03fb551ae17c2c5a16f9578eeddac0e3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

03fb551ae17c2c5a16f9578eeddac0e3_JaffaCakes118
Size

160KB
MD5

03fb551ae17c2c5a16f9578eeddac0e3
SHA1

ced56dd2347597f9fe5c49f1218a1fd006e7831f
SHA256

d71c4829f5783b12cd75138dc494f15aade2e330eac16826e72b586fd04b1eec
SHA512

ba98ca46a4414bf75b4cb8145d7f50b218ba73210a06a68ee976354343ce500f97997f25f4f24e010a86878cf976efb7078391a439e79a1988eec9a3a290f1d5
SSDEEP

3072:phWxfjTzYE9a6bDSHe2doqV0/F5gjYVo7D2dS11lbzfiOwW1p:pmk96bDMe2mqVzNudSNbzak

Score

1^/10

Malware Config

Signatures

Files

03fb551ae17c2c5a16f9578eeddac0e3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1a1e9d82bb96c46b606e43aac90aa7cd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:92:ae:b3:83:26:5c:7c:64:53:bd:92:a0:40:a0:20
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15-02-2009 00:00

Not After

15-02-2010 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tencent,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

74:1c:d8:c8:7a:36:17:c6:17:10:9b:03:91:39:98:a0:62:88:30:d3
Signer

Actual PE Digest

74:1c:d8:c8:7a:36:17:c6:17:10:9b:03:91:39:98:a0:62:88:30:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Module32Next
Module32First
CreateToolhelp32Snapshot
TerminateProcess
WaitForSingleObject
OpenProcess
Process32Next
CloseHandle
SetUnhandledExceptionFilter
GetPrivateProfileIntA
GetModuleHandleA
OutputDebugStringA
GetPrivateProfileStringA
GetModuleFileNameA
FreeLibrary
LoadLibraryA
Process32First
GetProcAddress
GetStartupInfoA

msvcrt

_onexit
rename
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__dllonexit
__p__fmode
__set_app_type
_except_handler3
_controlfp
_makepath
_splitpath
strcat
_mbsicmp
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
_mbsrchr
_mbsnbcpy
_snprintf
_mbschr
strlen
strcpy
__p__commode
_vsnprintf
_exit

ole32

CoUninitialize
CoInitialize

msvcp60

??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADPAD@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z

gdiplus

GdiplusShutdown
GdiplusStartup

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a1e9d82bb96c46b606e43aac90aa7cd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

7b:92:ae:b3:83:26:5c:7c:64:53:bd:92:a0:40:a0:20Certificate

Extended Key Usages

Key Usages

74:1c:d8:c8:7a:36:17:c6:17:10:9b:03:91:39:98:a0:62:88:30:d3Signer

Headers

File Characteristics

Imports

kernel32

msvcrt

ole32

msvcp60

gdiplus

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 145KB - Virtual size: 144KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

7b:92:ae:b3:83:26:5c:7c:64:53:bd:92:a0:40:a0:20
Certificate

74:1c:d8:c8:7a:36:17:c6:17:10:9b:03:91:39:98:a0:62:88:30:d3
Signer

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 145KB - Virtual size: 144KB