1c9808cea99c8ffc283e3ec316ab6ba6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1c9808cea99c8ffc283e3ec316ab6ba6_JaffaCakes118
Size

230KB
MD5

1c9808cea99c8ffc283e3ec316ab6ba6
SHA1

354f5d504de894a462a80d9aec316891dd1b2ab3
SHA256

489764b5bba4cb36d06d46eab34bbc2c2b3c8a452b48a23b478ee87e82f71624
SHA512

54bdc61f9363f712a25fa0f96a9665eba338d36769d13a1e6f7988929a8653effa535deb8ba34ab9a8a47605f1853dcaf9ec1fd964a80bbe275ce55f0eeff587
SSDEEP

3072:qIMa5VPdnLAWeBIg5Si2mVvu3TRENKWH3xPALAiyEv7p5qyt/s7niwK/f+JuKtkk:3DAWw5NV4EBXWAIT/nw08xTm3E

Score

1^/10

Malware Config

Signatures

Files

1c9808cea99c8ffc283e3ec316ab6ba6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

534f6f46b9ce5161143aa5f7bb8313fe

Code Sign

61:08:77:5f:00:00:00:00:00:4a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/07/2010, 22:53

Not After

19/10/2011, 22:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:03:dc:f6:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:12

Not After

25/07/2011, 19:22

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:15:08:27:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

25/01/2006, 23:22

Not After

25/01/2017, 23:32

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

e8:e4:d8:0c:37:75:8b:14:fa:c7:3c:89:3d:83:10:ae:1b:10:7a:c7
Signer

Actual PE Digest

e8:e4:d8:0c:37:75:8b:14:fa:c7:3c:89:3d:83:10:ae:1b:10:7a:c7

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoW
EndUpdateResourceA
IsBadStringPtrW
OpenMutexW
GetLogicalDriveStringsW
GetStringTypeW
SetErrorMode
SetCurrentDirectoryW
GetExitCodeProcess
RemoveDirectoryA
GetSystemDefaultLCID
GetSystemDirectoryA
EnumDateFormatsW
WinExec
lstrcpynA
GetStringTypeA
GetEnvironmentVariableA
IsBadCodePtr
CreateSemaphoreW
GetFullPathNameW
GetComputerNameA
FindAtomA
lstrcmp
BeginUpdateResourceA
DeleteAtom
GetThreadPriority
lstrcmpW
LoadLibraryA
GetExpandedNameA
GetWindowsDirectoryA
GetCurrentDirectoryW
CopyFileA
lstrcmpi
LocalFree
EnumCalendarInfoA
SetCalendarInfoA
GetUserDefaultLCID
GetProcAddress
GetSystemDirectoryW
GetModuleHandleW
GetUserDefaultLangID
MoveFileW
GetCPInfo

user32

GetWindowTextLengthA
CreateWindowExW
LoadImageA
wvsprintfA
GetCursorPos
RegisterClassW
GetDlgItemTextA
PostMessageW
CheckRadioButton
SendMessageA
DefDlgProcA
GetSysColor
CharUpperA
SetDlgItemInt
RegisterClassExA
RegisterClassA
DefDlgProcW
IsWindowEnabled
SetForegroundWindow
DefWindowProcW
CharPrevW
GetTopWindow
CreateDialogParamW
DefWindowProcA
wsprintfW
DrawTextA
wvsprintfW
LoadMenuW
CascadeWindows
MessageBeep
PostMessageA
GetWindowLongA
SetParent
GetAsyncKeyState

gdi32

GetTextCharsetInfo
OffsetRgn
BitBlt
GetMetaRgn
CreateDCA
PlayEnhMetaFile
EnumFontFamiliesExW
EnumFontsW
GetEnhMetaFileDescriptionW

advapi32

RegOpenKeyA
RegRestoreKeyW
RegRestoreKeyA
RegDeleteValueW
RegSaveKeyW
RegOpenKeyA
RegDeleteKeyW

shlwapi

PathIsFileSpecW
UrlEscapeA
StrRChrA
StrChrNIW
StrCmpLogicalW
UrlCompareA
StrFormatByteSize64A
SHCreateThread
PathIsSameRootW
PathSkipRootW

version

VerLanguageNameA
VerQueryValueA

inetcomm

MimeOleGetFileInfoW
MimeOleParseMhtmlUrl
HrFreeAttachData
HrGetAttachIconByFile
MimeOleCreateHashTable
EssSignCertificateEncodeEx

crypt32

CryptDecryptAndVerifyMessageSignature
CertCreateContext
CryptUnregisterOIDInfo
CertCloseStore
CertAddCRLContextToStore
CryptEnumKeyIdentifierProperties

Sections

.Pv
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.EX
Size: 2KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.KjVM
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UWzeb
Size: 3KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.J
Size: 1KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.X
Size: 2KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 171KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.W
Size: 4KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

534f6f46b9ce5161143aa5f7bb8313fe

Code Sign

61:08:77:5f:00:00:00:00:00:4aCertificate

Extended Key Usages

Key Usages

61:03:dc:f6:00:00:00:00:00:0cCertificate

Extended Key Usages

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

61:15:08:27:00:00:00:00:00:0cCertificate

Extended Key Usages

Key Usages

e8:e4:d8:0c:37:75:8b:14:fa:c7:3c:89:3d:83:10:ae:1b:10:7a:c7Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

version

inetcomm

crypt32

Sections

.Pv Size: 8KB - Virtual size: 8KB

.EX Size: 2KB - Virtual size: 121KB

.KjVM Size: 12KB - Virtual size: 12KB

.UWzeb Size: 3KB - Virtual size: 44KB

.J Size: 1KB - Virtual size: 51KB

.X Size: 2KB - Virtual size: 243KB

.data Size: 171KB - Virtual size: 247KB

.W Size: 4KB - Virtual size: 246KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 1024B - Virtual size: 944B

61:08:77:5f:00:00:00:00:00:4a
Certificate

61:03:dc:f6:00:00:00:00:00:0c
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:15:08:27:00:00:00:00:00:0c
Certificate

e8:e4:d8:0c:37:75:8b:14:fa:c7:3c:89:3d:83:10:ae:1b:10:7a:c7
Signer

.Pv
Size: 8KB - Virtual size: 8KB

.EX
Size: 2KB - Virtual size: 121KB

.KjVM
Size: 12KB - Virtual size: 12KB

.UWzeb
Size: 3KB - Virtual size: 44KB

.J
Size: 1KB - Virtual size: 51KB

.X
Size: 2KB - Virtual size: 243KB

.data
Size: 171KB - Virtual size: 247KB

.W
Size: 4KB - Virtual size: 246KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 1024B - Virtual size: 944B