3fabfee1f3f5abc6aef937d20308c69a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3fabfee1f3f5abc6aef937d20308c69a_JaffaCakes118
Size

151KB
MD5

3fabfee1f3f5abc6aef937d20308c69a
SHA1

da51afb24ddb5dcce0a5068d8c44d34d43ae4f78
SHA256

e88dab747790586a28ad6a66f2b4cc5e6d08f5ac5e32608e1fb01805df5df1f3
SHA512

8512daad0bea07ac8804b47eafb6ec1a477f3188f82d6f358ce5b452de2e28bbe2639efccb9fc90f5dbfcce7bc0113b1ed215741677b688de428dc653d152503
SSDEEP

3072:Xd2RlJxup0QBgHISyes51BmevB/y58q1w2H8lbA:XPpRSyeGBm4FqwI8lbA

Score

1^/10

Malware Config

Signatures

Files

3fabfee1f3f5abc6aef937d20308c69a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0780a4bb831583eb19d8da9e9433cc61

Code Sign

6b:6a:eb:61:73:90:d2:af:db:01:0f:72:65:7a:0b:6f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/05/2011, 00:00

Not After

09/05/2012, 23:59

Subject

CN=TZT USA INDUSTRIES,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TZT USA INDUSTRIES,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c7:86:75:a3:82:f6:ab:f9:8d:35:61:f6:f1:db:95:70:38:c2:da:35
Signer

Actual PE Digest

c7:86:75:a3:82:f6:ab:f9:8d:35:61:f6:f1:db:95:70:38:c2:da:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileA
MultiByteToWideChar
Sleep
VirtualFreeEx
GetModuleFileNameA
ResumeThread
GetStartupInfoA
MoveFileA
CreateDirectoryA
CopyFileA
GetTickCount
GetVersion
ExpandEnvironmentStringsA
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
SetUnhandledExceptionFilter
RtlUnwind
GetModuleHandleA
GetCommandLineA
ExitProcess
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
GetStringTypeW

shell32

SHGetSpecialFolderPathA

shlwapi

StrStrIA
SHDeleteValueA
SHSetValueA
SHGetValueA

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0780a4bb831583eb19d8da9e9433cc61

Code Sign

6b:6a:eb:61:73:90:d2:af:db:01:0f:72:65:7a:0b:6fCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

c7:86:75:a3:82:f6:ab:f9:8d:35:61:f6:f1:db:95:70:38:c2:da:35Signer

Headers

File Characteristics

Imports

kernel32

shell32

shlwapi

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 116KB - Virtual size: 171KB

.rsrc Size: 4KB - Virtual size: 1KB

6b:6a:eb:61:73:90:d2:af:db:01:0f:72:65:7a:0b:6f
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

c7:86:75:a3:82:f6:ab:f9:8d:35:61:f6:f1:db:95:70:38:c2:da:35
Signer

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 116KB - Virtual size: 171KB

.rsrc
Size: 4KB - Virtual size: 1KB