4816c2590f84931725ac3e22c3d465b5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4816c2590f84931725ac3e22c3d465b5_JaffaCakes118
Size

175KB
MD5

4816c2590f84931725ac3e22c3d465b5
SHA1

a65d2edb71818f7be1a786aed65f26b62b4881ed
SHA256

6dfa187f56f9072c9256b06825cfc2ce750e7d22e5173220ec88d82bfc4c28f7
SHA512

0821575198d626856475833c3cf6524a37abb146319b0b0229660d835edca6c1976653fab3ab695c862dec915aea4f6e7c1e9478afbac0521783f6e10351f3b2
SSDEEP

3072:h/WebfWRYumOfbCULAUSb8jvbKvckRqR0iG03ddq1cqETbgWCB8vLq9br2mI:xBbfKvLSb86vck8R0303+cqETJC8+5i

Score

1^/10

Malware Config

Signatures

Files

4816c2590f84931725ac3e22c3d465b5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

59d0101dfc32dfacba91cb02cebd7f4f

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/11/2011, 00:00

Not After

13/11/2014, 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1a:29:07:94:79:f9:06:98:15:b3:f8:7d:36:d1:91:a7:36:ed:fe:41
Signer

Actual PE Digest

1a:29:07:94:79:f9:06:98:15:b3:f8:7d:36:d1:91:a7:36:ed:fe:41

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
HeapFree
EncodePointer
HeapDestroy
InterlockedIncrement
GetModuleFileNameW
GetStdHandle
WriteFile
DecodePointer
ExitProcess
GetModuleHandleW
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
HeapSetInformation
GetCommandLineA
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryW
FindResourceA
GetLocaleInfoW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
RtlUnwind
HeapSize
LCMapStringW
MultiByteToWideChar
GetSystemInfo
LockResource
LoadLibraryA
GetProcAddress
lstrcmpiA
MulDiv
GetSystemPowerStatus
GetDateFormatA
LoadResource
FreeResource
HeapCreate
HeapAlloc
GetLastError
HeapReAlloc
GetStringTypeW

user32

EndPaint
DestroyWindow
GetMessageA
SetWindowRgn
GetWindowRect
RegisterClassExA
PostQuitMessage
FillRect
KillTimer
IsZoomed
DrawTextA
SetForegroundWindow
LoadStringA
GetFocus
LoadBitmapA
LoadIconA
MessageBeep
IsWindowEnabled
GetClientRect
SetFocus
GrayStringA
SetRectEmpty
ShowCaret
BeginPaint
GetDC
TranslateMessage
LockWindowUpdate
SetSysColors
SetRect
IntersectRect
MessageBoxA
SetCursorPos
SystemParametersInfoW
CreateWindowExA
TranslateAcceleratorA
EndDialog
DefWindowProcA
GetDesktopWindow
GetSysColor
GetCursorPos
LoadAcceleratorsA
ShowWindow
GetSysColorBrush
LoadBitmapW
CreateCaret
IsWindow
DispatchMessageA
SystemParametersInfoA
BeginDeferWindowPos
UpdateWindow
EnableWindow
AdjustWindowRect
FindWindowA
LoadCursorA
DialogBoxParamA
CopyRect

gdi32

CreateEllipticRgn
CreatePolygonRgn
MoveToEx
LineTo
SetTextColor
Polygon
CreateFontA
GetDeviceCaps
StretchBlt
SetPixel
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
SetMapMode
CreateCompatibleBitmap
FillRgn
CreateRectRgn
GetTextMetricsA
SetTextAlign
GetPixel
GetStockObject
ExtTextOutA
TextOutA
GetRgnBox

advapi32

AddAce
IsValidSid
OpenSCManagerA
AddAccessAllowedAce
AllocateAndInitializeSid
AddAccessDeniedAce
InitializeSecurityDescriptor
LookupAccountNameA
EnumServicesStatusA
CloseServiceHandle
InitiateSystemShutdownA

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59d0101dfc32dfacba91cb02cebd7f4f

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70Certificate

Extended Key Usages

Key Usages

1a:29:07:94:79:f9:06:98:15:b3:f8:7d:36:d1:91:a7:36:ed:fe:41Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 53KB - Virtual size: 52KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 9KB

.rsrc Size: 101KB - Virtual size: 100KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

1a:29:07:94:79:f9:06:98:15:b3:f8:7d:36:d1:91:a7:36:ed:fe:41
Signer

.text
Size: 53KB - Virtual size: 52KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 9KB

.rsrc
Size: 101KB - Virtual size: 100KB