4782e70efb9df6acf80df18fc29c14cf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4782e70efb9df6acf80df18fc29c14cf_JaffaCakes118
Size

148KB
MD5

4782e70efb9df6acf80df18fc29c14cf
SHA1

06aa5c72fbbc2dbe5fa235f6c5b7062f8c062d8a
SHA256

636fb074e8bd2ad77a8f3a33ab6d8f3cc5c2a47434acc01e65b5834e31159423
SHA512

4af8d3759e02f966590e40fd961ecd2e10198304231f35600f8f2604ad1714c66475401f956cc8a25ec8e00e385b15fa9aab3f6d4ca86d112c7afadb4e377ee7
SSDEEP

3072:w2Gh4HoROHLkXikTQsKU83YDgmnvdCqoCWedSEVxvm+/P7:8h5383+nvc5CWeRxeiz

Score

1^/10

Malware Config

Signatures

Files

4782e70efb9df6acf80df18fc29c14cf_JaffaCakes118
.exe windows:0 windows x86 arch:x86

6f2fe38dbad7dfd5cf3134b8b7525fb2

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/09/2006, 00:00

Not After

24/11/2007, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ae:be:4c:ff:86:76:5e:2b:e9:01:19:0e:ca:46:a7:4d:8a:14:02:4e
Signer

Actual PE Digest

ae:be:4c:ff:86:76:5e:2b:e9:01:19:0e:ca:46:a7:4d:8a:14:02:4e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegisterTraceGuidsW
StartTraceW
TraceEvent
LookupAccountSidA
LookupAccountSidW
OpenTraceW
ProcessTrace
CloseTrace
StopTraceW

kernel32

FindNextFileW
FindFirstFileW
SetThreadLocale
GetSystemDefaultLCID
GetConsoleOutputCP
GetThreadLocale
GetUserDefaultUILanguage
LocalFree
WriteConsoleW
GetFileType
FormatMessageW
GetModuleHandleW
ReadConsoleW
MultiByteToWideChar
ReadFile
SetConsoleMode
GetConsoleMode
CloseHandle
CreateFileW
SystemTimeToFileTime
FreeLibrary
DeleteFileW
LockResource
LoadResource
FindResourceW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersionExA
ExitProcess
GetLastError
GetModuleHandleA
GetACP
GetOEMCP
GetCPInfo
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
WideCharToMultiByte
GetSystemInfo
VirtualQuery
LCMapStringA
LCMapStringW
RtlUnwind
InterlockedExchange
GetStringTypeA
GetStringTypeW
HeapReAlloc
SetFilePointer
GetLocaleInfoA
RaiseException
SetStdHandle
FlushFileBuffers
SetEndOfFile
Sleep
lstrlenA
FileTimeToLocalFileTime
FileTimeToSystemTime
SetLastError
ExpandEnvironmentStringsW
GetStringTypeExW
GetLocaleInfoW
SetConsoleTextAttribute
GetStdHandle
GetConsoleScreenBufferInfo
GetProcessHeap
HeapAlloc
HeapFree
SetEvent
lstrlenW
GetLocalTime
VirtualAllocEx

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

user32

LoadStringW
CharToOemW
wsprintfW
GetSystemMenu
CreateWindowExA

rpcrt4

UuidCreate

ole32

CoCreateInstance
CoInitialize
CoSetProxyBlanket

oleaut32

SafeArrayUnaccessData
VariantClear
SysAllocString
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SysFreeString
SafeArrayGetElement
VariantInit
VariantChangeType
SafeArrayDestroy

ntdll

RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlFreeUnicodeString
RtlStringFromGUID
RtlEnterCriticalSection
RtlAnsiCharToUnicodeChar

msi

MsiGetLanguage
MsiOpenProductW
MsiSourceListAddSourceA
MsiInvalidateFeatureCache
MsiDatabaseExportW
MsiConfigureProductExW
MsiSourceListForceResolutionW
MsiOpenPackageExA
MsiSourceListClearMediaDiskA
MsiRecordGetStringA
MsiGetSummaryInformationW
DllGetVersion
MsiGetComponentStateW
MsiGetPatchInfoW
MsiGetComponentPathA
MsiGetProductCodeA
MsiRecordSetStringW
MsiEnumFeaturesW
MsiGetProductInfoFromScriptW
MsiProcessAdvertiseScriptW
MsiExtractPatchXMLDataA
MsiSourceListClearSourceW

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f2fe38dbad7dfd5cf3134b8b7525fb2

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4Certificate

Extended Key Usages

Key Usages

ae:be:4c:ff:86:76:5e:2b:e9:01:19:0e:ca:46:a7:4d:8a:14:02:4eSigner

Headers

File Characteristics

Imports

advapi32

kernel32

version

user32

rpcrt4

ole32

oleaut32

ntdll

msi

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 9KB - Virtual size: 108KB

.rsrc Size: 103KB - Virtual size: 102KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

ae:be:4c:ff:86:76:5e:2b:e9:01:19:0e:ca:46:a7:4d:8a:14:02:4e
Signer

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 9KB - Virtual size: 108KB

.rsrc
Size: 103KB - Virtual size: 102KB