0ae61e7f2dd01e6293b9df2e2787caca_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0ae61e7f2dd01e6293b9df2e2787caca_JaffaCakes118
Size

47KB
MD5

0ae61e7f2dd01e6293b9df2e2787caca
SHA1

b3dbcc74d6b53dd85724b0311295935b28e77a3e
SHA256

1a4a64f01b101c16e8b5928b52231211e744e695f125e056ef7a9412da04bb91
SHA512

4782b984e16ec0e0e924ff4de073eddf3f862bc33c4fa1f57861c0280cab42f5526ac52f116a1426c1e200bd6359fbd01bf58956b13d10ee943c641f5700af6c
SSDEEP

768:SN8mdv/unoIILuWPLr96gLZmjzYnP7RhRvxKq2Y1rqI:Sz1uwbz4iKEFXvxKqHs

Score

1^/10

Malware Config

Signatures

Files

0ae61e7f2dd01e6293b9df2e2787caca_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cc33b1500354cf785409a3b428f7cd2a

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:8b:9a:1b:a5:e6:0c:75:4d:bb:40:dd:ee:79:05:e2
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

28/02/2012, 00:00

Not After

27/02/2013, 23:59

Subject

CN=NOX Entertainment Co.\, Ltd,OU=Service Team,O=NOX Entertainment Co.\, Ltd,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreatePipe
TerminateProcess
CloseHandle
GetSystemDirectoryA
GetModuleFileNameA
MoveFileExA
MoveFileA
DeleteFileA
GetTempFileNameA
GetTempPathA
SetEndOfFile
GetProcAddress
LoadLibraryA
CreateProcessA
SetFilePointer
LocalFree
GetFileSize
LocalAlloc
CreateFileA
lstrcpynA
GetCurrentProcess
GetModuleHandleA
WaitForSingleObject
GetCurrentThreadId
CreateThread
GetStartupInfoA
PeekNamedPipe
Sleep
ReadFile
lstrcpyA
WriteFile

user32

GetInputState
PostThreadMessageA
GetMessageA

advapi32

RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegCloseKey

msvcrt

_controlfp
sprintf
strstr
atoi
strncpy
_except_handler3
printf
_beginthreadex
_endthreadex
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_stricmp

ws2_32

connect
WSAIoctl
setsockopt
htons
WSASocketA
WSAStartup
gethostbyname
getpeername
recv
closesocket
shutdown
WSACleanup
inet_addr
socket
__WSAFDIsSet
select
inet_ntoa
send

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cc33b1500354cf785409a3b428f7cd2a

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

4f:8b:9a:1b:a5:e6:0c:75:4d:bb:40:dd:ee:79:05:e2Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

ws2_32

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 440B

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

4f:8b:9a:1b:a5:e6:0c:75:4d:bb:40:dd:ee:79:05:e2
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 440B