1709cf8ec74dd601aa60d3132577435d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1709cf8ec74dd601aa60d3132577435d_JaffaCakes118
Size

122KB
MD5

1709cf8ec74dd601aa60d3132577435d
SHA1

895811bf3fe287d3cf48c58461baf5bf284660f6
SHA256

23dd32cf4f189e30646f5487a87968348fb8a6c70feb2ca4ffcb3a0fe795de1a
SHA512

33e0deb67aedd115ba8c7fd9808bbec80c03d3d16f5cba94fd1dee43816fd7137b0102359d7190aab2264b2f0d4bde743772228089ff162e9d26a6beecfefce6
SSDEEP

3072:asI7iqBwrKHFI5FyE68YQk76Tsrq2gumZqz1WF5:asI7DAFyE67Q+0bumZsk5

Score

1^/10

Malware Config

Signatures

Files

1709cf8ec74dd601aa60d3132577435d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8f1ee3afbd2b99fdb4331fcded6577d8

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/05/2002, 00:55

Not After

25/11/2003, 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ac:12:c9:1e:d7:eb:43:0c:43:c5:a9:80:09:d1:a9:cd:f7:db:6a:29
Signer

Actual PE Digest

ac:12:c9:1e:d7:eb:43:0c:43:c5:a9:80:09:d1:a9:cd:f7:db:6a:29

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mstore.pdb

Imports

msvcrt

_except_handler3
memset
_vsnwprintf
wcscmp
_controlfp
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
swscanf
_CxxThrowException
realloc
malloc
free
_wtoi
_wcsnicmp
wcslen
__CxxFrameHandler
_mbsrchr

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust

crypt32

CryptHashPublicKeyInfo

kernel32

GetStartupInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
LocalAlloc
UnhandledExceptionFilter
TerminateProcess
FormatMessageA
LocalFree
GetSystemDirectoryW
LoadLibraryExW
SetUnhandledExceptionFilter
GetCommandLineW
VirtualAlloc
ExitProcess
GetTickCount
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetCurrentProcess
QueryPerformanceCounter
CloseHandle
WaitForSingleObject
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
SetEvent
CreateThread
CreateEventA
GetLastError
GetCurrentThreadId
AddAtomA
SetErrorMode
FreeLibrary
Sleep
InterlockedIncrement
lstrlenW
GetModuleHandleA
MultiByteToWideChar
lstrlenA
GetModuleFileNameA
WideCharToMultiByte
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
LoadLibraryA

user32

GetFocus
SetFocus
SetWindowLongA
GetWindowLongA
MessageBeep
DestroyWindow
GetClientRect
MoveWindow
DestroyIcon
GetSystemMetrics
GetAsyncKeyState
GetParent
SetCursor
GetClassNameA
EnableWindow
SystemParametersInfoA
KillTimer
PostQuitMessage
IsIconic
GetWindowRect
OffsetRect
GetWindowPlacement
SetWindowPos
DispatchMessageA
GetMessageA
GetCursorPos
EndPaint
FillRect
BeginPaint
IsWindow
GetActiveWindow
MessageBoxW
MessageBoxA
SetRect
CharNextA
LoadIconA
LoadCursorA
ShowWindow
UpdateWindow
LoadAcceleratorsA
PeekMessageA
WaitMessage
TranslateAcceleratorA
TranslateMessage
SetTimer
SendMessageA
GetMessageW
PostThreadMessageA
RegisterWindowMessageA

advapi32

RegQueryInfoKeyA
RegOpenKeyExW
RegQueryValueExW
RegSetValueExA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA

ole32

OleGetClipboard
CoRegisterMessageFilter
OleUninitialize
OleFlushClipboard
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoRegisterClassObject
CoRevokeClassObject
OleSetClipboard
RegisterDragDrop
RevokeDragDrop
CoTaskMemRealloc
StringFromGUID2

oleaut32

SafeArrayDestroy
VariantClear
SysFreeString
SysAllocStringLen
SysAllocString
SysStringLen
VarUI4FromStr

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8f1ee3afbd2b99fdb4331fcded6577d8

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:07:11:43:00:00:00:00:00:34Certificate

Extended Key Usages

Key Usages

ac:12:c9:1e:d7:eb:43:0c:43:c5:a9:80:09:d1:a9:cd:f7:db:6a:29Signer

Headers

File Characteristics

PDB Paths

Imports

msvcrt

wintrust

crypt32

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 98KB - Virtual size: 97KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 12KB - Virtual size: 88KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:07:11:43:00:00:00:00:00:34
Certificate

ac:12:c9:1e:d7:eb:43:0c:43:c5:a9:80:09:d1:a9:cd:f7:db:6a:29
Signer

.text
Size: 98KB - Virtual size: 97KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 12KB - Virtual size: 88KB