297abc8a20a789927bb290a340710739_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

297abc8a20a789927bb290a340710739_JaffaCakes118
Size

243KB
MD5

297abc8a20a789927bb290a340710739
SHA1

a17966f85c38efb759fc59d9ea119f67ddb6bbe9
SHA256

8503b3df81e8f378c7e6b1b916405f70d08d6c9b9494b00f16dc4b590fc5daaf
SHA512

63f951aa1fadbcad57ec8667257553ed8cbca7698b20d2354de79e5087221a6b768639033686b7e8874017e73e732ea889505bb323a6fe77c586c955b3a5b7aa
SSDEEP

6144:XrYW9KpUIJZokn+VkffmDipECzuUwDJFtqh9LBl+:7YeK2qZJn+qedC677qh9Nl+

Score

1^/10

Malware Config

Signatures

Files

297abc8a20a789927bb290a340710739_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9b771951269eb9c40a4867ea7bc844f0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/09/2009, 00:00

Not After

01/10/2012, 23:59

Subject

CN=ArcaBit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ArcaBit,O=ArcaBit Ltd.,L=Warsaw,ST=Warsaw,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3c:59:28:44:b9:c9:63:09:55:82:28:05:02:3e:2e:3b:42:e4:94:78
Signer

Actual PE Digest

3c:59:28:44:b9:c9:63:09:55:82:28:05:02:3e:2e:3b:42:e4:94:78

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexW
AddAtomA
SetErrorMode
lstrcpynW
Sleep
GetStartupInfoW
SetCurrentDirectoryW
GetCalendarInfoA
lstrcat
lstrcpyA
GetExitCodeThread
SystemTimeToFileTime
GetSystemDefaultLCID
GetVolumeInformationW
GetDiskFreeSpaceW
GetStartupInfoA
IsValidLocale
GetStringTypeW
LoadLibraryExA
GetProcAddress
IsBadReadPtr
QueryPerformanceFrequency
CreateSemaphoreA
GetThreadLocale
ExpandEnvironmentStringsW
FileTimeToSystemTime
GetDiskFreeSpaceA
CreateNamedPipeA
GetLastError
FreeLibrary

user32

InsertMenuItemA
keybd_event
GetActiveWindow
IsMenu
CreateAcceleratorTableW
SetDlgItemTextW
DialogBoxIndirectParamA
GetCapture
ShowCaret
GetCaretPos
CheckMenuItem
IsWindow
RegisterWindowMessageW
DialogBoxIndirectParamW
GetTopWindow
DialogBoxParamW
GetMenu
RegisterClassExA
UpdateLayeredWindow
MonitorFromRect
IsDlgButtonChecked
PostMessageW
GetKeyboardLayout
SetWindowPos
MessageBoxIndirectA
CreateDialogIndirectParamA
SetTimer
SetFocus
MonitorFromPoint
IsChild
wsprintfA
wvsprintfW
CreateAcceleratorTableA
MonitorFromWindow
AppendMenuA
GetClassInfoExW
CharNextA
EndDialog
GetSystemMetrics
ShowWindow
CreateDialogIndirectParamW
MoveWindow
InsertMenuItemW
SetMenu
RegisterWindowMessageA
SetCursor
GetDesktopWindow
CreateDesktopW
GetScrollPos
EnableMenuItem
LoadMenuW
SetParent
DestroyMenu
GetMenuItemInfoW
IsIconic
CharPrevW
GetDlgItemInt
TrackPopupMenuEx
CopyIcon
CharUpperW
GetMenuStringW
GetClassInfoW
GetDCEx
LoadBitmapW
InsertMenuA
GetActiveWindow

gdi32

UpdateICMRegKeyW
GetMetaFileW
CreateColorSpaceW
CreateICW
CreateDIBSection
StretchDIBits
AddFontResourceW
TranslateCharsetInfo
RemoveFontResourceExA
CreateRectRgn
CreatePolyPolygonRgn
AddFontResourceA
SetWinMetaFileBits
CreateFontA
CreateMetaFileA
CreateFontIndirectExW
GetMetaFileA
CreateICA
GetTextExtentPointA
CreateBrushIndirect
CreateCompatibleDC
UpdateICMRegKeyA
CreatePatternBrush
CreateFontIndirectA

