22661054069f19891a69a8cafa403f9d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

22661054069f19891a69a8cafa403f9d_JaffaCakes118
Size

156KB
MD5

22661054069f19891a69a8cafa403f9d
SHA1

9dab2291e82a933427dcca62ca47a1ff5f62fbb3
SHA256

0093be9bfe8ac2fad2547d3cb5c4dc76c1c35bb2005bad619567be66cd33a6c7
SHA512

fa3551051988cfb958b758b5183ec2f0cddd572161572d3526e1e3409b8137f43f961c6543ff9b2c842e0dd38d9ecfc028cce9e218cb6028ef7446b0f6a57f55
SSDEEP

3072:GjzccKsxMjY20TkKgoRI2M4gcqcRkOayZ+:MzSsxMjPERgo+2XjXZ+

Score

1^/10

Malware Config

Signatures

Files

22661054069f19891a69a8cafa403f9d_JaffaCakes118
.exe windows:0 windows x86 arch:x86

38f0a713c995ca551e7e6935104c56ed

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/09/2009, 00:00

Not After

01/10/2012, 23:59

Subject

CN=ArcaBit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ArcaBit,O=ArcaBit Ltd.,L=Warsaw,ST=Warsaw,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:4c:7b:2e:d9:1f:0b:87:0d:2d:c1:f9:2f:71:56:af:7c:54:88:8a
Signer

Actual PE Digest

bf:4c:7b:2e:d9:1f:0b:87:0d:2d:c1:f9:2f:71:56:af:7c:54:88:8a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperW
wsprintfW
MessageBeep
LoadStringW

mpr

WNetGetLastErrorW
WNetAddConnection2W
WNetCancelConnection2W

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree
CoInitializeSecurity
CoCreateInstance

secur32

GetUserNameExW

ws2_32

gethostbyaddr
WSAGetLastError
WSAStartup
inet_addr
WSACleanup

netapi32

NetServerGetInfo
NetApiBufferFree

shlwapi

StrTrimW

msvcrt

wcscpy
wcschr
wcsspn
wcsncmp
_cexit
__set_app_type
exit
wcsrchr
calloc
realloc
wcscat
_ultow
_initterm
wcstod
wcstok
_exit
wcsstr
fprintf
strtok
_c_exit
__setusermatherr
wcstoul
_wcsnicmp
wcslen
free
iswctype
__wgetmainargs
_XcptFilter
_iob
_controlfp
fflush
wcspbrk
__winitenv
wcstol
swprintf

kernel32

FormatMessageW
ChangeTimerQueueTimer
CreateSemaphoreW
MultiByteToWideChar
SetDefaultCommConfigW
GetEnvironmentVariableW
CompareFileTime
lstrcmpiW
TerminateProcess
GlobalFix
lstrcatW
_hwrite
SetProcessAffinityMask
RegisterConsoleVDM
FindFirstFileW
GetLocaleInfoW
GetProfileStringA
FileTimeToSystemTime
DebugBreak
WideCharToMultiByte
GetStdHandle
lstrcpynW
VerSetConditionMask
LocalSize
CreateWaitableTimerA
VirtualAllocEx
SetConsoleNumberOfCommandsW
GetNumaHighestNodeNumber
UnhandledExceptionFilter
GetConsoleFontInfo
VerifyVersionInfoW
lstrlenW
GetStringTypeExW
ReadConsoleW
EnumResourceTypesA
AddLocalAlternateComputerNameW
EnumSystemGeoID
GetUserDefaultLCID
GetLocalTime
GetDateFormatW
EnumResourceLanguagesA
GetPrivateProfileStructW
GetExitCodeThread
GetLastError
GetGeoInfoA
LocalFree
SetConsoleScreenBufferSize
SetConsoleMode
GetCurrentProcessId
WriteConsoleW
lstrcpyW
GetComputerNameExW
GetDiskFreeSpaceA
GetConsoleInputExeNameA
GetConsoleMode
GetTimeFormatW
WritePrivateProfileStringA
FoldStringA
GetModuleHandleExW
WriteProfileStringW
UnmapViewOfFile
PeekConsoleInputW
OpenJobObjectA
FreeLibrary
Module32Next
RtlCaptureStackBackTrace
QueryPerformanceCounter
FindActCtxSectionStringA
SetUnhandledExceptionFilter
DeactivateActCtx
GetTickCount
FindCloseChangeNotification
IsBadStringPtrA
SetEnvironmentVariableA
ReadFile
DnsHostnameToComputerNameA
SetLastError
GetCurrentProcess
lstrcmpW
MoveFileA
GetSystemTimeAsFileTime

winipsec

OpenMMFilterHandle
SPDApiBufferAllocate
GetMMPolicyByID
MatchTunnelFilter
DeleteTunnelFilter
DeleteMMAuthMethods

shell32

DllCanUnloadNow
StrChrW
SHGetDesktopFolder
ShellAboutA
DllGetVersion
SHExtractIconsW
StrChrIW
Control_RunDLLAsUserW
SHGetFolderPathAndSubDirA
ShellExecuteW
SHPathPrepareForWriteA
SHGetDataFromIDListA
SHGetSpecialFolderPathA
SHGetInstanceExplorer
ExtractIconW
Options_RunDLLW

Sections

.irZMW
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.W
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.HwWaA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.BTkN
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.CtmN
Size: 1024B - Virtual size: 699B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JkGPn
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ

.Leh
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38f0a713c995ca551e7e6935104c56ed

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3dCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

bf:4c:7b:2e:d9:1f:0b:87:0d:2d:c1:f9:2f:71:56:af:7c:54:88:8aSigner

Headers

File Characteristics

Imports

user32

mpr

ole32

secur32

ws2_32

netapi32

shlwapi

msvcrt

kernel32

winipsec

shell32

Sections

.irZMW Size: 2KB - Virtual size: 1KB

.W Size: 1KB - Virtual size: 1KB

.HwWaA Size: 1KB - Virtual size: 1KB

.BTkN Size: 1KB - Virtual size: 1KB

.CtmN Size: 1024B - Virtual size: 699B

.JkGPn Size: 2KB - Virtual size: 1KB

.Leh Size: 1KB - Virtual size: 1KB

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 7KB - Virtual size: 37KB

.rsrc Size: 109KB - Virtual size: 109KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3d
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

bf:4c:7b:2e:d9:1f:0b:87:0d:2d:c1:f9:2f:71:56:af:7c:54:88:8a
Signer

.irZMW
Size: 2KB - Virtual size: 1KB

.W
Size: 1KB - Virtual size: 1KB

.HwWaA
Size: 1KB - Virtual size: 1KB

.BTkN
Size: 1KB - Virtual size: 1KB

.CtmN
Size: 1024B - Virtual size: 699B

.JkGPn
Size: 2KB - Virtual size: 1KB

.Leh
Size: 1KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 7KB - Virtual size: 37KB

.rsrc
Size: 109KB - Virtual size: 109KB