3e9a9f86094a9b44dc022b93f2427d75_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3e9a9f86094a9b44dc022b93f2427d75_JaffaCakes118
Size

677KB
MD5

3e9a9f86094a9b44dc022b93f2427d75
SHA1

06ffc5b0267ead94440f311a99cc448c204fd92e
SHA256

a70999b02caca06fc4abfac8f131b6beb145c403fdfadbfa1fa7883b0ac75127
SHA512

a555c1fd68fc9ec6d56a2fec927c03a261ebdee3a9cfacf81ea9eb1b249a3cf0503f5596955f6bc70178c9872778a836b1ffe6be663f60eb2038a6d2cf888ef4
SSDEEP

12288:B7jGc8gU4G1/G7JYvWkD/8HwAx4DmtX5NQ+DGt2WkwcVpPU:tVU4G1/oJYv/S/x4DE5NQ+K9kwkU

Score

1^/10

Malware Config

Signatures

Files

3e9a9f86094a9b44dc022b93f2427d75_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a2d68c0f19ac50dac73cc43078349094

Code Sign

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

02/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:09:95:65:35:a8:89:f9:93:1b:de:f1:0f:f6:81:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/11/2011, 00:00

Not After

07/11/2012, 23:59

Subject

CN=Optimum Installer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Optimum Installer,L=Kansas City,ST=Missouri,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

28:19:44:bd:c3:e3:2d:a9:ee:a0:3f:93:73:03:26:d7:ea:3a:40:38
Signer

Actual PE Digest

28:19:44:bd:c3:e3:2d:a9:ee:a0:3f:93:73:03:26:d7:ea:3a:40:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
GetFileSizeEx
GetFileTime
GetTickCount
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapFree
HeapAlloc
GetDriveTypeA
GetCommandLineA
GetStartupInfoA
Sleep
ExitProcess
ExitThread
CreateThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
HeapSize
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapCreate
SetErrorMode
SetHandleCount
GetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
GetFileInformationByHandle
PeekNamedPipe
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetProcessHeap
GetLocaleInfoW
CompareStringW
SetEnvironmentVariableA
GetOEMCP
GetCPInfo
GetModuleHandleW
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetLastError
ReadFile
GetThreadLocale
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
GetCurrentDirectoryA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
InterlockedDecrement
GetModuleFileNameW
GlobalUnlock
LocalFree
MulDiv
FreeResource
GlobalFree
WritePrivateProfileStringA
GetCurrentProcessId
SetLastError
GlobalAddAtomA
CreateEventA
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
CreateProcessA
CreateToolhelp32Snapshot
Process32First
Process32Next
EnterCriticalSection
LeaveCriticalSection
FormatMessageA
InitializeCriticalSection
GetModuleHandleA
WriteFile
DeleteFileA
GetTempFileNameA
CreateFileA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateDirectoryA
lstrlenA
WaitForSingleObject
GetExitCodeProcess
InterlockedCompareExchange
LoadLibraryA
GetProcAddress
FreeLibrary
GetSystemDirectoryA
GetWindowsDirectoryA
GetTempPathA
GetModuleFileNameA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
CloseHandle
CreateMutexA
VirtualFree
CreateFileW

gdi32

GetTextExtentPoint32A
GetRgnBox
GetTextColor
GetBkColor
DPtoLP
GetMapMode
CreateRectRgnIndirect
CreateFontIndirectA
CreateSolidBrush
GetStockObject
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
SetStretchBltMode
StretchBlt
CreateCompatibleBitmap
GetDeviceCaps
GetCurrentObject
GetObjectA
CreateCompatibleDC
SelectObject
BitBlt
DeleteObject
SetBkMode

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegQueryInfoKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetFolderPathA
DragFinish
DragQueryFileA
ShellExecuteA

comctl32

ord17

shlwapi

PathStripToRootA
PathFindExtensionA
PathFindFileNameA
PathIsUNCA

oledlg

ord8

ole32

CoRegisterMessageFilter
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleFlushClipboard

oleaut32

SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy
SysAllocStringByteLen

urlmon

URLDownloadToFileA

Sections

.text
Size: 477KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2d68c0f19ac50dac73cc43078349094

Code Sign

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:beCertificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

08:09:95:65:35:a8:89:f9:93:1b:de:f1:0f:f6:81:4aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

28:19:44:bd:c3:e3:2d:a9:ee:a0:3f:93:73:03:26:d7:ea:3a:40:38Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

Sections

.text Size: 477KB - Virtual size: 477KB

.rdata Size: 91KB - Virtual size: 90KB

.data Size: 18KB - Virtual size: 39KB

.rsrc Size: 84KB - Virtual size: 83KB

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

08:09:95:65:35:a8:89:f9:93:1b:de:f1:0f:f6:81:4a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

28:19:44:bd:c3:e3:2d:a9:ee:a0:3f:93:73:03:26:d7:ea:3a:40:38
Signer

.text
Size: 477KB - Virtual size: 477KB

.rdata
Size: 91KB - Virtual size: 90KB

.data
Size: 18KB - Virtual size: 39KB

.rsrc
Size: 84KB - Virtual size: 83KB