48f7c0e1eb97736cb1e8e5c95214d423_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

48f7c0e1eb97736cb1e8e5c95214d423_JaffaCakes118
Size

54KB
MD5

48f7c0e1eb97736cb1e8e5c95214d423
SHA1

2daf15c3f2e6cad69a7b3c3731d96099d74087f4
SHA256

487d4b5b90605690621789f16a9a2bc9f2ff57b9c1f4218f6018c0cbbe12617d
SHA512

b74abc2da4c22f79cdc962cb2941325b8c9a646563d3f860f840b40967a24dd2bf598843566b7d9ec85e085030b67c959a6c18eb35b8ccb1fd84ca380dfe7f6f
SSDEEP

768:+9mtQqv5OfQ6ggOYCMzCJFYVzvJjhJooFKhBLI75yQAAkp6:+9mvv5OqgkMaWFrogKhK1yTFp6

Score

1^/10

Malware Config

Signatures

Files

48f7c0e1eb97736cb1e8e5c95214d423_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dbfc68c605cf9c77a3db0b82f18e17a2

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

4a:29:3e:9d:1d:8c:40:7f:17:49:ff:7d:61:5f:8e:75
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

12/12/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2001-4 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2d:11:30:18:52:79:70:8b:88:c6:5e:ff:86:d6:26:62
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2001-4 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Not Before

26/11/2002, 00:00

Not After

26/11/2003, 23:59

Subject

CN=Edi On Web srl,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Edi On Web srl,L=Cascina,ST=Pisa,C=IT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GlobalAlloc
GlobalFree
CopyFileA
lstrcpyA
lstrcatA
CloseHandle
GetCommandLineA
WinExec
GetVersion
VirtualFree
LCMapStringW
LCMapStringA
LoadLibraryA
GetProcAddress
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
WriteFile
RtlUnwind
HeapFree
GetModuleHandleA
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
lstrcmpiA
ExitProcess
GetStartupInfoA

user32

TranslateMessage
DispatchMessageA
LoadCursorA
IsDialogMessageA
GetMessageA
CreateWindowExA
RegisterClassA
SetCursor
CreatePopupMenu
AppendMenuA
GetCursorPos
TrackPopupMenu
DestroyMenu
CreateDialogParamA
GetWindowTextA
EndDialog
DestroyIcon
DefWindowProcA
SendMessageA
GetDlgItem
KillTimer
SetWindowTextA
SetTimer
UpdateWindow
ShowWindow
DialogBoxParamA
wsprintfA
MessageBoxA
PostQuitMessage
LoadImageA
RegisterClassExA
LoadIconA

gdi32

CreateSolidBrush
SetBkColor

advapi32

RegCloseKey
RegQueryValueA
RegOpenKeyExA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
ExtractIconA
SHGetPathFromIDListA
ShellExecuteA
Shell_NotifyIconA

rasapi32

RasSetEntryPropertiesA
RasHangUpA
RasGetConnectStatusA
RasEnumDevicesA
RasEnumConnectionsA
RasValidateEntryNameA
RasDeleteEntryA
RasDialA

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbfc68c605cf9c77a3db0b82f18e17a2

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

4a:29:3e:9d:1d:8c:40:7f:17:49:ff:7d:61:5f:8e:75Certificate

Extended Key Usages

Key Usages

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

2d:11:30:18:52:79:70:8b:88:c6:5e:ff:86:d6:26:62Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

rasapi32

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 12KB - Virtual size: 9KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

4a:29:3e:9d:1d:8c:40:7f:17:49:ff:7d:61:5f:8e:75
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

2d:11:30:18:52:79:70:8b:88:c6:5e:ff:86:d6:26:62
Certificate

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 12KB - Virtual size: 9KB