26b6fe9b5abae4f7d9d17158868ba12c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

26b6fe9b5abae4f7d9d17158868ba12c_JaffaCakes118
Size

237KB
MD5

26b6fe9b5abae4f7d9d17158868ba12c
SHA1

f35a6a34fb5e6c5725f01a8f439d577347eff00a
SHA256

cd05e5ed4c3281d6487af8a2336fe19add202d80a485fa74e67c642e8edc8ded
SHA512

94ef36f8113cc205cd7342b2f318cea856e4b9d07f467cd3b9e990999fec71d6d56e59838b0b2685ca496a274e302781b45790f6f6b0677321210b96ca387b01
SSDEEP

3072:gA4mbbzmQMKXxagLWrN80h/xWSNhcGyM78QT66p33spmXq5/iR9wiOt2uyTaeB2+:gPmbehG0h5PcGFX3swoPivR44F/pv

Score

1^/10

Malware Config

Signatures

Files

26b6fe9b5abae4f7d9d17158868ba12c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

18c6e467331dc0c8ee3f646d85108ebc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:ef:4f:72:14:93:67:bc:c7:77:5d:00:00:90:9c:1d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

29/01/2010, 00:00

Not After

30/01/2012, 23:59

Subject

CN=VIRUSBLOKADA LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=VIRUSBLOKADA LTD.,L=Minsk,ST=none,C=BY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

49:9e:04:fc:7a:0c:e2:58:3b:9b:17:38:48:48:95:72:cf:5f:15:68
Signer

Actual PE Digest

49:9e:04:fc:7a:0c:e2:58:3b:9b:17:38:48:48:95:72:cf:5f:15:68

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumDateFormatsA
GetCurrentThread
LoadLibraryExA
DuplicateHandle
GetAtomNameA
DeleteAtom
GetModuleHandleA
GetFullPathNameA
OpenFile
FatalAppExitW
LoadResource
SetComputerNameA
FileTimeToSystemTime
GetProcAddress
BeginUpdateResourceW
GetLocaleInfoA
WinExec
Sleep
GetUserDefaultLangID
GetLastError
lstrcmpW
GetVersion

user32

GetWindowRgn
CreateAcceleratorTableW
GetClassInfoA
WinHelpW
GetMenuItemRect
keybd_event
LoadMenuA
SendMessageW
GetDlgItemTextW
UnregisterClassA
GetMenuItemInfoA
OpenClipboard
DialogBoxIndirectParamA
CreateWindowExA
IsDlgButtonChecked
DestroyMenu
IsWindow
MessageBeep
GetDlgItemInt
GetForegroundWindow
InsertMenuItemA
GetClassInfoExW
AppendMenuA
CharLowerW
RegisterWindowMessageW
MessageBoxIndirectW
GetCaretPos
ShowWindow
SetCursorPos
MessageBoxA
EnumClipboardFormats
ActivateKeyboardLayout
PostMessageW
PeekMessageW
GetMenuItemID
LoadMenuIndirectA
GetMessageW
SetActiveWindow
GetSystemMetrics
DialogBoxIndirectParamW
CreateDialogIndirectParamW
GetSysColor
TrackPopupMenuEx
LoadMenuW
WaitMessage
SetWindowTextW
GetMessageA
GetScrollPos
GetSysColorBrush
CreateDialogIndirectParamA
InvalidateRgn
CreateDialogParamA
LoadImageW
PostQuitMessage
CreateDesktopW
GetCursorPos

advapi32

ElfNumberOfRecords
GetSidSubAuthorityCount
LsaRemovePrivilegesFromAccount
GetAccessPermissionsForObjectW
LsaOpenPolicy
OpenEncryptedFileRawW
LsaLookupSids
IdentifyCodeAuthzLevelW
CredpConvertTargetInfo
GetServiceDisplayNameA

shell32

StrCmpNIW
StrCmpNW
ExtractIconEx
StrRChrA
ExtractIconW
StrRStrIA
ExtractAssociatedIconExW
ExtractIconA
StrChrIW
SHBrowseForFolder
StrRStrA
ExtractAssociatedIconA
SHGetFolderPathW
SHGetDiskFreeSpaceExA

oleaut32

VarUI1FromDisp
VarAnd

winmm

mciSendCommandA
mmioStringToFOURCCA
midiOutSetVolume
waveOutPause
midiInGetDevCapsW
joyGetDevCapsW
midiStreamRestart
waveOutSetPlaybackRate
midiOutCachePatches
joyGetNumDevs
mmioOpenA
midiStreamStop
DriverCallback
mmGetCurrentTask
waveInGetErrorTextW
mciDriverYield
waveOutGetID
auxGetVolume
mciSetYieldProc
joyConfigChanged
waveOutOpen

imm32

ImmRegisterWordA
ImmReleaseContext

Sections

.wCjvU
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.E
Size: 1024B - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hqiBrB
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Uirk
Size: 3KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ufKvo
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.JXgCTi
Size: 2KB - Virtual size: 479KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pl
Size: 2KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zi
Size: 4KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sL
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.BaQfro
Size: 14KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hOp
Size: 1KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18c6e467331dc0c8ee3f646d85108ebc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

2b:ef:4f:72:14:93:67:bc:c7:77:5d:00:00:90:9c:1dCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

49:9e:04:fc:7a:0c:e2:58:3b:9b:17:38:48:48:95:72:cf:5f:15:68Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

oleaut32

winmm

imm32

Sections

.wCjvU Size: 4KB - Virtual size: 3KB

.E Size: 1024B - Virtual size: 217KB

.hqiBrB Size: 89KB - Virtual size: 89KB

.Uirk Size: 3KB - Virtual size: 452KB

.ufKvo Size: 11KB - Virtual size: 11KB

.JXgCTi Size: 2KB - Virtual size: 479KB

.pl Size: 2KB - Virtual size: 329KB

.zi Size: 4KB - Virtual size: 50KB

.sL Size: 91KB - Virtual size: 91KB

.BaQfro Size: 14KB - Virtual size: 319KB

.hOp Size: 1KB - Virtual size: 10KB

.rsrc Size: 7KB - Virtual size: 6KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

2b:ef:4f:72:14:93:67:bc:c7:77:5d:00:00:90:9c:1d
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

49:9e:04:fc:7a:0c:e2:58:3b:9b:17:38:48:48:95:72:cf:5f:15:68
Signer

.wCjvU
Size: 4KB - Virtual size: 3KB

.E
Size: 1024B - Virtual size: 217KB

.hqiBrB
Size: 89KB - Virtual size: 89KB

.Uirk
Size: 3KB - Virtual size: 452KB

.ufKvo
Size: 11KB - Virtual size: 11KB

.JXgCTi
Size: 2KB - Virtual size: 479KB

.pl
Size: 2KB - Virtual size: 329KB

.zi
Size: 4KB - Virtual size: 50KB

.sL
Size: 91KB - Virtual size: 91KB

.BaQfro
Size: 14KB - Virtual size: 319KB

.hOp
Size: 1KB - Virtual size: 10KB

.rsrc
Size: 7KB - Virtual size: 6KB