0d4ca8b71293b6f1b1553b3b146c24a3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d4ca8b71293b6f1b1553b3b146c24a3_JaffaCakes118
Size

1.2MB
MD5

0d4ca8b71293b6f1b1553b3b146c24a3
SHA1

5e588264b04a1cdc3f60e07e94ef2f510356f2b4
SHA256

9c9fc0af0fde74807e24f1ae184b2579bf1103b84761be2a9bf34201110fbddb
SHA512

a45ab92289231c965948e59a143bcb7d1d758980ace1098cfac7434c87fa68ca16256b87ee9d0a42f3b4cd1c43dc0e95a444854cf4b78fdb57edf141edf7960c
SSDEEP

24576:BH8r7gacALcRj1PcIoI9JjIm3UMAt1D1EQoVsx5dHTUxX:BHC8d9c7gjlzAtd1EQmsxDkX

Score

1^/10

Malware Config

Signatures

Files

0d4ca8b71293b6f1b1553b3b146c24a3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e9372cd113950c6afabc500173de9693

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:3b:f2:b5:2d:a9:ea:7f:1b:53:9a:7f:01:8f:4e:c6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/01/2011, 00:00

Not After

04/02/2014, 23:59

Subject

CN=SweetIM Technologies Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SweetIM Technologies Ltd,L=Ra'anana,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ea:90:dd:72:c1:df:cf:0d:f3:69:db:d9:af:e5:b4:da:a7:56:c0:c0
Signer

Actual PE Digest

ea:90:dd:72:c1:df:cf:0d:f3:69:db:d9:af:e5:b4:da:a7:56:c0:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\imvent\Develop\client\vc\SearchHelperApp\DisableProtectorsTool\output\release\SimBoInitiatorApp.pdb

Imports

kernel32

GetModuleFileNameW
DeleteFileW
MoveFileW
GetTempPathW
GetLocalTime
GetCurrentProcessId
GetFileAttributesW
CloseHandle
CreateFileW
GetLastError
WriteFile
ReadFile
GetTickCount
GetEnvironmentVariableW
SizeofResource
LoadResource
FindResourceW
FreeResource
LockResource
lstrlenW
HeapAlloc
GetProcessHeap
GetCurrentProcess
HeapFree
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateMutexW
WaitForSingleObject
ReleaseMutex
MultiByteToWideChar
WideCharToMultiByte
GetVersionExW
GetProcAddress
RtlUnwind
RaiseException
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
Sleep
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetModuleHandleA
LCMapStringA
VirtualAlloc
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
SetEndOfFile

user32

GetMessageW
TranslateMessage
DispatchMessageW
wsprintfW
GetSystemMetrics
LoadImageW
LoadCursorW
RegisterClassExW
CreateWindowExW
DefWindowProcW
DestroyWindow
PostQuitMessage
TranslateAcceleratorW

shell32

SHGetFolderPathW
Shell_NotifyIconW
ShellExecuteW
ord165

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathStripPathW

advapi32

RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegSetValueExW

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9372cd113950c6afabc500173de9693

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

5e:3b:f2:b5:2d:a9:ea:7f:1b:53:9a:7f:01:8f:4e:c6Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

ea:90:dd:72:c1:df:cf:0d:f3:69:db:d9:af:e5:b4:da:a7:56:c0:c0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

shlwapi

advapi32

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

5e:3b:f2:b5:2d:a9:ea:7f:1b:53:9a:7f:01:8f:4e:c6
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ea:90:dd:72:c1:df:cf:0d:f3:69:db:d9:af:e5:b4:da:a7:56:c0:c0
Signer

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB