33b3a0d3014a1ba3039e3d13eabb16cf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

33b3a0d3014a1ba3039e3d13eabb16cf_JaffaCakes118
Size

868KB
MD5

33b3a0d3014a1ba3039e3d13eabb16cf
SHA1

bcd8d63a28fd095188f1ae86516741f6a12711f5
SHA256

1f715f986b6c61fc2e50a8aca1136f44c556b40a2054dc98ce71f72bab21bbb1
SHA512

6af9e2b6750cd525e9b2d216d6a99683d16066264d9cc7819635cae73d0c7b95728a80f037aa0372c4ef4f3c748b4be9f633c6fbee88c4e3eaf6592154d3dbd5
SSDEEP

24576:NvyGKkJ3W6HdXAKizEPaICZ1/B5U7Lu6ms:NvydnGAKizEPaIk/43uL

Score

1^/10

Malware Config

Signatures

Files

33b3a0d3014a1ba3039e3d13eabb16cf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e394ea4240c3a6ebf923d2942f2e16aa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

3d:49:cd:33:c1:1e:6c:1b:ba:e2:97:1e:37:76:c7:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/02/2008, 00:00

Not After

31/01/2009, 23:59

Subject

CN=InstallProvider Inc.,O=InstallProvider Inc.,POSTALCODE=DM,STREET=15 Cornwall Street,L=Roseau,ST=Dominica,C=DM

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueA
GetTrusteeTypeA
RegFlushKey
RegOpenKeyA
FindFirstFreeAce
RegSaveKeyA
AccessCheck
GetServiceDisplayNameA
CryptSignHashA
BuildSecurityDescriptorA
GetMultipleTrusteeA
GetNumberOfEventLogRecords
CryptGetKeyParam
QueryServiceObjectSecurity
CryptEncrypt
CopySid
CryptContextAddRef
GetSidSubAuthority
EnumDependentServicesA
RegConnectRegistryA
InitializeAcl
RevertToSelf
ObjectDeleteAuditAlarmA
OpenEventLogA
AddAce
GetAclInformation
RegUnLoadKeyA
CryptDestroyHash
ControlService
RegDeleteValueA
ChangeServiceConfigA
SetEntriesInAuditListA
BackupEventLogA
CryptSetKeyParam
PrivilegeCheck
GetSecurityDescriptorControl
DeregisterEventSource

user32

DlgDirSelectExA
GetAsyncKeyState
EndMenu
ScrollDC
WinHelpA
SendMessageTimeoutA
IsWindowUnicode
FindWindowExA
OpenDesktopA
GetComboBoxInfo
GetTopWindow
DdeEnableCallback
GetShellWindow
DdeNameService
GetDC
RedrawWindow
SendIMEMessageExA
GetSystemMenu
RemovePropA
DdeUnaccessData
SetDebugErrorLevel
InsertMenuItemA
PostQuitMessage
IsCharLowerA
CharToOemBuffA
RegisterWindowMessageA
GetUserObjectSecurity
MessageBoxA
CreateAcceleratorTableA
SetKeyboardState
GetClassWord
SwitchToThisWindow
InvalidateRgn
SetClipboardData
IsDialogMessage
CreateDialogParamA
GetDlgCtrlID
GetWindowInfo
IsMenu
GetWindowRect
DrawMenuBar
DrawFrame
GetScrollBarInfo
UnhookWinEvent
ShowWindowAsync
GetClipboardFormatNameA
DdeClientTransaction
MapVirtualKeyExA
CopyIcon
EnumPropsExA
ShowCursor
AlignRects
GetKeyboardLayoutList

Sections

.tmpg
Size: 638KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.uzu
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fwl
Size: 19KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wjy
Size: 512B - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cvk
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dqz
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wbwl
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hifkx
Size: 48KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.glwz
Size: 124KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e394ea4240c3a6ebf923d2942f2e16aa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

3d:49:cd:33:c1:1e:6c:1b:ba:e2:97:1e:37:76:c7:0bCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

advapi32

user32

Sections

.tmpg Size: 638KB - Virtual size: 1.3MB

.uzu Size: 6KB - Virtual size: 8KB

.fwl Size: 19KB - Virtual size: 27KB

.wjy Size: 512B - Virtual size: 21KB

.cvk Size: 6KB - Virtual size: 15KB

.dqz Size: 512B - Virtual size: 56B

.wbwl Size: 512B - Virtual size: 24B

.hifkx Size: 48KB - Virtual size: 77KB

.glwz Size: 124KB - Virtual size: 1.7MB

.rsrc Size: 18KB - Virtual size: 20KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

3d:49:cd:33:c1:1e:6c:1b:ba:e2:97:1e:37:76:c7:0b
Certificate

.tmpg
Size: 638KB - Virtual size: 1.3MB

.uzu
Size: 6KB - Virtual size: 8KB

.fwl
Size: 19KB - Virtual size: 27KB

.wjy
Size: 512B - Virtual size: 21KB

.cvk
Size: 6KB - Virtual size: 15KB

.dqz
Size: 512B - Virtual size: 56B

.wbwl
Size: 512B - Virtual size: 24B

.hifkx
Size: 48KB - Virtual size: 77KB

.glwz
Size: 124KB - Virtual size: 1.7MB

.rsrc
Size: 18KB - Virtual size: 20KB