntA
SetCommTimeouts
ReleaseSemaphore
GetFileAttributesExA
WaitForSingleObject
CancelIo
UnlockFileEx
GetProcessShutdownParameters
CreateDirectoryExA
Process32Next
SetConsoleCursorPosition
HeapCompact
FatalExit
PurgeComm
GetTempPathA
EnumCalendarInfoA
GlobalUnlock
EnumResourceLanguagesA
CopyFileA
GlobalGetAtomNameA
GetNamedPipeHandleStateA
QueryPerformanceCounter
ReadFileEx
AddAtomA
GetSystemTimeAdjustment
GetOverlappedResult
GetCPInfoExA
GetStdHandle
SetFileApisToOEM
FindFirstFileA
IsProcessorFeaturePresent
lstrcpyn
TerminateThread
DebugActiveProcess
SetTimeZoneInformation
GetFileTime
WriteConsoleOutputAttribute
_hread
ContinueDebugEvent
GetCommState
SetProcessAffinityMask
IsValidCodePage
IsBadHugeReadPtr
MoveFileA
WriteProfileStringA
WritePrivateProfileStringA
GetConsoleOutputCP
OpenEventA
GetProcessAffinityMask
BackupSeek
SetCommBreak
SetDefaultCommConfigA
SetConsoleOutputCP
EnumResourceTypesA
GetCommModemStatus
LocalFree
OpenProcess
InterlockedExchange
CreateNamedPipeA
GetModuleFileNameA

advapi32

OpenEventLogA

Sections

.uzqbi
Size: 638KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.irc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gjmx
Size: 19KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.apyx
Size: 512B - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qdsl
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.khsdo
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dcdav
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sti
Size: 48KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.leb
Size: 132KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

584e3e540b62485095ce651c4a4ae9a8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

3d:49:cd:33:c1:1e:6c:1b:ba:e2:97:1e:37:76:c7:0bCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

shlwapi

kernel32

advapi32

Sections

.uzqbi Size: 638KB - Virtual size: 1.3MB

.irc Size: 6KB - Virtual size: 8KB

.gjmx Size: 19KB - Virtual size: 27KB

.apyx Size: 512B - Virtual size: 21KB

.qdsl Size: 6KB - Virtual size: 15KB

.khsdo Size: 512B - Virtual size: 56B

.dcdav Size: 512B - Virtual size: 24B

.sti Size: 48KB - Virtual size: 77KB

.leb Size: 132KB - Virtual size: 1.7MB

.rsrc Size: 18KB - Virtual size: 20KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

3d:49:cd:33:c1:1e:6c:1b:ba:e2:97:1e:37:76:c7:0b
Certificate

.uzqbi
Size: 638KB - Virtual size: 1.3MB

.irc
Size: 6KB - Virtual size: 8KB

.gjmx
Size: 19KB - Virtual size: 27KB

.apyx
Size: 512B - Virtual size: 21KB

.qdsl
Size: 6KB - Virtual size: 15KB

.khsdo
Size: 512B - Virtual size: 56B

.dcdav
Size: 512B - Virtual size: 24B

.sti
Size: 48KB - Virtual size: 77KB

.leb
Size: 132KB - Virtual size: 1.7MB

.rsrc
Size: 18KB - Virtual size: 20KB