4a9274c9d0c55f490a1b63cb7299f3ac_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4a9274c9d0c55f490a1b63cb7299f3ac_JaffaCakes118
Size

300KB
MD5

4a9274c9d0c55f490a1b63cb7299f3ac
SHA1

71c11b70e889ed9c4cd30f94d2b0104f03004da9
SHA256

0d0e10dc79eef6725c62e1ea6a3b999172762f72bc26d5c97a0add93dc650ebc
SHA512

2d90c05a10b4a992aa3282e21b3ceb6a6a6e0da0dedd0bf8b8fc319ed7e9e048d8320f2cca820d27e54a695a82405976b2a4895e066476b97c51109759c0dd8a
SSDEEP

6144:wQP/mAA1w8rjTN/63vFlexWi26pF99J6GHqXWG:l4wmj5/wvq926pP9JQXX

Score

1^/10

Malware Config

Signatures

Files

4a9274c9d0c55f490a1b63cb7299f3ac_JaffaCakes118
.exe windows:4 windows x86 arch:x86

02e5daee40d2922f9c544765c1e88296

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:3d:aa:c8:15:f6:78:99:99:22:3a:80:83:b4:4b:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

25/05/2009, 00:00

Not After

14/07/2012, 23:59

Subject

CN=Sun Microsystems\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Sun Microsystems,O=Sun Microsystems\, Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority - G2+OU=(c) 1998 VeriSign\, Inc. - For authorized use only+OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US

Not Before

01/04/2009, 00:00

Not After

31/03/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILD_~1\jdk6_22\control\build\WINDOW~1\tmp\deploy\javaws\bin\javaws.pdb

Imports

kernel32

WideCharToMultiByte
GlobalAlloc
MultiByteToWideChar
ReadFile
CloseHandle
WaitForSingleObject
CreateProcessA
SetHandleInformation
CreatePipe
CreateDirectoryA
GetSystemWindowsDirectoryA
FindClose
FindFirstFileA
GetModuleHandleA
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
GetThreadLocale
DeleteCriticalSection
GetLongPathNameA
GetShortPathNameA
GetLastError
CreateFileA
lstrlenW
SetEnvironmentVariableW
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetTimeZoneInformation
GetModuleFileNameA
GetTickCount
LoadLibraryA
GetProcAddress
InitializeCriticalSection
FreeLibrary
LCMapStringW
LCMapStringA
FlushFileBuffers
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetSystemInfo
VirtualProtect
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
DeleteFileA
EnterCriticalSection
LeaveCriticalSection
GetFileType
GetStartupInfoA
GetCommandLineA
TlsAlloc
SetLastError
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetStringTypeA
GetStringTypeW
WriteFile
SetStdHandle
SetHandleCount
GetStdHandle
GetFileAttributesA
SetEndOfFile
SetFilePointer
RtlUnwind
VirtualQuery
GetOEMCP
GetCPInfo
HeapSize
GetExitCodeProcess

user32

DispatchMessageA
TranslateMessage
GetMessageA
SetTimer
CreateWindowExA
RegisterClassA
LoadCursorA
wsprintfA
MessageBoxA
DefWindowProcA

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyA

ole32

StringFromCLSID
CoTaskMemFree

wsock32

ntohs
listen
recv
getsockname
bind
socket
ioctlsocket
htons
connect
send
WSAGetLastError
WSAStartup
closesocket
WSAAsyncSelect
accept

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02e5daee40d2922f9c544765c1e88296

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0f:3d:aa:c8:15:f6:78:99:99:22:3a:80:83:b4:4b:f5Certificate

Extended Key Usages

Key Usages

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1aCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

wsock32

Sections

.text Size: 80KB - Virtual size: 76KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 16KB - Virtual size: 61KB

.rsrc Size: 32KB - Virtual size: 31KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0f:3d:aa:c8:15:f6:78:99:99:22:3a:80:83:b4:4b:f5
Certificate

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

.text
Size: 80KB - Virtual size: 76KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 16KB - Virtual size: 61KB

.rsrc
Size: 32KB - Virtual size: 31KB