2a29ffba00feb2997b672a71117a99a1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2a29ffba00feb2997b672a71117a99a1_JaffaCakes118
Size

201KB
MD5

2a29ffba00feb2997b672a71117a99a1
SHA1

d248020bb3dd1af9fe29ae75ab5f56e96557683d
SHA256

cefc991d8ba1615e0bd2da4211f69b95bb3bdf959e7e0f3f3caed77ee3adf2bd
SHA512

7fcdb72ed3d9ca7035ef66360a1b53744c78be36e250a2dfb8a463837a6c640783bddc30e5ab8d15f95061afd10abc4ee50c1cff1ceec0f255f60e12b8338819
SSDEEP

6144:7FQZZuyaYCAgF/8ElUJ4grunG3E3++UZCv2H:7F4HaH9D3grOG3s++UZCv2H

Score

1^/10

Malware Config

Signatures

Files

2a29ffba00feb2997b672a71117a99a1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3b35d7b67b616bbcff42ebd09c7d625b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/09/2006, 00:00

Not After

18/12/2009, 23:59

Subject

CN=Agnitum Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Agnitum Ltd.,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:00:9d:d4:ee:5b:82:55:00:8c:41:91:3a:7b:ea:0f:73:57:75:34
Signer

Actual PE Digest

62:00:9d:d4:ee:5b:82:55:00:8c:41:91:3a:7b:ea:0f:73:57:75:34

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
GetVersionExW
IsValidCodePage
GetExitCodeThread
GetLastError
GetLogicalDriveStringsA
GetFileTime
lstrcmpW
GetProcAddress
lstrcpyW
IsValidLocale
WinExec
GetACP
OpenSemaphoreA
GetMailslotInfo
SetLocaleInfoA
GetThreadPriority
GetModuleHandleA
GetCurrentProcessId
GetStringTypeW
GetLogicalDrives
Beep
GetThreadLocale
GetLocaleInfoA
FatalAppExitW
FatalAppExitA
FreeResource
BeginUpdateResourceW
QueryPerformanceFrequency
FindResourceA
GetProcessHeap
CreateMailslotW
GetModuleFileNameW
GetEnvironmentVariableA
CreateNamedPipeA
OpenEventW
GetTempPathW
CreateMutexA
BeginUpdateResourceA
GetVolumeInformationA
ExitProcess
lstrcmpi
lstrcmpA
SetCurrentDirectoryA
GetFullPathNameA
SetComputerNameA
GetFileAttributesW
GetCurrentThreadId
GetSystemInfo

user32

CharUpperW
FindWindowW
GetMenuInfo
EnumClipboardFormats
GetClassLongW
GetMenuStringA
mouse_event
DialogBoxParamW
GetCursorPos
EnumChildWindows
CreatePopupMenu
WaitForInputIdle
CascadeWindows
wvsprintfA
InvalidateRect
CharNextA
PostQuitMessage
LoadMenuIndirectA
CreateDialogIndirectParamA
EnumDesktopWindows
CloseWindow
GetSysColor
GetCapture
GetKeyState
GetWindowRgn
RemoveMenu
GetClassInfoExA
SetWindowPos
ClientToScreen
EnumWindows
GetMessageA
CopyRect
GetDCEx
CreateDesktopW
MessageBoxA
GetActiveWindow
EmptyClipboard
GetKeyboardType
wsprintfW
LoadImageA
CharPrevA
MessageBoxW
InsertMenuItemW
keybd_event
RegisterWindowMessageW

gdi32

BitBlt
GetLayout
ExtFloodFill
GetCharWidthI
EnumMetaFile
Escape
GetEnhMetaFileDescriptionA
RoundRect
SetWinMetaFileBits
GetClipRgn
GetMetaFileA
ColorCorrectPalette
GetArcDirection
GetRgnBox
CreateCompatibleBitmap

advapi32

RegDeleteValueW
RegRestoreKeyA
RegCreateKeyExA

shlwapi

UrlCombineA

comdlg32

PageSetupDlgA
PrintDlgA
FindTextW

wininet

LoadUrlCacheContent
InternetGetConnectedStateEx
UnlockUrlCacheEntryFile
HttpEndRequestA
SetUrlCacheEntryInfoA
UnlockUrlCacheEntryFileA
InternetGetCookieW
GopherCreateLocatorA

oledlg

OleUIConvertA
OleUIAddVerbMenuW

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.fy
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TLxSTy
Size: 3KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Svdr
Size: 512B - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.EiN
Size: 2KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zl
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.XRty
Size: 512B - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b35d7b67b616bbcff42ebd09c7d625b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6Certificate

Extended Key Usages

Key Usages

62:00:9d:d4:ee:5b:82:55:00:8c:41:91:3a:7b:ea:0f:73:57:75:34Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

comdlg32

wininet

oledlg

Sections

.text Size: 12KB - Virtual size: 12KB

.fy Size: 1024B - Virtual size: 5KB

.TLxSTy Size: 3KB - Virtual size: 52KB

.Svdr Size: 512B - Virtual size: 47KB

.EiN Size: 2KB - Virtual size: 35KB

.data Size: 10KB - Virtual size: 9KB

.zl Size: 1024B - Virtual size: 7KB

.XRty Size: 512B - Virtual size: 243KB

.rsrc Size: 164KB - Virtual size: 163KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6
Certificate

62:00:9d:d4:ee:5b:82:55:00:8c:41:91:3a:7b:ea:0f:73:57:75:34
Signer

.text
Size: 12KB - Virtual size: 12KB

.fy
Size: 1024B - Virtual size: 5KB

.TLxSTy
Size: 3KB - Virtual size: 52KB

.Svdr
Size: 512B - Virtual size: 47KB

.EiN
Size: 2KB - Virtual size: 35KB

.data
Size: 10KB - Virtual size: 9KB

.zl
Size: 1024B - Virtual size: 7KB

.XRty
Size: 512B - Virtual size: 243KB

.rsrc
Size: 164KB - Virtual size: 163KB