42bdfe9308c3576ed33a3ecf079aa6e4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

42bdfe9308c3576ed33a3ecf079aa6e4_JaffaCakes118
Size

314KB
MD5

42bdfe9308c3576ed33a3ecf079aa6e4
SHA1

a082209f99724d146230c019070eca5554e48ab7
SHA256

1d789d4a011aa25e5b65044714ed0661ffc2559da2976956f6d1fa46f9db995e
SHA512

0566dcfc021ef0b30c5a796e7009335256239dce1729dc6ae93266536651954bc38d02612c4f9f6838f453a95a0340609e8f3b261ceb6cecfe3f890031486b13
SSDEEP

6144:Ab3PWQkG1cMrKFCo80wdxwmE3z7IC3ScyV7x54s:A8lmdxXE3vZ3la5

Score

1^/10

Malware Config

Signatures

Files

42bdfe9308c3576ed33a3ecf079aa6e4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5ee340aeca42c605afb4e1b2f350e215

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/10/2008, 21:24

Not After

22/01/2010, 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8b:cd:65:0b:b0:ef:1c:4e:5e:e4:76:f2:aa:d3:b7:59:88:a5:f8:a5
Signer

Actual PE Digest

8b:cd:65:0b:b0:ef:1c:4e:5e:e4:76:f2:aa:d3:b7:59:88:a5:f8:a5

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

csc.pdb

Imports

msvcr80

_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
exit
_XcptFilter
_exit
_cexit
??3@YAXPAX@Z
__getmainargs
_amsg_exit
bsearch
wcstok_s
wcstoul
wcschr
_wsplitpath_s
wcsrchr
swscanf_s
_wcsnicmp
isxdigit
iswspace
_errno
??2@YAPAXI@Z
fflush
fgetws
wcsftime
vfwprintf_s
btowc
fread
fclose
fwrite
_open_osfhandle
_fdopen
_mbsinc
fwprintf_s
wcspbrk
wprintf_s
printf_s
_mbspbrk
vswprintf_s
_vscwprintf
wcsncpy_s
_vsnwprintf_s
_wsetlocale
swprintf_s
_setmode
__iob_func
memcpy
memset
wcsncmp
_swab
_access_s
_waccess_s
_get_osfhandle
_fileno
_time64
_localtime64_s
_wcsicmp
memcpy_s
_crt_debugger_hook

kernel32

SetLastError
GetShortPathNameA
GetShortPathNameW
ReadFile
GetACP
CloseHandle
GetFileSize
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
GetFullPathNameA
GetFullPathNameW
CreateFileA
CreateFileW
LocalAlloc
GetProcAddress
LoadLibraryA
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
InterlockedIncrement
InterlockedDecrement
lstrlenW
GetFileType
GetConsoleMode
GetConsoleCP
GetCurrentDirectoryW
GetCurrentDirectoryA
MultiByteToWideChar
AreFileApisANSI
FormatMessageW
HeapAlloc
GetProcessHeap
FormatMessageA
HeapFree
GetLastError
GetConsoleOutputCP
WideCharToMultiByte
GetConsoleScreenBufferInfo
GetStdHandle
GetModuleFileNameA
FreeLibrary
GetVersionExA
GetCommandLineW
GetModuleFileNameW
IsValidCodePage
FindClose

mscoree

CorBindToCurrentRuntime
GetCORVersion
LoadLibraryShim

ole32

CoInitializeEx
CoUninitialize

oleaut32

SysStringLen
SysAllocString
GetErrorInfo
SysFreeString
VariantInit
VariantClear
SysAllocStringLen

shlwapi

PathCommonPrefixW
PathCanonicalizeW
PathRemoveFileSpecW
PathAppendW
PathIsUNCW
PathIsURLW
PathRelativePathToW

user32

LoadStringA
LoadStringW

cscomp

GetMessageDll
CreateCompilerFactory

advapi32

CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptReleaseContext
CryptGetHashParam
CryptHashData

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ee340aeca42c605afb4e1b2f350e215

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:06:27:81:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

8b:cd:65:0b:b0:ef:1c:4e:5e:e4:76:f2:aa:d3:b7:59:88:a5:f8:a5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr80

kernel32

mscoree

ole32

oleaut32

shlwapi

user32

cscomp

advapi32

Sections

.text Size: 60KB - Virtual size: 59KB

.data Size: 6KB - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 1KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:06:27:81:00:00:00:00:00:08
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

8b:cd:65:0b:b0:ef:1c:4e:5e:e4:76:f2:aa:d3:b7:59:88:a5:f8:a5
Signer

.text
Size: 60KB - Virtual size: 59KB

.data
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 1KB