2a33efce3ef64e44e5ebd8ebf176885c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2a33efce3ef64e44e5ebd8ebf176885c_JaffaCakes118
Size

227KB
MD5

2a33efce3ef64e44e5ebd8ebf176885c
SHA1

1c87a54c0c096e39d9f99e43f7ab822e00e85c72
SHA256

b1828609e8c5f354acd30de01d2a22a61da320cb90c0f22fe6ef1aa32f96be89
SHA512

c44eccf358097ac3fb7ce76f4a6a0c58c3745353cef44291d1f403417463ca9960d09c2a5559cc09c9edf1319958b4926cee521650cc456cd4ee9238fb5879db
SSDEEP

3072:+BJTMnM6mdzi6TF9B/oUCxZfq3Frm4gdTH514CFUgieqEJoqoq6+:eJTH6CziUBkbC3Frq2xgVqgtg+

Score

1^/10

Malware Config

Signatures

Files

2a33efce3ef64e44e5ebd8ebf176885c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

92519f13b28234336965ca69c850b3e9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/09/2009, 00:00

Not After

01/10/2012, 23:59

Subject

CN=ArcaBit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ArcaBit,O=ArcaBit Ltd.,L=Warsaw,ST=Warsaw,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:00:8a:51:d5:ad:4a:6d:60:1b:00:2a:ce:98:84:a7:f7:20:9e:84
Signer

Actual PE Digest

6a:00:8a:51:d5:ad:4a:6d:60:1b:00:2a:ce:98:84:a7:f7:20:9e:84

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenServiceW
QueryServiceConfigW
CloseServiceHandle
OpenSCManagerW

gdi32

GetBkColor
CreateHatchBrush
DeleteObject
ExtTextOutW

kernel32

CloseHandle
InterlockedExchange
Sleep
DeleteCriticalSection
LoadLibraryA
OutputDebugStringA
GetModuleFileNameW
SetLastError
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GetLastError
GetModuleHandleA
IsBadReadPtr
GetWindowsDirectoryW
lstrcmpW
HeapAlloc
GetModuleHandleW
lstrcpyW
CreateEventW
SetEvent
GlobalFree
GlobalAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LocalFree
LocalAlloc
GetProcessHeap
InitializeCriticalSection
ResumeThread
GetComputerNameW
WaitForSingleObject
FreeLibrary
GlobalUnlock
GlobalLock
lstrlenW
HeapFree
lstrcpynW
LoadLibraryExW
VirtualAlloc
CreateFileW

msvcrt

__CxxFrameHandler
_wtol
wcscpy
wcslen
free
swprintf
iswdigit
__dllonexit
wcsstr
wcsrchr
swscanf
setlocale
wcspbrk
wcstol
wcstoul
_initterm
malloc
_onexit
?terminate@@YAXXZ
wcscmp
wcsncpy

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CreateStreamOnHGlobal
CoInitialize
CoInitializeEx
CoCreateInstanceEx
CoUninitialize
ReleaseStgMedium

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsExW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW

shell32

ShellExecuteExW

user32

UnhookWindowsHookEx
DestroyIcon
LoadIconW
LoadBitmapW
CreatePopupMenu
AppendMenuW
PostThreadMessageW
EnableWindow
CopyRect
FillRect
DrawFocusRect
InvalidateRect
GetParent
SendMessageW
CallNextHookEx
BringWindowToTop
UpdateWindow
MessageBeep
LoadStringW
PostMessageW
RegisterClipboardFormatW
GetDesktopWindow
WinHelpW
RedrawWindow
SetWindowLongW
GetWindowLongW
MessageBoxW
SetTimer
KillTimer
SetWindowsHookExW
GetSysColor

winmm

waveInGetDevCapsA
timeGetSystemTime
waveOutSetVolume
mmGetCurrentTask
mixerGetDevCapsA
joyGetPos
mciGetDeviceIDFromElementIDW
midiOutCachePatches
waveInStart
wid32Message
midiOutGetID
waveOutUnprepareHeader
GetDriverModuleHandle
auxSetVolume
mciSetYieldProc
waveInGetNumDevs
mciGetDeviceIDW
joyGetPosEx
mid32Message
midiStreamPosition
auxOutMessage
waveInGetErrorTextA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 24KB - Virtual size: 545KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 148KB - Virtual size: 749KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.icode
Size: 16KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92519f13b28234336965ca69c850b3e9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3dCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

6a:00:8a:51:d5:ad:4a:6d:60:1b:00:2a:ce:98:84:a7:f7:20:9e:84Signer

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

msvcrt

ole32

setupapi

shell32

user32

winmm

Sections

.text Size: 20KB - Virtual size: 19KB

.bss Size: 24KB - Virtual size: 545KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 148KB - Virtual size: 749KB

.icode Size: 16KB - Virtual size: 119KB

.rsrc Size: 2KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3d
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

6a:00:8a:51:d5:ad:4a:6d:60:1b:00:2a:ce:98:84:a7:f7:20:9e:84
Signer

.text
Size: 20KB - Virtual size: 19KB

.bss
Size: 24KB - Virtual size: 545KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 148KB - Virtual size: 749KB

.icode
Size: 16KB - Virtual size: 119KB

.rsrc
Size: 2KB - Virtual size: 1KB