0828ec6759c14555b9e7eec98a883a11_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0828ec6759c14555b9e7eec98a883a11_JaffaCakes118
Size

210KB
MD5

0828ec6759c14555b9e7eec98a883a11
SHA1

2f975aa947799ada48e9e786ed4ab751e6496c9b
SHA256

938c9f529944bdbf3c55e9bf5b6bcf12dcdb2fff566027a63860c5e2fbfc839d
SHA512

b95eacf84645acdb65a4f6995c1be74caff6a3590b4e6846b9670b7197f1ac14ed35688a9933b224400d5b9cdcc2ea9d53e24871ef3f6c89fc138d2cc47ddf84
SSDEEP

6144:VcvEFHvQs+gla9hoqBKGSF2TmkTdpytRI:B0Hh5BKRFylTdcRI

Score

1^/10

Malware Config

Signatures

Files

0828ec6759c14555b9e7eec98a883a11_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2cd3a8fd0cdc47e96b53bc2a58d18ef0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:be:8f:83:f4:45:50:21:f4:e2:4f:b0:21:fc:a2:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

08/03/2010, 00:00

Not After

08/03/2011, 23:59

Subject

CN=Kaspersky Lab,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technical dept,O=Kaspersky Lab,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:83:10:56:88:d3:4b:04:70:14:bb:8b:cd:16:35:2e:35:4c:34:3e
Signer

Actual PE Digest

78:83:10:56:88:d3:4b:04:70:14:bb:8b:cd:16:35:2e:35:4c:34:3e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetHandleInformation
CreateMailslotA
QueryPerformanceCounter
GetShortPathNameW
CreateMutexW
AddAtomA
GlobalAlloc
MultiByteToWideChar
GetModuleHandleA
GetTempPathW
CreateDirectoryW
LoadResource
ReplaceFileA
GetFileTime
EnumTimeFormatsW
EnumDateFormatsW
MoveFileA
OpenMutexA
GetWindowsDirectoryW
EnumTimeFormatsA
GetCurrentProcessId
SearchPathW
IsValidLocale
GetLocalTime
CopyFileA
GetProcessHeap
GetProcAddress
QueryPerformanceFrequency
BeginUpdateResourceW
FreeResource
GetCalendarInfoA
InitializeCriticalSection
CreateFileA
FatalAppExitA
DosDateTimeToFileTime
OpenEventW
GetEnvironmentStringsA
GetOEMCP
Beep
IsValidCodePage
SetCurrentDirectoryW
WaitForMultipleObjects
GetCalendarInfoW
GetCurrentProcess
GetSystemDirectoryA
lstrcpynA
CreateThread
OpenWaitableTimerW

user32

GetCapture
SetWindowRgn
OffsetRect
GetClassNameA
GetClassNameW
FillRect
FlashWindow
LoadMenuA
EndDialog
RegisterWindowMessageA
CopyImage
SetActiveWindow
GetSysColorBrush
SetDlgItemTextA
CreateDesktopA
GetMenuStringA
GetClassInfoW
GetWindowLongW
GetDC
FrameRect
wsprintfA
AdjustWindowRect

gdi32

GetTextCharacterExtra
PtInRegion
SetICMMode
GetTextExtentPointI
CombineRgn
SetLayout
GetDeviceCaps
CloseEnhMetaFile
GetPath
StartPage
GetROP2
CreateFontIndirectExA
SetTextCharacterExtra
SelectClipRgn

advapi32

RegCreateKeyW
RegDeleteValueW
RegCreateKeyExW
RegQueryValueW
RegDeleteKeyW
RegEnumValueW
RegQueryInfoKeyW

wininet

InternetInitializeAutoProxyDll
InternetGetCookieExW
FindNextUrlCacheContainerA
GopherGetAttributeW
FtpPutFileA
InternetSetOptionExA
InternetAutodial
FindFirstUrlCacheEntryA
CreateUrlCacheGroup
InternetWriteFileExA
FtpFindFirstFileA
RetrieveUrlCacheEntryFileA
InternetConfirmZoneCrossingA
InternetSetPerSiteCookieDecisionW
DeleteUrlCacheContainerW
InternetConfirmZoneCrossing
HttpEndRequestA

sqlunirl

_RegisterEventSource_@8
_SetWindowsHookEx_@16
_CreateWindowEx@48
_EnumWindowStations_@8
_SetWindowsHook_@8
_QueryServiceConfig_@16
__lwrite_@12
_GetCharWidthFloat_@16
_ShellAbout_@16
_ObjectOpenAuditAlarm_@48
_OpenDesktop_@16
_CreateEvent_@16
_ExtractIconEx_@20
_OpenFile_@12
_wvsprintf_@12
_CharToOem_@8
_lstrcat_@8
_CreateWindowStation_@16
_GetPrivateProfileSectionNames_@12
_GetWindowLong@8
_GetICMProfile_@12

wsock32

WSAAsyncGetHostByName
gethostbyaddr
ntohl
getsockname
getnetbyname
select

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.otXK
Size: 1KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.N
Size: 4KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hu
Size: 1KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Yz
Size: 1024B - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.F
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Y
Size: 2KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cd3a8fd0cdc47e96b53bc2a58d18ef0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

07:be:8f:83:f4:45:50:21:f4:e2:4f:b0:21:fc:a2:4aCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

78:83:10:56:88:d3:4b:04:70:14:bb:8b:cd:16:35:2e:35:4c:34:3eSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

wininet

sqlunirl

wsock32

Sections

.text Size: 12KB - Virtual size: 12KB

.otXK Size: 1KB - Virtual size: 38KB

.N Size: 4KB - Virtual size: 38KB

.hu Size: 1KB - Virtual size: 48KB

.Yz Size: 1024B - Virtual size: 18KB

.data Size: 13KB - Virtual size: 13KB

.F Size: 1024B - Virtual size: 6KB

.Y Size: 2KB - Virtual size: 227KB

.rsrc Size: 164KB - Virtual size: 163KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

07:be:8f:83:f4:45:50:21:f4:e2:4f:b0:21:fc:a2:4a
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

78:83:10:56:88:d3:4b:04:70:14:bb:8b:cd:16:35:2e:35:4c:34:3e
Signer

.text
Size: 12KB - Virtual size: 12KB

.otXK
Size: 1KB - Virtual size: 38KB

.N
Size: 4KB - Virtual size: 38KB

.hu
Size: 1KB - Virtual size: 48KB

.Yz
Size: 1024B - Virtual size: 18KB

.data
Size: 13KB - Virtual size: 13KB

.F
Size: 1024B - Virtual size: 6KB

.Y
Size: 2KB - Virtual size: 227KB

.rsrc
Size: 164KB - Virtual size: 163KB