2e8e8885e43ceff03c8f0cd53fece594_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2e8e8885e43ceff03c8f0cd53fece594_JaffaCakes118
Size

77KB
MD5

2e8e8885e43ceff03c8f0cd53fece594
SHA1

df478e76a01b7d059245c661619e253cf6ffc1e2
SHA256

e260be4aee045a032ddbed995f297b07c31757f0e638a4df50dd7b8e838cf94c
SHA512

e0eff0248828fc90d1ac3b8a8391cfda57a59b2c1b2a2a801f56a87ec00132362b3e90246a3d5b274691085b677d709321b19db5981cb85354ebc58b78e5c3d1
SSDEEP

1536:qf77+031ru/qpap4qUqm+rIqRqEp+85LQyiKtisKldP:eWo1/op4qUqfrIkb+aLQNb

Score

1^/10

Malware Config

Signatures

Files

2e8e8885e43ceff03c8f0cd53fece594_JaffaCakes118
.exe windows:4 windows x64 arch:x64

025a914d0b20e8ede3d03f8d871e5c36

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/11/2011, 00:00

Not After

13/11/2014, 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b3:09:26:28:40:f1:7f:3c:0d:68:bd:c4:55:8e:5b:e7:91:c5:53:fd
Signer

Actual PE Digest

b3:09:26:28:40:f1:7f:3c:0d:68:bd:c4:55:8e:5b:e7:91:c5:53:fd

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

h:\ch1\src\sandbox\wow_helper\wow_helper.pdb

Imports

kernel32

GetProcAddress
GetModuleHandleW
VirtualProtectEx
WriteProcessMemory
ReadProcessMemory
OpenProcess
WideCharToMultiByte
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetLastError
GetModuleHandleA
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
HeapSize
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InitializeCriticalSection
HeapReAlloc
RtlVirtualUnwind

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�5
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

025a914d0b20e8ede3d03f8d871e5c36

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70Certificate

Extended Key Usages

Key Usages

b3:09:26:28:40:f1:7f:3c:0d:68:bd:c4:55:8e:5b:e7:91:c5:53:fdSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 42KB - Virtual size: 41KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 8KB

.pdata Size: 3KB - Virtual size: 2KB

�5 Size: 512B - Virtual size: 176B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

b3:09:26:28:40:f1:7f:3c:0d:68:bd:c4:55:8e:5b:e7:91:c5:53:fd
Signer

.text
Size: 42KB - Virtual size: 41KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 8KB

.pdata
Size: 3KB - Virtual size: 2KB

�5
Size: 512B - Virtual size: 176B