495c2a2070f7e44c0f8523257440fab9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

495c2a2070f7e44c0f8523257440fab9_JaffaCakes118
Size

144KB
MD5

495c2a2070f7e44c0f8523257440fab9
SHA1

3cfef444f203a810e5860a611f61c4f27a810f26
SHA256

1e41ac9aeb3afe18013d41c35575fce4a32d2681cc946807f18c1c954be2b7a7
SHA512

9baa48212d6bbd15edadf56612af788374cb776c10095f80b7ca3defbdee549eaae66a3586e1ef1d5fbd6222b6f40d9f06333d39761e4f54cb15656c1721f7ec
SSDEEP

3072:qeM0LyWrgZ3pyB5VJBlxnf6bXGVW6GOPVgfi1fT:qeN1gJQBVB1WOWfO

Score

1^/10

Malware Config

Signatures

Files

495c2a2070f7e44c0f8523257440fab9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6d8d2e350ea7386b3d87d3a777dd4ce3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/02/2009, 00:00

Not After

11/02/2012, 23:59

Subject

CN=Avira GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development 2009,O=Avira GmbH,L=Tettnang,ST=Baden-Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpi
lstrcpyA
TlsAlloc
GetTempFileNameA
GetModuleFileNameW
GetFileAttributesW
GetModuleFileNameA
ReplaceFileA
HeapCreate
VirtualAlloc
GetMailslotInfo
SearchPathA
WaitForMultipleObjects
GetThreadLocale
GetThreadPriority

user32

MessageBoxIndirectW
CreateAcceleratorTableW
EndMenu
GetMenuStringA
InsertMenuA
GetMenuInfo
SetWindowLongA
CreatePopupMenu
CheckRadioButton
GetDesktopWindow
GetWindowTextW
MonitorFromWindow
SetWindowTextA
CallWindowProcW
LoadIconA
TrackPopupMenuEx
GetMenuItemInfoW
CharPrevA
BringWindowToTop
AppendMenuA
IsWindow
MessageBeep
GetIconInfo
IsDlgButtonChecked
LoadCursorW
UpdateLayeredWindow
AppendMenuW
CallWindowProcA
DestroyWindow
GetClassLongA
WaitForInputIdle

gdi32

BitBlt
SetWindowOrgEx
GetTextExtentPointI
GetStockObject
GetTextMetricsA
SetMapMode
CreateScalableFontResourceW
EnumFontFamiliesA
CreatePalette

advapi32

RegDeleteValueW
RegReplaceKeyA
RegDeleteKeyW
RegDeleteValueA
RegOpenKeyExA
RegOpenKeyExA

shell32

ExtractIconA

opengl32

glGetMaterialfv
glTexParameterfv
glMaterialiv
glClearIndex
glRasterPos4dv
glRasterPos2sv
glTranslated
glColor3uiv
glRecti
glTexCoord2i
glColor4ub

wininet

DllInstall
DeleteUrlCacheEntryW
CommitUrlCacheEntryA
InternetQueryFortezzaStatus
GetUrlCacheConfigInfoW
InternetSetCookieA
InternetConnectA

urlmon

DllUnregisterServer
MkParseDisplayNameEx
CoInternetParseUrl
RevokeFormatEnumerator
BindAsyncMoniker
IsJITInProgress
IsLoggingEnabledA
GetComponentIDFromCLSSPEC
RegisterMediaTypeClass
CoInternetGetSession
CopyStgMedium
URLDownloadToCacheFileW
Extract
CreateAsyncBindCtxEx
CoInternetCompareUrl
URLDownloadW
CreateFormatEnumerator
DllGetClassObject
GetClassURL
PrivateCoInstall
IsLoggingEnabledW
CDLGetLongPathNameA

winspool.drv

DeletePrinterDataExW
FindNextPrinterChangeNotification
OpenPrinterW
SetPrinterDataExA
SetJobA
AddPrinterDriverExA
EnumPrintProcessorsA

inetcomm

MimeOleGetCodePageCharset
CreateIMAPTransport
MimeOleGetPropertySchema
MimeOleInetDateToFileTime
EssSecurityLabelEncodeEx
MimeOleSMimeCapsFromDlg
MimeOleGetInternat
MimeOleCreatePropertySet
GetDllMajorVersion
CreatePOP3Transport
MimeOleParseMhtmlUrl
EssSignCertificateDecodeEx
MimeEditDocumentFromStream
HrAthGetFileName
MimeOleGetAllocator
MimeOleFileTimeToInetDate
MimeOleGetExtContentType

Sections

.t6
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.1f'
Size: 512B - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.!n9
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qOY/iz
Size: 2KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Hi
Size: 1KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.2X0j
Size: 4KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d8d2e350ea7386b3d87d3a777dd4ce3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

opengl32

wininet

urlmon

winspool.drv

inetcomm

Sections

.t6 Size: 11KB - Virtual size: 11KB

.1f' Size: 512B - Virtual size: 39KB

.!n9 Size: 4KB - Virtual size: 3KB

.qOY/iz Size: 2KB - Virtual size: 45KB

.Hi Size: 1KB - Virtual size: 37KB

.2X0j Size: 4KB - Virtual size: 36KB

.rsrc Size: 112KB - Virtual size: 111KB

.reloc Size: 1024B - Virtual size: 638B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

.t6
Size: 11KB - Virtual size: 11KB

.1f'
Size: 512B - Virtual size: 39KB

.!n9
Size: 4KB - Virtual size: 3KB

.qOY/iz
Size: 2KB - Virtual size: 45KB

.Hi
Size: 1KB - Virtual size: 37KB

.2X0j
Size: 4KB - Virtual size: 36KB

.rsrc
Size: 112KB - Virtual size: 111KB

.reloc
Size: 1024B - Virtual size: 638B