4a614168d85d6df4257df96c2d10d44b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4a614168d85d6df4257df96c2d10d44b_JaffaCakes118
Size

31KB
MD5

4a614168d85d6df4257df96c2d10d44b
SHA1

f5cb1c99ec13ce85e76c27a947c1102c05e75fd9
SHA256

6f3e36bb94f495721b2fefb38e0ecb01960a9b2c681ebb042159b2bb9b1617c6
SHA512

74d769f36c224d340873a67038be10f913e2b3cbde9d8deb32f8f52ff19396a6bd983235ad78e1f76eed163dd3f69fa0437a0731b5b6e7828e35706dfa43f82f
SSDEEP

768:CBw9FJ79OXs6Z5qxM+hVVYQ2J+LSL39bh:J9P796s6XqxMjQHLSJh

Score

1^/10

Malware Config

Signatures

Files

4a614168d85d6df4257df96c2d10d44b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c5b6116620867562af54707bd05c0fb0

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:55:3e:9d:bd:ea:a7:c5:d2:e5:d1:2e:3c:96:b5:61
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

14/03/2005, 00:00

Not After

08/04/2006, 23:59

Subject

CN=WHENU.COM INC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Department,O=WHENU.COM INC,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
GetCommandLineA
CreateDirectoryA
GetWindowsDirectoryA
FindClose
FindFirstFileA
GetTempPathA
GetShortPathNameA
GetModuleFileNameA
WideCharToMultiByte
lstrlenW
lstrcmpiA
SetLastError
CloseHandle
WriteFile
CreateFileA
SizeofResource
LockResource
LoadResource
FindResourceA
GetFileAttributesA
Sleep
GetTickCount
TerminateProcess
WaitForSingleObject
OpenProcess
lstrcmpA
ResumeThread
SetPriorityClass
GetCurrentProcess
GetCurrentThread
SetThreadPriority
CreateProcessA
GetTempFileNameA
MultiByteToWideChar
HeapAlloc
GetSystemInfo
GetVersionExA
HeapCreate
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetModuleHandleA
GetStartupInfoA
ExitProcess
DebugBreak
HeapReAlloc
HeapFree
lstrlenA
lstrcpyA
GetLastError
FormatMessageA
LocalFree
RemoveDirectoryA
DeleteFileA

user32

GetWindowRect
GetWindow
GetParent
GetSystemMetrics
CreateWindowExA
RegisterClassExA
LoadCursorA
GetClassInfoExA
SystemParametersInfoA
SetWindowPos
PeekMessageA
IsWindow
GetWindowThreadProcessId
SendMessageTimeoutA
CreateDialogParamA
UpdateWindow
GetClientRect
MapWindowPoints
CallWindowProcA
GetWindowLongA
CharNextA
SetWindowLongA
DestroyWindow
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
PostMessageA
FindWindowA
SetForegroundWindow
SendMessageA
GetMessageA
DispatchMessageA
wsprintfA
ShowWindow
MessageBoxA
PostQuitMessage
DefWindowProcA
SetWindowTextA

advapi32

RegCloseKey
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA

ole32

StringFromGUID2
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysAllocStringLen
SysFreeString
VariantClear

setupapi

SetupDefaultQueueCallbackA
SetupTermDefaultQueueCallback
SetupInstallFromInfSectionA
SetupInitDefaultQueueCallbackEx
SetupCloseInfFile
SetupFindFirstLineA
SetupSetDirectoryIdA
SetupOpenInfFileA
SetupFindNextLine
SetupGetStringFieldA
SetupCloseFileQueue

wininet

InternetGetConnectedState
InternetQueryOptionA

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5b6116620867562af54707bd05c0fb0

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

14:55:3e:9d:bd:ea:a7:c5:d2:e5:d1:2e:3c:96:b5:61Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

setupapi

wininet

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 3KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

14:55:3e:9d:bd:ea:a7:c5:d2:e5:d1:2e:3c:96:b5:61
Certificate

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB