3406b37e3f2f3e463119a65f49198222_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3406b37e3f2f3e463119a65f49198222_JaffaCakes118
Size

876KB
MD5

3406b37e3f2f3e463119a65f49198222
SHA1

8e9c476468f24fbcbf2f2cc64c70da208ee1edf3
SHA256

48a80366f7e52363535c9f3e836bcaa77b13808ecd57f95ba0c72c690b9f0377
SHA512

8383b9dbfdcaa1d4c99bcdc538e8594b4a114109e66bf7953bfc25aa2859b619ebd5dc4039d7c0d19012a61a2d3128ec99093b683308eda8150c5bc0636ed8d2
SSDEEP

24576:ZaGGOLdMfkd9kf2YFfLqxIWPVdBI5kgx+mbW:GOLE8kDNLqxv9lma

Score

1^/10

Malware Config

Signatures

Files

3406b37e3f2f3e463119a65f49198222_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7df7f74eac0047776bce060c9904fd74

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09-07-1999 18:31

Not After

09-07-2019 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

3d:49:cd:33:c1:1e:6c:1b:ba:e2:97:1e:37:76:c7:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01-02-2008 00:00

Not After

31-01-2009 23:59

Subject

CN=InstallProvider Inc.,O=InstallProvider Inc.,POSTALCODE=DM,STREET=15 Cornwall Street,L=Roseau,ST=Dominica,C=DM

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetSidSubAuthority
RegDeleteValueA
RegUnLoadKeyA
EnumDependentServicesA
RegQueryValueA
CopySid
RegOpenKeyA
GetNumberOfEventLogRecords
GetAclInformation
BuildSecurityDescriptorA
IsTextUnicode
ControlService
GetExplicitEntriesFromAclA
ObjectDeleteAuditAlarmA
CryptGenKey
AccessCheck
CryptDestroyHash
CryptSetKeyParam
RegSaveKeyA
QueryServiceObjectSecurity
AllocateAndInitializeSid
GetTrusteeTypeA
CryptContextAddRef
CryptHashSessionKey
GetSecurityDescriptorOwner
SetServiceStatus
GetMultipleTrusteeA
PrivilegeCheck
SetEntriesInAuditListA
RevertToSelf
CryptEncrypt
OpenEventLogA
FindFirstFreeAce
CryptSignHashA
CryptGetKeyParam
RegConnectRegistryA

user32

SwitchToThisWindow
CheckMenuItem
GetMenuItemCount
OemToCharA
UnhookWinEvent
UnpackDDElParam
ToUnicodeEx
EnumClipboardFormats
IsDialogMessage
DrawCaption
EndMenu
GetWindowInfo
GetWindowRect
DispatchMessageA
LoadIconA
LoadMenuIndirectA
GetDC
CloseDesktop
SetWindowContextHelpId
GetAsyncKeyState
SetKeyboardState
DrawMenuBar
BringWindowToTop
GetKBCodePage
CopyIcon
CascadeWindows
SetScrollInfo
SendIMEMessageExA
wvsprintfA
ChangeMenuA
MessageBoxA
SetWindowRgn
DestroyMenu
SetMenuDefaultItem
EnumPropsExA
IsMenu
PostQuitMessage
SetClipboardData
LookupIconIdFromDirectory
ArrangeIconicWindows
CharToOemBuffA
InsertMenuItemA
GetClassWord
GetLastActivePopup
GetMenuCheckMarkDimensions
IsWindowUnicode
GetUserObjectSecurity
GetTopWindow
TranslateAccelerator
SetMessageExtraInfo
GetNextDlgTabItem
CreateDialogParamA
CharNextExA
DdeCreateDataHandle

kernel32

GetPrivateProfileIntA

Sections

.xqhmz
Size: 638KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vsvwb
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jadi
Size: 19KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jwbm
Size: 512B - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pkb
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cpopo
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.roz
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ujmxg
Size: 48KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qdq
Size: 132KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7df7f74eac0047776bce060c9904fd74

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

3d:49:cd:33:c1:1e:6c:1b:ba:e2:97:1e:37:76:c7:0bCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

advapi32

user32

kernel32

Sections

.xqhmz Size: 638KB - Virtual size: 1.3MB

.vsvwb Size: 6KB - Virtual size: 8KB

.jadi Size: 19KB - Virtual size: 27KB

.jwbm Size: 512B - Virtual size: 21KB

.pkb Size: 6KB - Virtual size: 15KB

.cpopo Size: 512B - Virtual size: 56B

.roz Size: 512B - Virtual size: 24B

.ujmxg Size: 48KB - Virtual size: 77KB

.qdq Size: 132KB - Virtual size: 1.7MB

.rsrc Size: 18KB - Virtual size: 20KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

3d:49:cd:33:c1:1e:6c:1b:ba:e2:97:1e:37:76:c7:0b
Certificate

.xqhmz
Size: 638KB - Virtual size: 1.3MB

.vsvwb
Size: 6KB - Virtual size: 8KB

.jadi
Size: 19KB - Virtual size: 27KB

.jwbm
Size: 512B - Virtual size: 21KB

.pkb
Size: 6KB - Virtual size: 15KB

.cpopo
Size: 512B - Virtual size: 56B

.roz
Size: 512B - Virtual size: 24B

.ujmxg
Size: 48KB - Virtual size: 77KB

.qdq
Size: 132KB - Virtual size: 1.7MB

.rsrc
Size: 18KB - Virtual size: 20KB