47ff2c5557e30b370d935e0c3d81b1b1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

47ff2c5557e30b370d935e0c3d81b1b1_JaffaCakes118
Size

136KB
MD5

47ff2c5557e30b370d935e0c3d81b1b1
SHA1

88eb81c3d1a2eee9a7bc9f9588809d1609424b59
SHA256

97031c023a47f7958f94f420de8c148eb303f6771da4c3e58ed1378463b7f332
SHA512

f60859870fc8fe800c35c2e6151b919512f3df995b5b48b4642f3b3356a25e434b5cbbe24c3f4bce8bb6cfe9a2aafa7c28e0e49ef9b188bd4248498109735329
SSDEEP

3072:a/0IM09UemDMvi9Ba21IhklMOOHHkoB4vq5kzaJ8Fi:a/0i9UemDwi9BaHkihHHkoB4eai

Score

1^/10

Malware Config

Signatures

Files

47ff2c5557e30b370d935e0c3d81b1b1_JaffaCakes118
.exe windows:6 windows x86 arch:x86

eeb461088312065eee80e5a7f3ad8d9b

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

35:59:8d:b7:29:7b:0f:b1:6f:7f:02:83:9f:1a:7f:48
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/03/2006, 00:00

Not After

13/04/2007, 23:59

Subject

CN=Agere Systems,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LVCC,O=Agere Systems,L=Allentown,ST=Pennsylvania,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c7:10:9e:34:a4:d5:9e:ec:2c:60:6c:32:9d:e0:5c:2b:b6:4e:1e:b8
Signer

Actual PE Digest

c7:10:9e:34:a4:d5:9e:ec:2c:60:6c:32:9d:e0:5c:2b:b6:4e:1e:b8

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\setup.202\ltsetup\objfre_w2k_x86\i386\setup.pdb

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyA
CloseServiceHandle
QueryServiceStatus
OpenServiceA
OpenSCManagerA

kernel32

lstrcpyA
CloseHandle
GetProcAddress
LoadLibraryA
MoveFileExA
MoveFileA
CreateFileA
GetPrivateProfileStringA
lstrlenA
FindNextFileA
SetFileAttributesA
CopyFileA
FindFirstFileA
GetCurrentProcess
lstrcpynA
CreateDirectoryA
Sleep
RemoveDirectoryA
WriteFile
GetLocalTime
GlobalFree
GlobalAlloc
FindClose
FreeLibrary
GetLastError
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
SetCurrentDirectoryA
SearchPathA
GetDriveTypeA
GetPrivateProfileIntA
GetShortPathNameA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
lstrcatA
DeleteFileA
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
SetUnhandledExceptionFilter

gdi32

GetStockObject

user32

GetMessageA
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadStringA
LoadIconA
EndDialog
IsDialogMessageA
ExitWindowsEx
KillTimer
wsprintfA
FindWindowA
MessageBoxA
UpdateWindow
ShowWindow
DestroyWindow
TranslateMessage
DispatchMessageA
CreateDialogParamA
SetTimer
DefWindowProcA
PostQuitMessage
DialogBoxParamA
GetDlgItem
SendMessageA
BringWindowToTop

msvcrt

_spawnl
__getmainargs
_cexit
_exit
memcpy
_ismbblead
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
memset
malloc
_spawnv
fopen
fgetc
_access
fclose
atoi
_itoa
mbstowcs
_getcwd
strtok
_mbsupr
_mbsinc
_mbsicmp
_mbstok
_mbsstr
_mbschr
_XcptFilter
_mbscmp

ntdll

RtlUnwind

setupapi

SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyA
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiDeleteDeviceInfo

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

uivwcvq
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

eeb461088312065eee80e5a7f3ad8d9b

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

35:59:8d:b7:29:7b:0f:b1:6f:7f:02:83:9f:1a:7f:48Certificate

Extended Key Usages

Key Usages

c7:10:9e:34:a4:d5:9e:ec:2c:60:6c:32:9d:e0:5c:2b:b6:4e:1e:b8Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ntdll

setupapi

Sections

.text Size: 54KB - Virtual size: 53KB

.data Size: 1KB - Virtual size: 16KB

.rsrc Size: 48KB - Virtual size: 49KB

uivwcvq Size: 31KB - Virtual size: 32KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

35:59:8d:b7:29:7b:0f:b1:6f:7f:02:83:9f:1a:7f:48
Certificate

c7:10:9e:34:a4:d5:9e:ec:2c:60:6c:32:9d:e0:5c:2b:b6:4e:1e:b8
Signer

.text
Size: 54KB - Virtual size: 53KB

.data
Size: 1KB - Virtual size: 16KB

.rsrc
Size: 48KB - Virtual size: 49KB

uivwcvq
Size: 31KB - Virtual size: 32KB