334df5394b6144f70308947dcc92b25c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

334df5394b6144f70308947dcc92b25c_JaffaCakes118
Size

105KB
MD5

334df5394b6144f70308947dcc92b25c
SHA1

d71d8b17765ba1717e9bb431957b506911ec0df3
SHA256

9e192683ce8c377bb426b8d78721dfb5691e7e2ec7d0f20c8f7571240f5ddf33
SHA512

7760e354d739b55d71c24d421c4613f5aa9f11869887a5610116a1b6648526b66ca7ef617d4575e5ce6da2e5b6e8ff58f889d7b1d29d13cd751f259dbb1e91f0
SSDEEP

3072:c2486U8Smcr00k1Ew3CyZ+o9nmJzL+FKnk9fPML0T:WRSm+deEwyhL7nk9fLT

Score

1^/10

Malware Config

Signatures

Files

334df5394b6144f70308947dcc92b25c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

51b3e04e7d3576f171e5df847ee736cb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/06/2009, 00:00

Not After

21/06/2012, 23:59

Subject

CN=Zhuhai Kingsoft Software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Zhuhai Kingsoft Software Co.\,Ltd,L=Zhuhai,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f5:87:4e:15:97:17:81:79:85:84:89:b1:c3:06:ad:b0:b2:63:19:78
Signer

Actual PE Digest

f5:87:4e:15:97:17:81:79:85:84:89:b1:c3:06:ad:b0:b2:63:19:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr80

free
isspace
strtod
vsprintf
strcspn
strncpy
memcpy
printf
fprintf
_localtime64
_time64
signal
fflush
fputs
strcoll
fread
feof
strtoul
strchr
strerror
_errno
fscanf
fgets
malloc
ftell
fseek
system
remove
rename
tmpnam
getenv
clock
strftime
setlocale
_CIsin
_CIcos
_CItan
realloc
_CIacos
_CIatan
_CIatan2
ceil
floor
_CIfmod
_CIsqrt
_CIpow
_CIlog
_CIlog10
_CIexp
frexp
ldexp
rand
srand
tolower
toupper
isxdigit
isupper
ispunct
islower
memchr
strpbrk
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
isalpha
iscntrl
isdigit
isalnum
sprintf
longjmp
fwrite
__iob_func
fopen
fgetc
ungetc
freopen
fclose
_CIasin
_setjmp3

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

Exports

Exports

Lua_GetValuesFromStack
Lua_SetTable_CFunFromId
Lua_SetTable_CFunFromName
Lua_SetTable_DoubleFromId
Lua_SetTable_DoubleFromName
Lua_SetTable_IntFromId
Lua_SetTable_IntFromName
Lua_SetTable_StringFromId
Lua_SetTable_StringFromName
ldo
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_check_lstr
luaL_check_number
luaL_checkany
luaL_checkstack
luaL_checktype
luaL_findstring
luaL_openlib
luaL_opt_lstr
luaL_opt_number
luaL_prepbuffer
luaL_pushresult
luaL_verror
lua_addbreakpoint
lua_baselibopen
lua_call
lua_clearpack
lua_close
lua_compilebuffer
lua_compilefile
lua_concat
lua_copytagmethods
lua_curpack
lua_dblibopen
lua_delbreakpoint
lua_dobuffer
lua_dofile
lua_dostring
lua_equal
lua_error
lua_execute
lua_getgccount
lua_getgcthreshold
lua_getglobal
lua_getglobals
lua_getinfo
lua_getlocal
lua_getn
lua_getref
lua_getstack
lua_gettable
lua_gettagmethod
lua_gettop
lua_gettopindex
lua_insert
lua_iolibopen
lua_iscfunction
lua_isnumber
lua_isstring
lua_joinpack
lua_lessthan
lua_mathlibopen
lua_newpack
lua_newtable
lua_newtag
lua_newuserdata
lua_next
lua_open
lua_outerrmsg
lua_outoutmsg
lua_packcount
lua_pushcclosure
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushusertag
lua_pushvalue
lua_rawcall
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_ref
lua_remove
lua_setcallhook
lua_setdebugout
lua_setgcthreshold
lua_setglobal
lua_setglobals
lua_setlinehook
lua_setlocal
lua_setoutput_function
lua_settable
lua_settag
lua_settagmethod
lua_settop
lua_settraphook
lua_stackspace
lua_strlen
lua_strlibopen
lua_tag
lua_tocfunction
lua_tonumber
lua_topointer
lua_tostring
lua_touserdata
lua_type
lua_typename
lua_unref
lua_usepack

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

51b3e04e7d3576f171e5df847ee736cb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1bCertificate

Extended Key Usages

Key Usages

f5:87:4e:15:97:17:81:79:85:84:89:b1:c3:06:ad:b0:b2:63:19:78Signer

Headers

File Characteristics

Imports

msvcr80

kernel32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 916B

.rsrc Size: 4KB - Virtual size: 432B

.reloc Size: 4KB - Virtual size: 3KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

0b:a4:bc:43:99:30:34:6b:95:69:4b:4c:7f:2b:98:1b
Certificate

f5:87:4e:15:97:17:81:79:85:84:89:b1:c3:06:ad:b0:b2:63:19:78
Signer

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 916B

.rsrc
Size: 4KB - Virtual size: 432B

.reloc
Size: 4KB - Virtual size: 3KB