22105bd5559bc647343cf0a0280b3337_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

22105bd5559bc647343cf0a0280b3337_JaffaCakes118
Size

3.7MB
MD5

22105bd5559bc647343cf0a0280b3337
SHA1

25437e9d45e1c90b3aba8af2a44be292e5f5490d
SHA256

6c957bf09be6ed02c895d856f75d4322629125d2232c81e801f7f28721a2e4c6
SHA512

7f202d62eea7e9b8df6b0c6fc984da34e4f23e3a2640173bbf404b362ea275023fb08d2e444dbd8dc3bead0dfaef0c0c8c0dc8f4a6d1f216c03efe7499bb7fac
SSDEEP

49152:qudCFFIsBvQDsT1kWVzrNr4CaiexP1kTUnW4YB6m3V7kgpFd7PRoQXI1dbLJdurS:7CtBvHrmJi0yRV7/Fd1Ydv7kNDKbtGEp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/keygen/kg.exe

Files

22105bd5559bc647343cf0a0280b3337_JaffaCakes118
.rar
155绿色软件站.url
.url
jpf2setup.exe
.exe windows:4 windows x86 arch:x86

80bcf266a1cda344c99925ade6165fde

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:39:91:73:ff:3c:fe:7e:2b:11:0a:41:ce:18:d4:a6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09-09-2009 00:00

Not After

08-09-2012 23:59

Subject

CN=Jetico Inc. Oy,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Jetico Inc. Oy,L=Espoo,ST=Uusimaa,C=FI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

12:7c:1b:97:cb:ee:5c:59:05:41:2b:15:1c:0e:98:88:a1:58:5b:ac
Signer

Actual PE Digest

12:7c:1b:97:cb:ee:5c:59:05:41:2b:15:1c:0e:98:88:a1:58:5b:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

kernel32

CreateThread
ReadFile
SetFilePointer
WriteFile
FindClose
FindFirstFileA
CloseHandle
SetFileTime
CreateFileA
CreateDirectoryA
GetLastError
WaitForSingleObject
FreeLibrary
GetProcAddress
LoadLibraryA
GetDiskFreeSpaceA
DeleteFileA
SetFileAttributesA
CopyFileA
GetModuleFileNameA
CreateProcessA
RemoveDirectoryA
FindNextFileA
GetFileSize
GetTempPathA
GetExitCodeThread
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetEndOfFile
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
GetModuleHandleA
ExitProcess
GetFileAttributesA
MoveFileA
GetExitCodeProcess
HeapFree
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSection
RaiseException
Sleep
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetStdHandle
GetFileType
SetHandleCount
MultiByteToWideChar
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW

user32

ShowWindow
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
CreateDialogParamA
SetWindowTextA
GetDlgItemTextA
SetDlgItemTextA
DestroyWindow
LoadIconA
RegisterClassA
DefWindowProcA
PostQuitMessage
LoadStringA
EndDialog
GetDlgItem
MessageBoxA
PostMessageA
SendMessageA

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
keygen/install.txt
keygen/kg.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 255KB - Virtual size: 776KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

80bcf266a1cda344c99925ade6165fde

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1d:39:91:73:ff:3c:fe:7e:2b:11:0a:41:ce:18:d4:a6Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

12:7c:1b:97:cb:ee:5c:59:05:41:2b:15:1c:0e:98:88:a1:58:5b:acSigner

Headers

File Characteristics

Imports

comctl32

kernel32

user32

Sections

.text Size: 66KB - Virtual size: 65KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 11KB - Virtual size: 10KB

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 255KB - Virtual size: 776KB

.rsrc Size: 21KB - Virtual size: 24KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1d:39:91:73:ff:3c:fe:7e:2b:11:0a:41:ce:18:d4:a6
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

12:7c:1b:97:cb:ee:5c:59:05:41:2b:15:1c:0e:98:88:a1:58:5b:ac
Signer

.text
Size: 66KB - Virtual size: 65KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 11KB - Virtual size: 10KB

.text
Size: 255KB - Virtual size: 776KB

.rsrc
Size: 21KB - Virtual size: 24KB