0dbf14e0cbeed29da5730fe7cead40c2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0dbf14e0cbeed29da5730fe7cead40c2_JaffaCakes118
Size

65KB
MD5

0dbf14e0cbeed29da5730fe7cead40c2
SHA1

e8bdb70c741363452f87ea8a3cc45b64cf08465b
SHA256

0e435f417c896390fb8a772006bc987cf47d5cfe7c0d95d1327936f122f02bed
SHA512

69533121783ab3fb0ba8234c07bee40aa1e2859cfb9f2868697e9b59b556f6e079a7cca559387cf8f66b5536ffc8419983d6f3464d981fa6e58f14be1c8ea3d4
SSDEEP

768:Az3Mfz6JrSM+h9ooJlZ6jtvhrJ+D+B2eLqSft8kjMiJ38KQCVzLWQbCR:1z65YrxZ67rJekjVaiJ38+VzaECR

Score

1^/10

Malware Config

Signatures

Files

0dbf14e0cbeed29da5730fe7cead40c2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b1c84e6836e0f576436b4de2b8b1dbec

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19/11/2009, 00:00

Not After

18/11/2012, 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9d:68:87:4d:ce:05:a7:f6:d3:67:1e:3e:d0:fa:ee:e2:21:55:df:7a
Signer

Actual PE Digest

9d:68:87:4d:ce:05:a7:f6:d3:67:1e:3e:d0:fa:ee:e2:21:55:df:7a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2614
ord861
ord924
ord858
ord939
ord2818
ord537
ord540
ord823
ord860
ord825
ord535
ord800

msvcrt

__RTDynamicCast
wcslen
_wtol
atoi
_mbsicmp
__p___argc
__p___argv
_strdup
isalnum
isspace
strtoul
memcmp
memset
_itoa
_strnicmp
free
malloc
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_mbscmp
sprintf
__CxxFrameHandler
_mbsnicmp
_mbsspn
_mbscspn
strlen
memcpy
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_mbsnbcpy
_acmdln
_stricmp

kernel32

GetTempPathA
lstrlenW
GetTempFileNameA
GetProcAddress
LoadLibraryA
lstrcpyA
CreateProcessA
GetEnvironmentVariableA
OutputDebugStringA
GetLastError
MultiByteToWideChar
lstrlenA
FreeLibrary
GetStartupInfoA
Sleep
GetModuleHandleA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
CopyFileA
WideCharToMultiByte

user32

CharNextA
TranslateMessage
DispatchMessageA
wsprintfA
IsWindow
PostMessageA
EndDialog
PostQuitMessage
DefWindowProcA
CreateWindowExA
ShowWindow
UpdateWindow
LoadCursorA
RegisterClassExA
GetMessageA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA

shell32

ShellExecuteA

ole32

CoTaskMemAlloc
CreateBindCtx
CoTaskMemFree
CoInitialize

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString

urlmon

RegisterBindStatusCallback
RevokeBindStatusCallback
CreateURLMoniker

msvcp60

??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ

wininet

InternetCrackUrlA

shlwapi

StrStrIW
PathFindExtensionA
PathFindFileNameA
PathAppendA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1c84e6836e0f576436b4de2b8b1dbec

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65Certificate

Extended Key Usages

Key Usages

9d:68:87:4d:ce:05:a7:f6:d3:67:1e:3e:d0:fa:ee:e2:21:55:df:7aSigner

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

urlmon

msvcp60

wininet

shlwapi

version

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 940B

.rsrc Size: 16KB - Virtual size: 14KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

9d:68:87:4d:ce:05:a7:f6:d3:67:1e:3e:d0:fa:ee:e2:21:55:df:7a
Signer

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 940B

.rsrc
Size: 16KB - Virtual size: 14KB