0394186c7c72386cbdb20492e62c6500_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0394186c7c72386cbdb20492e62c6500_JaffaCakes118
Size

702KB
MD5

0394186c7c72386cbdb20492e62c6500
SHA1

6bfa90ecbc280224c3fb49e90e04b1d4b055fe27
SHA256

9a64117f2e2c9485cd3ed8ecb656b2f6953dad5da3120c72a75b6f47e0ed9582
SHA512

e36519d8984e8b5e4699fee127582853e9ab11e0d169421f64cfcc9945569892246255afc78ef1431eb1498f0be79542ae96dbad9c6dad63afffcd11cde69117
SSDEEP

12288:GDQAF1KvlY3wFUHrjLGawM29tyDnJYJpYxTCCzOdFZ7miHGj8/SGl:GDQg1Kv6KUj8GnJKMCDv5miHjSI

Score

1^/10

Malware Config

Signatures

Files

0394186c7c72386cbdb20492e62c6500_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5427293c74c74d5a30c21c5ab2e8d337

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:6a:01:88:d4:02:94:10:b5:c3:67:10:49:11:42:84
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28-08-2006 00:00

Not After

28-08-2007 23:59

Subject

CN=SEIKO EPSON Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Service & Support Department,O=SEIKO EPSON Corporation,L=Suwa-shi,ST=Nagano,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5c:9e:41:49:b7:7e:0b:d7:6d:90:8f:57:bd:d8:f5:31:c4:09:a3:7d
Signer

Actual PE Digest

5c:9e:41:49:b7:7e:0b:d7:6d:90:8f:57:bd:d8:f5:31:c4:09:a3:7d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
lstrcpyA
lstrcatA
GetProcAddress
LoadLibraryA
LocalAlloc
LocalFree
CloseHandle
SetFilePointer
SetEndOfFile
CreateFileA
ReadFile
WriteFile
lstrcmpiA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
lstrlenA
GlobalFree
GlobalAlloc
GetCurrentProcess
GetLastError
GetCurrentThread
GetSystemDirectoryA
GetTempPathA
GetVersionExA
LockResource
SizeofResource
LoadResource
FindResourceA
FindClose
CopyFileA
FindFirstFileA
GetModuleFileNameA
DeleteFileA
SetFileAttributesA
GetFileAttributesA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
MoveFileA
FreeLibrary
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 612KB - Virtual size: 609KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5427293c74c74d5a30c21c5ab2e8d337

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

74:6a:01:88:d4:02:94:10:b5:c3:67:10:49:11:42:84Certificate

Extended Key Usages

Key Usages

5c:9e:41:49:b7:7e:0b:d7:6d:90:8f:57:bd:d8:f5:31:c4:09:a3:7dSigner

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 56KB - Virtual size: 54KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 20KB - Virtual size: 28KB

.rsrc Size: 612KB - Virtual size: 609KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

74:6a:01:88:d4:02:94:10:b5:c3:67:10:49:11:42:84
Certificate

5c:9e:41:49:b7:7e:0b:d7:6d:90:8f:57:bd:d8:f5:31:c4:09:a3:7d
Signer

.text
Size: 56KB - Virtual size: 54KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 20KB - Virtual size: 28KB

.rsrc
Size: 612KB - Virtual size: 609KB