17f36462e896f4db4f16ad2ad0ede2bb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17f36462e896f4db4f16ad2ad0ede2bb_JaffaCakes118
Size

181KB
MD5

17f36462e896f4db4f16ad2ad0ede2bb
SHA1

e7854fc8f3b44768d8a260521ad1105fbed8e28e
SHA256

39e6b19a01e7d0157ec769367401829eb61759cf7970324896724bd0b6a300d1
SHA512

a9cd36ac75004d5f32d2c6418c26deb4dd62d0256f26816542e3adbdbfa0cd6fa7a9b08c07d3a6644f1b4b5d38e6488b25c3b09e3c0a83df4c7b091c8b48767f
SSDEEP

1536:Fk46MrJbXtJmkKucBkRtJW1s6lWdQ4brWZ40ns9XvYdCv96L/hpzTp3CXmg4qKtQ:VJtC1glVrWZ40nxTIT4NtjkBPx

Score

1^/10

Malware Config

Signatures

Files

17f36462e896f4db4f16ad2ad0ede2bb_JaffaCakes118
.exe windows:6 windows x86 arch:x86

e51ae290fb4bb09d3fb9be4d82b56291

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:c9:02:d0:26:e3:12:44:c1:25:99:67:71:c9:dc:01
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/01/2008, 00:00

Not After

22/02/2011, 23:59

Subject

CN=TeamViewer GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer GmbH,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

31:2f:f9:76:56:81:f3:eb:4c:bc:10:3a:76:84:b5:cc:53:2b:cd:44
Signer

Actual PE Digest

31:2f:f9:76:56:81:f3:eb:4c:bc:10:3a:76:84:b5:cc:53:2b:cd:44

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

crypt32

CertFreeCertificateContext
CryptVerifyMessageSignature
CertGetNameStringA

imagehlp

ImageEnumerateCertificates
ImageGetCertificateHeader
ImageGetCertificateData

wintrust

WinVerifyTrust

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

kernel32

WritePrivateProfileStringA
FreeLibrary
GetExitCodeProcess
ProcessIdToSessionId
DisconnectNamedPipe
GetModuleFileNameA
WaitForSingleObject
DeleteFileA
SetEvent
FindFirstFileA
CreateEventA
GetConsoleCP
SetFilePointer
IsValidLocale
SetCurrentDirectoryA
MultiByteToWideChar
CreateFileA
SetLastError
GetPrivateProfileIntA
LocalAlloc
LocalFree
GetVersionExA
LoadLibraryA
GetProcAddress
GetCurrentProcessId
OpenProcess
GetLastError
CloseHandle
TerminateProcess
Sleep
GetConsoleMode
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetPrivateProfileStringA
CreateProcessA
CreateNamedPipeA
GetCurrentProcess
ReadFile
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapFree
HeapAlloc
RtlUnwind
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetProcessHeap
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
LCMapStringA
WideCharToMultiByte
LCMapStringW
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSection
InterlockedExchange
GetStringTypeA
GetStringTypeW

user32

MessageBoxA
ExitWindowsEx

advapi32

RegDeleteKeyA
StartServiceCtrlDispatcherA
SetServiceStatus
CreateServiceA
CreateProcessAsUserA
DuplicateToken
ImpersonateLoggedOnUser
RevertToSelf
RegCreateKeyA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA
DuplicateTokenEx
SetTokenInformation
RegOpenKeyExA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
DeleteService
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

ShellExecuteExA
ShellExecuteA

Sections

.text
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e51ae290fb4bb09d3fb9be4d82b56291

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

25:c9:02:d0:26:e3:12:44:c1:25:99:67:71:c9:dc:01Certificate

Extended Key Usages

Key Usages

31:2f:f9:76:56:81:f3:eb:4c:bc:10:3a:76:84:b5:cc:53:2b:cd:44Signer

Headers

File Characteristics

Imports

userenv

crypt32

imagehlp

wintrust

wtsapi32

kernel32

user32

advapi32

shell32

Sections

.text Size: 132KB - Virtual size: 128KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 3KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

25:c9:02:d0:26:e3:12:44:c1:25:99:67:71:c9:dc:01
Certificate

31:2f:f9:76:56:81:f3:eb:4c:bc:10:3a:76:84:b5:cc:53:2b:cd:44
Signer

.text
Size: 132KB - Virtual size: 128KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 3KB