3498626bdbb7a50549d509df91fc48c7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3498626bdbb7a50549d509df91fc48c7_JaffaCakes118
Size

1.2MB
MD5

3498626bdbb7a50549d509df91fc48c7
SHA1

4293b5741a4e1d70e353286aa215cf08a61aa776
SHA256

29947daa75762b06b59708425001467181ad14d4700c7717a2f8974c8e739c1a
SHA512

3da07f3ec0d5a8c9b8b24bc02ab06f8c6021549fcd70950d554a40f09b6b1844242c9184b383d304eba3b70c301fd95b6e87af062c1b4ffd56620489d29b6af0
SSDEEP

24576:tK78zjwjzbz2sTb++Rwa7ZKPPQyT3cj7wK/MR5+uv+uW+uh+u8+uK+ulF7FZ+D+m:tw8ij2sTb++RwWoP4yTtK/MR4FW38GMq

Score

1^/10

Malware Config

Signatures

Files

3498626bdbb7a50549d509df91fc48c7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0bd94addaea969266fa049c776cb2dad

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:1f:4a:c0:fb:2b:4a:49:93:0f:c1:97:53:ae:e0:4c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/10/2009, 00:00

Not After

22/10/2012, 23:59

Subject

CN=Net Transmit & Receive SL,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Net Transmit & Receive SL,L=Barcelona,ST=Barcelona,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

SetFilePointer
ReadFile
GetVolumeInformationA
GetVersionExA
GetWindowsDirectoryA
GetCurrentProcess
CreateDirectoryA
LocalFree
LocalAlloc
SizeofResource
LockResource
LoadResource
FindResourceA
GetCurrentDirectoryA
GetCurrentProcessId
HeapAlloc
GetProcessHeap
CreateMutexA
ReleaseMutex
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
lstrcpynA
GetLocaleInfoW
GetTimeZoneInformation
lstrcatA
lstrcpyA
CopyFileA
SetFileAttributesA
lstrcmpA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetCurrentThread
EnterCriticalSection
GetSystemDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
LoadLibraryA
GetProcAddress
SetCurrentDirectoryA
GetModuleHandleA
FreeLibrary
CreateEventA
CreateThread
WaitForSingleObject
GetTickCount
lstrlenW
Sleep
TerminateThread
SetEvent
MultiByteToWideChar
DeleteFileA
SetLastError
GetModuleFileNameA
GetVersion
CreateFileA
lstrlenA
WriteFile
CloseHandle
GetLastError
WideCharToMultiByte
GetTempPathA
GetTempFileNameA
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetHandleCount
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetStdHandle
VirtualAlloc
VirtualFree
GetUserDefaultLCID
GetStringTypeA
SetEndOfFile
GetConsoleMode
GetConsoleCP
SetStdHandle
HeapSize
QueryPerformanceFrequency
QueryPerformanceCounter
FormatMessageA
LocalSize
OutputDebugStringA
ExitProcess
GlobalAlloc
GlobalFree
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetLocaleInfoA
HeapFree
HeapReAlloc
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
GetFileType
LCMapStringA
LCMapStringW
GetCPInfo
GetTimeFormatA
GetDateFormatA
CompareStringA
CompareStringW
GetStringTypeW
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
HeapCreate
GetEnvironmentStringsW

user32

InvalidateRect
RegisterClassExA
EnableMenuItem
InsertMenuItemA
CreatePopupMenu
DestroyMenu
LoadAcceleratorsA
SystemParametersInfoA
SetWindowTextA
MessageBoxA
GetDesktopWindow
wsprintfA
GetSystemMetrics
DestroyWindow
CreateWindowExA
GetClassInfoA
LoadIconA
LoadCursorA
RegisterClassA
DefWindowProcA
PostQuitMessage
GetCapture
GetCursorPos
SetForegroundWindow
TrackPopupMenu
FlashWindow
GetMessageA
TranslateAcceleratorA
IsDialogMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
MoveWindow
SetWindowPos
EnableWindow
ShowWindow
SetFocus
UpdateWindow
SendMessageA
PostMessageA
BeginPaint
EndPaint
IntersectRect
TrackMouseEvent
SetCursor
SetCapture
PtInRect
ReleaseCapture
SetWindowLongA
GetWindowLongA
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
SetRectEmpty
KillTimer
SetTimer
SetRect
CallWindowProcA
GetWindowTextW
GetFocus

advapi32

CryptDestroyHash
CreateServiceA
StartServiceA
DeleteService
QueryServiceObjectSecurity
GetSecurityDescriptorDacl
BuildExplicitAccessWithNameA
SetEntriesInAclA
SetServiceObjectSecurity
OpenSCManagerA
CloseServiceHandle
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
FreeSid
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCloseKey
LookupAccountNameA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptReleaseContext

shell32

ShellExecuteA

ole32

CoTaskMemFree

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString

comctl32

InitCommonControlsEx

wsock32

WSAGetLastError
ioctlsocket
inet_addr
gethostbyname
WSAStartup
gethostname

gdi32

CreateFontA
BitBlt
SelectObject
CreateDIBSection
DeleteDC
DeleteObject
CreateCompatibleDC

Sections

.text
Size: 648KB - Virtual size: 647KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 86KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 355KB - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0bd94addaea969266fa049c776cb2dad

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

14:1f:4a:c0:fb:2b:4a:49:93:0f:c1:97:53:ae:e0:4cCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

comctl32

wsock32

gdi32

Sections

.text Size: 648KB - Virtual size: 647KB

.rdata Size: 176KB - Virtual size: 175KB

.data Size: 86KB - Virtual size: 94KB

.rsrc Size: 355KB - Virtual size: 354KB

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

14:1f:4a:c0:fb:2b:4a:49:93:0f:c1:97:53:ae:e0:4c
Certificate

.text
Size: 648KB - Virtual size: 647KB

.rdata
Size: 176KB - Virtual size: 175KB

.data
Size: 86KB - Virtual size: 94KB

.rsrc
Size: 355KB - Virtual size: 354KB