shell32

ExtractIconA
StrNCmpIA
ExtractAssociatedIconExW
StrStrIW
SHGetSpecialFolderLocation
StrRStrW
SHBrowseForFolder
Shell_NotifyIconA
ExtractAssociatedIconA
StrStrW
SHGetFolderLocation
Shell_NotifyIcon

oleaut32

OleLoadPictureFile
VarDateFromR4

ws2_32

WSACloseEvent
WSAIoctl
getprotobynumber
WSAEventSelect
WSARecv
WSACreateEvent
gethostbyname
listen
select

urlmon

CopyBindInfo
IsValidURL
FaultInIEFeature
GetClassURL
CoInternetParseUrl
URLOpenPullStreamW
CoInternetCreateZoneManager
ReleaseBindInfo
GetMarkOfTheWeb
CoInternetCompareUrl
CoInternetGetSecurityUrl
CreateAsyncBindCtx
HlinkSimpleNavigateToMoniker
RevokeFormatEnumerator
GetClassFileOrMime
CoInternetCreateSecurityManager
RegisterBindStatusCallback
GetComponentIDFromCLSSPEC

rasman

RasRpcSetUserPreferences
RasGetPortUserData
RasPortSetFramingEx
RasDeAllocateRoute
RasRpcGetInstalledProtocols
RasSetDialParams
RasFreeBuffer

inetcomm

CreateIMAPTransport2
MimeOleSMimeCapGetEncAlg
HrDoAttachmentVerb
MimeOleParseRfc822Address
MimeEditGetBackgroundImageUrl
HrGetLastOpenFileDirectory
MimeOleGetAllocator
MimeOleGetBodyPropW
MimeOleCreateHeaderTable
HrAthGetFileNameW
MimeOleGetRelatedSection
MimeOleSMimeCapInit
MimeOleGenerateCID

Sections

.z
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.D
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SmJEG
Size: 1KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Vnvqv
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.AWAS
Size: 512B - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MwNgTx
Size: 5KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.omuQ
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vTyM
Size: 15KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VzGZ
Size: 4KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b771951269eb9c40a4867ea7bc844f0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3dCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

3c:59:28:44:b9:c9:63:09:55:82:28:05:02:3e:2e:3b:42:e4:94:78Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

oleaut32

ws2_32

urlmon

rasman

inetcomm

Sections

.z Size: 6KB - Virtual size: 6KB

.D Size: 92KB - Virtual size: 91KB

.SmJEG Size: 1KB - Virtual size: 21KB

.Vnvqv Size: 11KB - Virtual size: 11KB

.AWAS Size: 512B - Virtual size: 33KB

.MwNgTx Size: 5KB - Virtual size: 42KB

.omuQ Size: 93KB - Virtual size: 92KB

.vTyM Size: 15KB - Virtual size: 66KB

.VzGZ Size: 4KB - Virtual size: 436KB

.rsrc Size: 6KB - Virtual size: 6KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3d
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

3c:59:28:44:b9:c9:63:09:55:82:28:05:02:3e:2e:3b:42:e4:94:78
Signer

.z
Size: 6KB - Virtual size: 6KB

.D
Size: 92KB - Virtual size: 91KB

.SmJEG
Size: 1KB - Virtual size: 21KB

.Vnvqv
Size: 11KB - Virtual size: 11KB

.AWAS
Size: 512B - Virtual size: 33KB

.MwNgTx
Size: 5KB - Virtual size: 42KB

.omuQ
Size: 93KB - Virtual size: 92KB

.vTyM
Size: 15KB - Virtual size: 66KB

.VzGZ
Size: 4KB - Virtual size: 436KB

.rsrc
Size: 6KB - Virtual size: 6KB