24618225ce7428d4fafd4588e07669d1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

24618225ce7428d4fafd4588e07669d1_JaffaCakes118
Size

87KB
MD5

24618225ce7428d4fafd4588e07669d1
SHA1

5d1a72f91e9fd399df69bdd78d74ec98c40a664d
SHA256

67c12f273349e7b98c242da36b7955fbd6e84255f2390ee58dd28c52ae6a7f03
SHA512

10911513bd5605c69617b7817e14e18c3c76c84627eefbc228208d72b805f780e5821b442cacf4297720529a230897663c17a53609efafbac8a3e4d6b343b2c5
SSDEEP

1536:RX5c6yz4AgCMbTw8Ls3G7n1jkFO327qiLpmNTixvEeYPWYRtsi:RX5cQAg1PwX321jkFOm7qiLEwa/PWKl

Score

1^/10

Malware Config

Signatures

Files

24618225ce7428d4fafd4588e07669d1_JaffaCakes118
.exe windows:4 windows x64 arch:x64

64391c3ad45b0d7f98f4d0f6c057c63b

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:1e:ed:d7:78:a5:1a:3d:59:d4:19:a8:b0:6c:a0:9c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13/03/2007, 00:00

Not After

13/03/2008, 23:59

Subject

CN=SafeNet\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Enterprise Security Division,O=SafeNet\, Inc.,L=Baltimore,ST=Maryland,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileA
WaitForSingleObject
GetWindowsDirectoryA
GetFileSize
VirtualQuery
HeapCreate
HeapAlloc
HeapFree
HeapDestroy
ReadFile
CloseHandle
MultiByteToWideChar
GetModuleFileNameA
GetSystemWindowsDirectoryA
CopyFileA
GetEnvironmentVariableA
RemoveDirectoryA
Sleep
FindFirstFileA
SetFileAttributesA
DeleteFileA
MoveFileExA
FindNextFileA
FindClose
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GetSystemInfo
VirtualAlloc
lstrlenA
GetCurrentProcess
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCommandLineA
GetProcessHeap
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetModuleHandleA
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapSetInformation
SetFilePointer
LCMapStringA
LCMapStringW
GetCPInfo
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
InitializeCriticalSection
FlushFileBuffers
SetStdHandle
VirtualProtect

user32

MessageBoxA

advapi32

OpenSCManagerA
LookupPrivilegeValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
DeleteService
StartServiceA
LockServiceDatabase
ControlService
CloseServiceHandle
CreateServiceA
UnlockServiceDatabase
AdjustTokenPrivileges
OpenServiceA
QueryServiceStatus
SetNamedSecurityInfoA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
OpenProcessToken
AllocateAndInitializeSid
FreeSid

shell32

ShellExecuteExA

difxapi

DriverPackageUninstallA
DriverPackageInstallA
DIFXAPISetLogCallbackA

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�\�c
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64391c3ad45b0d7f98f4d0f6c057c63b

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

4d:1e:ed:d7:78:a5:1a:3d:59:d4:19:a8:b0:6c:a0:9cCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

difxapi

Sections

.text Size: 41KB - Virtual size: 40KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 12KB

.pdata Size: 3KB - Virtual size: 2KB

�\�c Size: 2KB - Virtual size: 1KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

4d:1e:ed:d7:78:a5:1a:3d:59:d4:19:a8:b0:6c:a0:9c
Certificate

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 12KB

.pdata
Size: 3KB - Virtual size: 2KB

�\�c
Size: 2KB - Virtual size: 1KB