0df6975b5ffc6d7503e01b4d694f3ae2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0df6975b5ffc6d7503e01b4d694f3ae2_JaffaCakes118
Size

48KB
MD5

0df6975b5ffc6d7503e01b4d694f3ae2
SHA1

d0bbb64f02e42cfc8d65d0fcf288703d19a26487
SHA256

fad1c7929a33479295b5b16a036a5e3a3cf12c8b661427b11ba199a79316a5ea
SHA512

4880db01d0da830c2e88b188d9513bb7ccfa0704d0a27888d8f041a83c4fcd5de36f66133e683ab9aa825f6319267798b13f6251ab8e2937e2a2d6f576febdb1
SSDEEP

768:8+6r6eTwYo9TSq4s0tvbO5OKb7Ui1iL7ta+IQL+:N6Jq4ttvbO5TQWiHta+IQi

Score

1^/10

Malware Config

Signatures

Files

0df6975b5ffc6d7503e01b4d694f3ae2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7482e858ee9471a2fcb00c1c59b51704

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0c:22:d8:97:c8:20:00:1a:2c:4c:01:d3:ae:bb:98:e8
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

02/09/2009, 00:00

Not After

27/09/2011, 23:59

Subject

CN=TMRG\, Inc.,OU=SECURE APPLICATION DEVELOPMENT,O=TMRG\, Inc.,L=Reston,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Src\Client\OSSService\SmallStandalone\OSSService.pdb

Imports

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

GetCurrentProcess
WTSGetActiveConsoleSessionId
Sleep
OpenEventW
OpenProcess
InterlockedDecrement
WaitForSingleObject
HeapFree
GetProcessHeap
InterlockedIncrement
HeapAlloc
lstrlenA
CreateEventW
lstrcmpiW
GetCommandLineW
InitializeCriticalSection
DeleteCriticalSection
FindClose
FindNextFileW
FindFirstFileW
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
HeapReAlloc
SetEvent
WaitForMultipleObjects
FormatMessageW
LocalAlloc
GetLocalTime
CreateFileW
SetFilePointer
WriteFile
CloseHandle
GetLastError
GetModuleFileNameW
lstrcatW
LocalFree
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
lstrlenW
MultiByteToWideChar
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
HeapSize
InterlockedExchange
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
ExitProcess
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
HeapDestroy

user32

MessageBoxW
wsprintfW

advapi32

SetSecurityDescriptorGroup
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetFileSecurityW
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
GetLengthSid
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
DuplicateTokenEx
OpenProcessToken
SetTokenInformation
CreateProcessAsUserW
SetServiceStatus
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
ControlService
DeleteService
CreateServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle

shell32

CommandLineToArgvW

ole32

StringFromGUID2

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString
SysAllocStringLen
SysStringLen

msvcp71

?_Nomemory@std@@YAXXZ

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSQueryUserToken

msvcr71

_adjust_fdiv
__setusermatherr
__p__commode
__p__fmode
wcsrchr
_initterm
_controlfp
?terminate@@YAXXZ
__security_error_handler
_CxxThrowException
_snwprintf
_vsnwprintf
wcslen
free
malloc
memmove
_vscwprintf
vswprintf
??3@YAXPAX@Z
__CxxFrameHandler
realloc
_beginthreadex
wcscat
__p___argc
wcsspn
wcscspn
__wgetmainargs
_except_handler3
??_V@YAXPAX@Z
memset
_callnewh
??1type_info@@UAE@XZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
__p___winitenv
_amsg_exit
__set_app_type

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7482e858ee9471a2fcb00c1c59b51704

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

0c:22:d8:97:c8:20:00:1a:2c:4c:01:d3:ae:bb:98:e8Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

userenv

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp71

wtsapi32

msvcr71

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

0c:22:d8:97:c8:20:00:1a:2c:4c:01:d3:ae:bb:98:e8
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB