3d6857d4ca38b777ccd2dcf641f527b3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d6857d4ca38b777ccd2dcf641f527b3_JaffaCakes118
Size

421KB
MD5

3d6857d4ca38b777ccd2dcf641f527b3
SHA1

61c82b09e8e6f6917fcc7d1c71c5c86ec844dff9
SHA256

9c933ce975dba691bd245b6d5d3b62f1bc6fdf72862da67094e6a921a80d49d9
SHA512

8b64622ea874a1f6b562e58857ba34208e1a60cf2c3273b3d3dcc1e83ffeb8d56b7688fdefa866982877ea917505b889e7552d3364e273d0cf0b30373d079774
SSDEEP

12288:MyYjrOaZ8v4lL0o5lG4wMkR681o/lG4J8MkR6Z:MyYGaZ8v4lL0o5lG4wMkR681o/lG4J8+

Score

1^/10

Malware Config

Signatures

Files

3d6857d4ca38b777ccd2dcf641f527b3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2b4fcbad840c5c9b56e629f9d35673b5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:82:52:e7:8c:29:ac:b4:b8:b2:5f:b3:1d:9c:dd:60
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/07/2007, 00:00

Not After

05/09/2008, 23:59

Subject

CN=SAPIEN Technologies\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SAPIEN Technologies\, Inc.,L=Napa,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetModuleHandleA
GetCommandLineA
DeleteFileA
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
GetTickCount
GetLastError
FileTimeToSystemTime
FileTimeToDosDateTime
ReadFile
SetFilePointer
FindResourceA
GetFileInformationByHandle
GetFileType
CloseHandle
MapViewOfFile
CreateFileMappingA
CreateFileA
DuplicateHandle
GetCurrentProcess
WriteFile
UnmapViewOfFile
SystemTimeToFileTime
GetLocalTime
LoadResource
LockResource
GetFileSize
SizeofResource

user32

IsWindow

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

mfc42

ord535
ord561
ord815
ord541
ord801
ord540
ord800
ord665
ord1979
ord6385
ord5186
ord354
ord537
ord6883
ord4277
ord941
ord858
ord4129
ord5683
ord860
ord1168
ord1575
ord825
ord5442
ord823
ord3318
ord939
ord2818

msvcrt

malloc
fclose
fread
printf
fopen
_CxxThrowException
mktime
__dllonexit
_onexit
??1type_info@@UAE@XZ
fgetpos
_XcptFilter
_tzset
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
fseek
free
fsetpos
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
_access
_mbscmp
exit
sscanf
_stricmp
_exit
__p___initenv

msvcp60

??1bad_alloc@std@@UAE@XZ
??0bad_alloc@std@@QAE@ABV01@@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??0bad_alloc@std@@QAE@PBD@Z

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 372KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b4fcbad840c5c9b56e629f9d35673b5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

58:82:52:e7:8c:29:ac:b4:b8:b2:5f:b3:1d:9c:dd:60Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

mfc42

msvcrt

msvcp60

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 372KB - Virtual size: 370KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

58:82:52:e7:8c:29:ac:b4:b8:b2:5f:b3:1d:9c:dd:60
Certificate

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 372KB - Virtual size: 370KB