488c845c9cb9009b8b69fa978aa7964e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

488c845c9cb9009b8b69fa978aa7964e_JaffaCakes118
Size

4.1MB
MD5

488c845c9cb9009b8b69fa978aa7964e
SHA1

6300d6c8d9888270c1d97db1375df71300b45015
SHA256

e07104e0c101cb95abaac51e9aaa5276f321111804e2bcb4a6c6995874cb2a30
SHA512

c9839448d1311e110f7acd700ca26ece7acdcb3d41fb1040e07077382224cf0b5a48ac85bc23e0cccc94a561f734797bc2ab8535f9efe7f25e9e8a0ff8c592e3
SSDEEP

98304:KAoT9nCHexNs3Yt3XD8b/7ccwAYaLu5EUZsxYcTC+8dd:2ZCHm+3mgb9za0xYr+87

Score

1^/10

Malware Config

Signatures

Files

488c845c9cb9009b8b69fa978aa7964e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3a057d8e2436bad9e0ae8c20a8d4d334

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:37:71:57:3a:5e:82:02:f5:44:ae:d9:b5:7f:3c:49
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/11/2014, 00:00

Not After

06/02/2017, 23:59

Subject

CN=Vincent Burel,OU=Individual Developer,O=No Organization Affiliation,L=Eymet,ST=Dordogne,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

81:02:d9:b1:27:ac:2a:7f:1e:c8:e3:18:56:b3:64:cb:31:bf:f1:6d
Signer

Actual PE Digest

81:02:d9:b1:27:ac:2a:7f:1e:c8:e3:18:56:b3:64:cb:31:bf:f1:6d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
GetStringTypeW
GetStringTypeA
SetStdHandle
LoadLibraryA
GetOEMCP
GetACP
LCMapStringW
MultiByteToWideChar
GetCPInfo
SetFilePointer
WriteFile
TlsGetValue
SetLastError
DeviceIoControl
GetTickCount
CreateFileA
GetLastError
CreateMutexA
ReleaseMutex
WaitForSingleObject
CloseHandle
GetModuleHandleA
GetProcAddress
GetCurrentProcess
LCMapStringA
GetVersionExA
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
GetStdHandle
HeapFree
HeapAlloc
HeapReAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount

user32

GetMessageA
DispatchMessageA
TranslateMessage
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
ShowWindow
UpdateWindow
GetSystemMetrics
SetWindowPos
SetTimer
BeginPaint
EndPaint
KillTimer
PostQuitMessage
GetDC
ReleaseDC
DefWindowProcA
MessageBoxA
DrawTextA
LoadBitmapA
PostMessageA
SystemParametersInfoA

gdi32

SetBkMode
SetTextColor
Rectangle
CreateCompatibleDC
SelectObject
GetObjectA
BitBlt
DeleteDC
DeleteObject
CreateFontIndirectA
CreateBrushIndirect
GetStockObject

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteA

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 772KB - Virtual size: 769KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a057d8e2436bad9e0ae8c20a8d4d334

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:37:71:57:3a:5e:82:02:f5:44:ae:d9:b5:7f:3c:49Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

81:02:d9:b1:27:ac:2a:7f:1e:c8:e3:18:56:b3:64:cb:31:bf:f1:6dSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

setupapi

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 772KB - Virtual size: 769KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:37:71:57:3a:5e:82:02:f5:44:ae:d9:b5:7f:3c:49
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

81:02:d9:b1:27:ac:2a:7f:1e:c8:e3:18:56:b3:64:cb:31:bf:f1:6d
Signer

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 772KB - Virtual size: 769KB