44300d48fccd5aaf27f4c863421c0d47_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

44300d48fccd5aaf27f4c863421c0d47_JaffaCakes118
Size

26KB
MD5

44300d48fccd5aaf27f4c863421c0d47
SHA1

cc3801104d050d34e37de1533304f3b9b5d18926
SHA256

7300569a4fbf4721a118455e1a16ab42a5bcd07c8be47ddce1f873c4d92f2f0e
SHA512

cad1313d7cc520636d09983b7bd7a98a000ec0fcedcb776c04baae2261780d7a1bdf617b2c268259313b12d339189a99f00ea1bb5f2c2c2072181f16b966de78
SSDEEP

384:p+aFMnwekmJInDq2uRHzKbmNARK6yWQoLxME3:pjekqIne2uRHzKbm2pBQP2

Score

1^/10

Malware Config

Signatures

Files

44300d48fccd5aaf27f4c863421c0d47_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9525c15af3031eec63f20a59550e4667

Code Sign

01:a5
Certificate

Issuer

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Not Before

13/08/1998, 00:29

Not After

13/08/2018, 23:59

Subject

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

01:00:00:00:00:01:1f:71:31:72:c9
Certificate

Issuer

CN=Cybertrust SureServer CA,O=GlobalSign Inc

Not Before

13/02/2009, 19:00

Not After

13/02/2011, 19:00

Subject

CN=inpack.syniverse.com,OU=Crossroads,O=Syniverse Technologies Inc.,L=Tampa,ST=Florida,C=US,1.2.840.113549.1.9.1=#0c1f62656c696e64612e6a61626c6f6e736b694073796e6976657273652e636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

04:00:03:cb
Certificate

Issuer

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Not Before

16/02/2005, 19:14

Not After

16/02/2012, 23:59

Subject

CN=Cybertrust SureServer CA,O=GlobalSign Inc

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:94:1f:0b:17:d4:6a:eb:7c:40:22:d2:23:ae:e9:c0:31:6e:e1:1f
Signer

Actual PE Digest

6a:94:1f:0b:17:d4:6a:eb:7c:40:22:d2:23:ae:e9:c0:31:6e:e1:1f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpQueryInfoA
InternetErrorDlg
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetOpenA
InternetReadFile
InternetConnectA

advapi32

GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

user32

GetMessageA
GetDesktopWindow
PostThreadMessageA

shlwapi

PathFileExistsA

msvcrt

exit
strncpy
strlen
sprintf
_sleep
printf
fclose
fwrite
fopen
strtok
strncmp
free
atoi
_strupr
_strnicmp
strcmp
strcat
memset
_snprintf
realloc
malloc
strrchr
memcpy
_strdup
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

iphlpapi

GetAdaptersInfo

ws2_32

WSAStartup
gethostname
gethostbyname
inet_ntoa
WSACleanup

shell32

DoEnvironmentSubstA

psapi

GetModuleBaseNameA
EnumProcesses
EnumProcessModules

kernel32

OpenProcess
GetComputerNameA
CreateProcessA
GetVersionExA
GetLastError
GetModuleHandleA
GetStartupInfoA
CreateFileA
DeviceIoControl
CloseHandle
DeleteFileA
GetCurrentThreadId
Sleep
CreateMutexA

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9525c15af3031eec63f20a59550e4667

Code Sign

01:a5Certificate

01:00:00:00:00:01:1f:71:31:72:c9Certificate

Key Usages

04:00:03:cbCertificate

Key Usages

6a:94:1f:0b:17:d4:6a:eb:7c:40:22:d2:23:ae:e9:c0:31:6e:e1:1fSigner

Headers

File Characteristics

Imports

wininet

advapi32

user32

shlwapi

msvcrt

iphlpapi

ws2_32

shell32

psapi

kernel32

Sections

.text Size: 12KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 24KB

01:a5
Certificate

01:00:00:00:00:01:1f:71:31:72:c9
Certificate

04:00:03:cb
Certificate

6a:94:1f:0b:17:d4:6a:eb:7c:40:22:d2:23:ae:e9:c0:31:6e:e1:1f
Signer

.text
Size: 12KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 24KB