39967c1f72c93a0c7d55752d39cd3091_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

39967c1f72c93a0c7d55752d39cd3091_JaffaCakes118
Size

240KB
MD5

39967c1f72c93a0c7d55752d39cd3091
SHA1

973d86e9f3efb687ed407eb017269cd6155856ca
SHA256

9aa8f74da16efe2312e592b026a6a255bd8f33e72c4c5b4f64faac661f4ac8cc
SHA512

9c463f1adf5464fe787fbf746ce54b60b06796dbfc9e8c9271a4f90bd7250972c9b569d39041c4b952b8c184e683bf804a6a7fe33449cb9caa1b9aac64a61c2a
SSDEEP

6144:RcWoSj5KR5U6fusRfTm1SDI32tpdjS8Iy3Tuoa:R9545U6fAn38336

Score

1^/10

Malware Config

Signatures

Files

39967c1f72c93a0c7d55752d39cd3091_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1e796873b675e71178720aa6a7e7b4a9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/02/2009, 00:00

Not After

11/02/2012, 23:59

Subject

CN=Avira GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development 2009,O=Avira GmbH,L=Tettnang,ST=Baden-Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateSemaphoreW
RemoveDirectoryW
GetSystemDefaultLCID
VirtualAlloc
AddAtomW
SetEvent
WaitForMultipleObjects
SearchPathW
CreatePipe
GetLongPathNameW
FileTimeToDosDateTime
GetCPInfo
GetSystemDefaultLangID
EnumTimeFormatsA
CreateDirectoryW
WaitForSingleObject
SuspendThread
GetEnvironmentStringsW
GetWindowsDirectoryW
GetHandleInformation
GetModuleHandleW
SystemTimeToFileTime
GetACP
lstrcpynW
ReplaceFileA
CreateThread
GetFullPathNameA
FlushFileBuffers
CreateSemaphoreA
EndUpdateResourceA
GetFileTime
SetCalendarInfoW
ConnectNamedPipe
GetSystemTime
GetLongPathNameA
CompareStringA
GetTimeFormatA
CreateMailslotA
GetExpandedNameA
OpenMutexW
GetTimeFormatW
FileTimeToSystemTime
lstrcpy
AddAtomA

user32

CreateDesktopA
DrawTextW
UnregisterClassA
OffsetRect
ShowWindow
LoadBitmapW
CharPrevA
LoadIconW
BringWindowToTop
PostMessageA
ShowCaret
InsertMenuA
WaitMessage
GetClassInfoExA
SendDlgItemMessageA
CheckMenuRadioItem
GetCursorPos
GetActiveWindow
GetIconInfo
AdjustWindowRect
EnableMenuItem
SetDlgItemTextW
GetDC
OpenWindowStationA
CharLowerW
CheckMenuItem
RegisterWindowMessageW
GetMenuItemRect
GetClassInfoExW
IsDlgButtonChecked
CascadeWindows
GetKeyState
GetClassInfoA
ClientToScreen
MoveWindow
GetClassInfoW

gdi32

SwapBuffers
RemoveFontResourceW
SetTextAlign
DescribePixelFormat
GetTextFaceA
LineTo
GetEnhMetaFileW
PolyPolyline
SetWindowOrgEx
CreateCompatibleDC
GetBkMode
CreateBitmapIndirect
GetDCBrushColor
GetEnhMetaFilePixelFormat
GetEnhMetaFileHeader
PlayMetaFile
CombineRgn

advapi32

RegOpenKeyW
IsValidAcl
RegOpenKeyW
RegQueryValueW
RegDeleteValueA

shell32

ShellExecuteExA
StrCmpNIA

comdlg32

PrintDlgExA
GetSaveFileNameA
GetOpenFileNameW
GetFileTitleW

setupapi

pSetupAccessRunOnceNodeList
CM_Get_DevNode_Registry_Property_ExW

wsock32

WSASetLastError
sethostname

Sections

.c9rxny
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.%bY
Size: 1024B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.;,bpn
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.<
Size: 1KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.#i!YS
Size: 3KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.x960
Size: 1KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 212KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e796873b675e71178720aa6a7e7b4a9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comdlg32

setupapi

wsock32

Sections

.c9rxny Size: 10KB - Virtual size: 11KB

.%bY Size: 1024B - Virtual size: 12KB

.;,bpn Size: 3KB - Virtual size: 3KB

.< Size: 1KB - Virtual size: 20KB

.#i!YS Size: 3KB - Virtual size: 44KB

.x960 Size: 1KB - Virtual size: 31KB

.rsrc Size: 212KB - Virtual size: 280KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

.c9rxny
Size: 10KB - Virtual size: 11KB

.%bY
Size: 1024B - Virtual size: 12KB

.;,bpn
Size: 3KB - Virtual size: 3KB

.<
Size: 1KB - Virtual size: 20KB

.#i!YS
Size: 3KB - Virtual size: 44KB

.x960
Size: 1KB - Virtual size: 31KB

.rsrc
Size: 212KB - Virtual size: 280KB