0ed98f6eb5993def617902686da626ac_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0ed98f6eb5993def617902686da626ac_JaffaCakes118
Size

221KB
MD5

0ed98f6eb5993def617902686da626ac
SHA1

7f6606a087aede9c80a0a63dd25a889cd0629248
SHA256

51162c0645da96d98f7013ae1b0426f0d034b35d9340365613dfb6fd81cf3ce9
SHA512

2f03b3496cf1ce5be81d3b8ce2d76c5a8426af75a95f3a5507d8478fea060af72e2cedabd17833c12bf824859d877ab840e712c5766737c5410011dd081cda82
SSDEEP

3072:8uWlA4RC/ZHn4xH6qpSJIQ+DE57k69gRhkU2NVImvtko/5:clXqoSJIQuE5k69W2dx

Score

1^/10

Malware Config

Signatures

Files

0ed98f6eb5993def617902686da626ac_JaffaCakes118
.exe windows:4 windows x86 arch:x86

971d65062f10e0e1c2c44f34d302d3d6

Code Sign

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

03-12-2001 00:00

Not After

02-12-2011 23:59

Subject

CN=VeriSign Class 3 Code Signing 2001 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

64:ea:b7:46:54:f0:02:41:1a:83:cf:8c:8e:6f:3a:e3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2001 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Not Before

11-06-2004 00:00

Not After

03-07-2005 23:59

Subject

CN=Sun Microsystems\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Sun Microsystems,O=Sun Microsystems\, Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

urlmon

IsValidURL
URLDownloadToFileA

comctl32

ord17

wintrust

WinVerifyTrust

wininet

InternetOpenA
InternetConnectA
InternetErrorDlg
InternetCloseHandle
InternetReadFile
InternetTimeToSystemTime
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
InternetTimeFromSystemTime
HttpOpenRequestA
InternetCrackUrlA

gdi32

GetDeviceCaps
DeleteObject
DeleteDC
GetStockObject
GetObjectA
CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt

version

VerQueryValueA
GetFileVersionInfoA

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

kernel32

GetStartupInfoA
GetModuleHandleA
CreateProcessA
Sleep
GetLastError
InterlockedIncrement
GetVersionExA
GetThreadLocale
GetExitCodeProcess
GlobalLock
GlobalUnlock
lstrlenW
GlobalAlloc
FindResourceA
LoadResource
LockResource
GlobalHandle
GlobalFree
FreeResource
GetCurrentThreadId
HeapDestroy
GetCurrentProcess
FlushInstructionCache
InterlockedDecrement
CreateEventA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
CreateThread
SetEvent
lstrlenA
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
lstrcpyA
lstrcatA
GetTempPathA
WriteFile
SetEndOfFile
SetFilePointer
CompareFileTime
SystemTimeToFileTime
GetCommandLineA
GetDiskFreeSpaceExA
FileTimeToSystemTime
GetFileTime
GetFileSize
CreateFileA
lstrcmpA
GetShortPathNameA
lstrcpynA
FindClose
FindFirstFileA
GetDiskFreeSpaceA
GetEnvironmentVariableA
lstrcmpiA
GetUserDefaultLangID
GetSystemDirectoryA
DeleteFileA
GetWindowsDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
CreateDirectoryA
MultiByteToWideChar

user32

GetWindowRect
GetSysColor
GetClientRect
IsChild
GetFocus
ReleaseDC
GetDC
SystemParametersInfoA
SetFocus
DialogBoxParamA
FillRect
BeginPaint
IsWindow
RedrawWindow
GetClassNameA
GetDesktopWindow
CreateAcceleratorTableA
ReleaseCapture
SetCapture
InvalidateRect
InvalidateRgn
DestroyWindow
CreateWindowExA
SetWindowPos
GetParent
MapWindowPoints
GetWindowLongA
GetWindowTextLengthA
GetWindowTextA
GetWindow
DefWindowProcA
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA
DialogBoxIndirectParamA
GetActiveWindow
CharNextA
SetWindowLongA
MessageBoxA
wsprintfA
ShowWindow
LoadStringA
PostMessageA
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageA
EnableWindow
KillTimer
EndDialog
GetDlgItem
SendMessageA
CallWindowProcA
EndPaint
SetTimer
SetWindowTextA

olepro32

ord253

ole32

CoInitialize
CoCreateInstance
CoTaskMemAlloc
StringFromCLSID
CoUninitialize
OleLockRunning
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree

oleaut32

SysAllocStringLen
VariantClear
LoadRegTypeLi
SysFreeString
SysStringLen
SysAllocString

msvcrt

iswspace
?terminate@@YAXXZ
_exit
_stricmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_XcptFilter
strrchr
exit
_acmdln
__getmainargs
fopen
fread
malloc
isspace
fclose
strstr
strncmp
_ftol
_except_handler3
time
difftime
sprintf
??3@YAXPAX@Z
__CxxFrameHandler
_strdup
_EH_prolog
_purecall
strncpy
free
_splitpath
_local_unwind2
_mbsnbcpy
__p___argc
__p___argv
??2@YAPAXI@Z

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

971d65062f10e0e1c2c44f34d302d3d6

Code Sign

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

64:ea:b7:46:54:f0:02:41:1a:83:cf:8c:8e:6f:3a:e3Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

advapi32

urlmon

comctl32

wintrust

wininet

gdi32

version

shell32

kernel32

user32

olepro32

ole32

oleaut32

msvcrt

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 156KB - Virtual size: 152KB

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

64:ea:b7:46:54:f0:02:41:1a:83:cf:8c:8e:6f:3a:e3
Certificate

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 156KB - Virtual size: 152KB