3afb9373e4d27e6a513f708e849d67f3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3afb9373e4d27e6a513f708e849d67f3_JaffaCakes118
Size

161KB
MD5

3afb9373e4d27e6a513f708e849d67f3
SHA1

99be726b82e8a7ca2468cf9c377cedd88e3fe704
SHA256

6c70bdfde7a2d303727cc3c36b0a33221e641ba80565941ae6dc5563458bf7de
SHA512

f9444b7ec293aa6c4ae551d22eb34e60779aaffaeaba738a3fd4ceabe36066214d6796fc398a293a1eb50b5e1cf6c67e8af71d007772ae97ad870a900a8e74b3
SSDEEP

3072:tHqmrVTEQBaraMgVVZfvG/ysu4wlloNqHg+oCtIt9pkBy/Su:5rVT1u8Gq6wlSOYilBru

Score

1^/10

Malware Config

Signatures

Files

3afb9373e4d27e6a513f708e849d67f3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e361d2168511217a53e7959697deefc3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/09/2009, 00:00

Not After

01/10/2012, 23:59

Subject

CN=ArcaBit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ArcaBit,O=ArcaBit Ltd.,L=Warsaw,ST=Warsaw,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:5b:62:34:02:4c:ff:6d:ca:6a:f2:2a:f7:28:6d:ce:45:ff:0e:bc
Signer

Actual PE Digest

79:5b:62:34:02:4c:ff:6d:ca:6a:f2:2a:f7:28:6d:ce:45:ff:0e:bc

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dsdmo

DllUnregisterServer
DllGetClassObject
DllRegisterServer
DllCanUnloadNow

version

VerFindFileA
VerFindFileW

wiadefui

DllRegisterServer

jsproxy

InternetGetProxyInfo
InternetDeInitializeAutoProxyDll
InternetInitializeAutoProxyDll

kbdhu1

KbdLayerDescriptor

cmdial32

AutoDialFunc

tsbyuv

DriverProc

adsnt

DllGetClassObject
DllCanUnloadNow

wiashext

AddDeviceWasChosenA

kernel32

_lclose
InterlockedExchangeAdd
AllocateUserPhysicalPages
CreateMemoryResourceNotification
GlobalFlags
GetCPInfoExA
SetConsoleActiveScreenBuffer
GlobalSize
SetPriorityClass
SetNamedPipeHandleState
LocalShrink
DebugActiveProcessStop
OpenMutexW
GetCommandLineW
WritePrivateProfileStringA
FindFirstFileExA
CreateDirectoryExW
EnumerateLocalComputerNamesA
GetProfileSectionW
SetConsoleCursorMode
AssignProcessToJobObject
LocalUnlock
RtlZeroMemory
FreeUserPhysicalPages
FindFirstChangeNotificationA
EnumSystemLocalesA
GetFirmwareEnvironmentVariableA
GetCurrentDirectoryW
DeleteCriticalSection
WritePrivateProfileStringW
CompareStringA
CreateToolhelp32Snapshot
RtlCaptureStackBackTrace
Module32First
GetSystemTime
GetConsoleAliasA
RequestDeviceWakeup
GlobalUnlock
GetProcAddress
AddLocalAlternateComputerNameA
SetLocalTime
GetExpandedNameW
GetCurrentProcessId
EnumDateFormatsA
SetFileAttributesA
GetACP
UTRegister
GetTimeFormatA
CreateEventA
FlushFileBuffers
GetStringTypeA
GetTapePosition
EnumUILanguagesA

user32

SetClipboardData
LoadMenuIndirectW
MessageBoxTimeoutW
GetThreadDesktop
UpdatePerUserSystemParameters
GetWindowTextA
ChangeMenuA
IsWindowInDestroy
GetCaretPos
CheckMenuItem
IsClipboardFormatAvailable
ToUnicode
DdeClientTransaction
GetClipboardFormatNameW
SendInput
MapVirtualKeyExA
GetInternalWindowPos
SendMessageCallbackA
EnumWindowStationsW
DefMDIChildProcW
DeleteMenu
MapVirtualKeyW
GetGUIThreadInfo
CalcMenuBar
ReleaseDC
GetUpdateRect
LoadCursorFromFileA
KillTimer
CharPrevA
GetWindowContextHelpId
HideCaret
GetMenuStringW
EnumWindowStationsA
GetMessageExtraInfo
GetWindow
ChildWindowFromPointEx
BeginDeferWindowPos
GetClassInfoExW
IsCharUpperA
GetKeyboardLayout
GetComboBoxInfo
ScrollWindowEx
EqualRect
EnterReaderModeHelper
GetTopWindow
LoadImageW
GetClipCursor
CharNextW
SetClipboardViewer
wsprintfA
GetClipboardOwner
DdeConnectList
InflateRect
ChangeMenuW
SetWindowTextW
CharLowerW
SendDlgItemMessageW
CharLowerA
IsCharUpperW
LoadMenuIndirectA
LookupIconIdFromDirectoryEx
CopyImage
DisplayExitWindowsWarnings
DialogBoxParamW
SwitchDesktop
UnlockWindowStation
GetUserObjectInformationW
LoadIconW
ModifyMenuA
SetProcessDefaultLayout

ntmarta

AccLookupAccountName
AccRewriteSetHandleRights
AccProvGetOperationResults
AccProvRevokeAuditRights

Sections

.w
Size: 1024B - Virtual size: 685B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.KZoAlL
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.OT
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.FG
Size: 90KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.u
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.H
Size: 10KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zCFCD
Size: 1KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.C
Size: 3KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e361d2168511217a53e7959697deefc3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3dCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

79:5b:62:34:02:4c:ff:6d:ca:6a:f2:2a:f7:28:6d:ce:45:ff:0e:bcSigner

Headers

File Characteristics

Imports

dsdmo

version

wiadefui

jsproxy

kbdhu1

cmdial32

tsbyuv

adsnt

wiashext

kernel32

user32

ntmarta

Sections

.w Size: 1024B - Virtual size: 685B

.KZoAlL Size: 2KB - Virtual size: 1KB

.OT Size: 24KB - Virtual size: 24KB

.FG Size: 90KB - Virtual size: 153KB

.u Size: 4KB - Virtual size: 4KB

.H Size: 10KB - Virtual size: 46KB

.zCFCD Size: 1KB - Virtual size: 36KB

.C Size: 3KB - Virtual size: 37KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 3KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3d
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

79:5b:62:34:02:4c:ff:6d:ca:6a:f2:2a:f7:28:6d:ce:45:ff:0e:bc
Signer

.w
Size: 1024B - Virtual size: 685B

.KZoAlL
Size: 2KB - Virtual size: 1KB

.OT
Size: 24KB - Virtual size: 24KB

.FG
Size: 90KB - Virtual size: 153KB

.u
Size: 4KB - Virtual size: 4KB

.H
Size: 10KB - Virtual size: 46KB

.zCFCD
Size: 1KB - Virtual size: 36KB

.C
Size: 3KB - Virtual size: 37KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 3KB - Virtual size: 4KB