37fdebbb9481d77069845aae17468e39_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

37fdebbb9481d77069845aae17468e39_JaffaCakes118
Size

89KB
MD5

37fdebbb9481d77069845aae17468e39
SHA1

a914b48fdbb84c90a3c7572279f651f61ff92780
SHA256

02821632125f9d82a9cfaf421ce07ccfbb0690a05a9a967151e3e1b8101195a6
SHA512

578bb0af5c2dfe047c24b58b27e4eea2b8f16787f7d46680f85dff9e354376a8b2b82796144ce27b8af400cc1c456edf4b18bb3fe4bd68f197c6661861722f15
SSDEEP

1536:S5A35mJcv2+wDRllqbX1BnDj/MIBBkFWWWWWWWWWWWMWWWWWWDENtWWWWOW84YWF:S9HDXMnDj/MIBBjw4+mtnR

Score

1^/10

Malware Config

Signatures

Files

37fdebbb9481d77069845aae17468e39_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0f976b7d99d7a14d6d44dd8a414dd11f

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:8e:66:2c:96:b9:80:e8:a9:14:25:3f:8b:ca:69:a9
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

15-11-2007 00:00

Not After

14-11-2009 23:59

Subject

CN=Zumie.com,OU=Secure Application Development,O=Zumie.com,L=El Segundo,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Develop\Newnet\Projects\vista\vclient_stable_2008-2-28\src\blinkopt\Release\blinkopt.pdb

Imports

shlwapi

PathRemoveFileSpecA
wnsprintfA
PathAppendA

kernel32

GetProcAddress
LoadLibraryA
GetModuleFileNameA
lstrlenA
lstrcpyA
LCMapStringA
FreeLibrary
VirtualProtect
GetLocaleInfoA
SetFilePointer
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
MultiByteToWideChar
InterlockedExchange
GetLastError
LCMapStringW
SetStdHandle
FlushFileBuffers
GetSystemInfo
GetTickCount
GetStringTypeA
IsBadCodePtr
ExitProcess
RtlUnwind
RaiseException
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapAlloc
QueryPerformanceCounter
CloseHandle
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
SetUnhandledExceptionFilter
HeapReAlloc
TerminateProcess
GetCurrentProcess
HeapSize
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
VirtualQuery
IsBadReadPtr

user32

EndDialog
LoadIconA
GetDlgItem
GetDesktopWindow
GetWindowRect
SetWindowPos
MessageBoxA
ShowWindow
DialogBoxParamA
SendMessageA

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA

shell32

ShellExecuteA

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f976b7d99d7a14d6d44dd8a414dd11f

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

19:8e:66:2c:96:b9:80:e8:a9:14:25:3f:8b:ca:69:a9Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

advapi32

shell32

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 7KB

.shared Size: 4KB - Virtual size: 16B

.rsrc Size: 32KB - Virtual size: 28KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

19:8e:66:2c:96:b9:80:e8:a9:14:25:3f:8b:ca:69:a9
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 7KB

.shared
Size: 4KB - Virtual size: 16B

.rsrc
Size: 32KB - Virtual size: 28KB