1b1d6b653162f932967970bea602763e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1b1d6b653162f932967970bea602763e_JaffaCakes118
Size

244KB
MD5

1b1d6b653162f932967970bea602763e
SHA1

d91f196e289d1bfb2eb778fbc020a694e0641dc6
SHA256

d7295a26d8f9298481a4edb219fb5f2f28b8e54e8d128e12e132bae0d9c78895
SHA512

24c305b7dd0b4a22b698e440aba33ff8897f2dd147ccc9fb66e26150d7b5eefbfa7b820f13401ef0ae61de0dc6dfcdb52b47762ab5c4d0077649d72019b9e500
SSDEEP

6144:hC+SWZbobuZD+HMmi2wpbQ7teOSy4SGnePjbViohZtPSfg:M+SWZRDOc20bYJl3VPDtx

Score

1^/10

Malware Config

Signatures

Files

1b1d6b653162f932967970bea602763e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b421af2e508d90aee142c53006ee68ec

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/09/2006, 00:00

Not After

24/11/2007, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a5:f5:e6:81:de:a8:39:16:fd:65:fb:bd:35:e7:78:63:02:64:3d:5f
Signer

Actual PE Digest

a5:f5:e6:81:de:a8:39:16:fd:65:fb:bd:35:e7:78:63:02:64:3d:5f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmp
lstrcmpiW
CreateNamedPipeW
EnumTimeFormatsA
GlobalFindAtomA
MulDiv
SetCurrentDirectoryW
GetVersionExA
GetEnvironmentVariableA
GetSystemDirectoryW
GetModuleFileNameW
FileTimeToLocalFileTime
GetLogicalDriveStringsA
EnumDateFormatsW
CopyFileExW
BeginUpdateResourceA
GetSystemDefaultLCID
LoadLibraryExA
GetWindowsDirectoryA
GetTempPathA
ReplaceFileW
DeleteAtom
lstrlenW
OpenMutexW
LocalAlloc
GetDateFormatA
GetEnvironmentStringsA
GetVersion
SetUnhandledExceptionFilter
OpenMutexA
DisconnectNamedPipe
EnumCalendarInfoW
GetTickCount
GetSystemInfo
CreateSemaphoreA
LocalFree
CompareFileTime
GetDiskFreeSpaceW
CreateEventW
SearchPathW
GetProcAddress
EnumDateFormatsA
GetCurrentThread
OpenFile
IsValidCodePage
lstrcpy
CreateMutexA
FindAtomW
QueryPerformanceFrequency
GetLocaleInfoA
IsDebuggerPresent
GetExitCodeProcess
CreateDirectoryW
CreateEventA
GetTempPathW
SetLocaleInfoA
AddAtomW
CreateSemaphoreW
LoadLibraryW
GetModuleHandleA

user32

GetMenuStringW
CharLowerW
SetWindowTextW
DialogBoxIndirectParamA
GetClassInfoExA
GetCapture
EnableMenuItem
GetMenuItemInfoA
CharPrevA
GetMenuInfo
GetSubMenu
GetActiveWindow
GetDlgItemInt
MonitorFromPoint
CreateAcceleratorTableW
LoadBitmapW
UpdateLayeredWindow
FindWindowA
SendDlgItemMessageA
GetForegroundWindow
CreateDialogIndirectParamW
wvsprintfA
IsDlgButtonChecked
MessageBoxA
CharNextW
SetCapture
SetParent
ShowWindow

gdi32

CreatePolyPolygonRgn
SelectBrushLocal
CreatePolygonRgn
CreateBitmap
CreateFontA
CreateEllipticRgn
RemoveFontResourceExW
CreateDIBPatternBrush
CreateSolidBrush
RemoveFontResourceW
ExtCreateRegion
CreatePen
GetRasterizerCaps

shell32

StrNCmpIW
SHGetDataFromIDListA

comdlg32

PrintDlgW
FindTextA
PageSetupDlgA
ChooseFontA
GetOpenFileNameW
ReplaceTextW

setupapi

SetupQueueCopyW
CM_Query_Remove_SubTree
SetupDiRegisterCoDeviceInstallers
SetupRemoveFromDiskSpaceListW
SetupGetFieldCount
SetupFindNextLine
CM_Add_Res_Des_Ex
SetupOpenAppendInfFileA

ws2_32

gethostbyaddr
closesocket
WSAEventSelect
WSAEnumNetworkEvents
WSARecvDisconnect
gethostbyname
select
setsockopt
accept
bind
WSASend
recv
htons
WSACleanup
WSAGetLastError
WSADuplicateSocketA
gethostname

urlmon

CoInternetCombineUrl
CoInstall
HlinkSimpleNavigateToMoniker
GetMarkOfTheWeb
CreateURLMonikerEx
GetComponentIDFromCLSSPEC
CoInternetGetSession
RevokeFormatEnumerator
RegisterFormatEnumerator
URLOpenStreamA
CoInternetCompareUrl
IsLoggingEnabledW
CopyStgMedium
FindMediaType
RegisterMediaTypes
HlinkGoForward
ReleaseBindInfo

mprapi

MprAdminUserClose
MprAdminUserOpen

inetcomm

HrGetAttachIcon
EssReceiptRequestEncodeEx
MimeOleSMimeCapGetHashAlg
CreatePOP3Transport
MimeOleAlgNameFromSMimeCap
MimeOleGetPropW

Sections

.I
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.v
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qY
Size: 2KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.KP
Size: 5KB - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.V
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.GvuZ
Size: 2KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gGofL
Size: 5KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Ujh
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qZQgA
Size: 11KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RvyXx
Size: 2KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b421af2e508d90aee142c53006ee68ec

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4Certificate

Extended Key Usages

Key Usages

a5:f5:e6:81:de:a8:39:16:fd:65:fb:bd:35:e7:78:63:02:64:3d:5fSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

setupapi

ws2_32

urlmon

mprapi

inetcomm

Sections

.I Size: 7KB - Virtual size: 7KB

.v Size: 90KB - Virtual size: 90KB

.qY Size: 2KB - Virtual size: 338KB

.KP Size: 5KB - Virtual size: 463KB

.V Size: 11KB - Virtual size: 11KB

.GvuZ Size: 2KB - Virtual size: 208KB

.gGofL Size: 5KB - Virtual size: 45KB

.Ujh Size: 92KB - Virtual size: 92KB

.qZQgA Size: 11KB - Virtual size: 161KB

.RvyXx Size: 2KB - Virtual size: 54KB

.rsrc Size: 7KB - Virtual size: 6KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

a5:f5:e6:81:de:a8:39:16:fd:65:fb:bd:35:e7:78:63:02:64:3d:5f
Signer

.I
Size: 7KB - Virtual size: 7KB

.v
Size: 90KB - Virtual size: 90KB

.qY
Size: 2KB - Virtual size: 338KB

.KP
Size: 5KB - Virtual size: 463KB

.V
Size: 11KB - Virtual size: 11KB

.GvuZ
Size: 2KB - Virtual size: 208KB

.gGofL
Size: 5KB - Virtual size: 45KB

.Ujh
Size: 92KB - Virtual size: 92KB

.qZQgA
Size: 11KB - Virtual size: 161KB

.RvyXx
Size: 2KB - Virtual size: 54KB

.rsrc
Size: 7KB - Virtual size: 6KB