4adc6a87d1e386b278239cf912bcd6ed_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4adc6a87d1e386b278239cf912bcd6ed_JaffaCakes118
Size

512KB
MD5

4adc6a87d1e386b278239cf912bcd6ed
SHA1

8458cb531f764590acf0ec92ee6f054fda063df9
SHA256

d4638c359d5e62c756b563eef0602c9daa8226ee4b589f6a2692c9b4b75ade0f
SHA512

c9dcd4077f267d32fdd5deefdd76fa194464a923dac4296cee9f500992c539b8cdee8d69e7ee7d2e61762890b63ee95f4ce7d589e04af80ba04cb83a09005ecf
SSDEEP

6144:jeOi7HyxacOLsfTCeNRQRIIfXR8gDzFg/SaXftRzZ7eISQ2lZ01bypG:jmSPTCeTQZeiFg/SaXftRzZ7UZybyE

Score

1^/10

Malware Config

Signatures

Files

4adc6a87d1e386b278239cf912bcd6ed_JaffaCakes118
.exe windows:5 windows x86 arch:x86

351e37aefa3f443c87a50327a7464158

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:54:8d:34:bc:72:7d:ed:eb:3c:b1:d4:52:ba:3f:fb
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

16/08/2010, 00:00

Not After

16/08/2011, 23:59

Subject

CN=RealNetworks\, Inc.,OU=Media Web Services,O=RealNetworks\, Inc.,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c4:bc:51:34:f0:ab:95:a2:e5:f1:6b:fa:f2:53:e0:43:8e:6b:a9:3c
Signer

Actual PE Digest

c4:bc:51:34:f0:ab:95:a2:e5:f1:6b:fa:f2:53:e0:43:8e:6b:a9:3c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\build\source\converter\rel32\RealConverter.pdb

Imports

ole32

OleInitialize
OleUninitialize

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
DeleteFileA
CreateFileA
GetModuleFileNameA
GetFileAttributesA
CreateDirectoryA
MoveFileA
GetTickCount
GetSystemInfo
GetVersion
SetEnvironmentVariableA
GetEnvironmentVariableA
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
SetCurrentDirectoryA
GetCurrentDirectoryA
IsBadWritePtr
VirtualProtect
IsBadReadPtr
GetModuleHandleA
SetUnhandledExceptionFilter
TerminateThread
InterlockedDecrement
CreateThread
GetCurrentThreadId
GetCurrentProcess
WriteFile
GetThreadContext
VirtualQuery
GetCurrentProcessId
OpenProcess
SetFilePointer
GlobalMemoryStatus
Sleep
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
InitializeCriticalSection
CreateEventA
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
SetErrorMode
InterlockedIncrement
CreateMutexA
CloseHandle
ReleaseMutex
lstrlenW
WideCharToMultiByte
GlobalAlloc
GlobalLock
lstrcpynA
GlobalUnlock
GlobalFree
WinExec
GetLastError
RaiseException
IsDebuggerPresent
WaitForSingleObject
UnhandledExceptionFilter

user32

GetWindowPlacement
SystemParametersInfoA
IsIconic
ShowWindow
SetForegroundWindow
GetForegroundWindow
AttachThreadInput
FlashWindow
GetWindowThreadProcessId
GetDC
ReleaseDC
CharNextA
GetSystemMetrics
PostMessageA
IsWindow
FindWindowA
FindWindowExA

advapi32

RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegDeleteValueA
RegQueryValueA
RegSetValueA
RegCreateKeyA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
RegEnumKeyExA

version

GetFileVersionInfoA
VerQueryValueA

gdi32

GetDeviceCaps

shell32

SHGetFolderPathA

shlwapi

PathAddBackslashA
PathAppendA

msvcr90

_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_putenv
_crt_debugger_hook
printf
_XcptFilter
_ismbcspace
realloc
malloc
??3@YAXPAX@Z
free
calloc
_recalloc
??2@YAPAXI@Z
memcpy
getenv
_stat32
strchr
memset
strrchr
strstr
_ismbblead
strncpy
_purecall
sprintf
memmove
??_V@YAXPAX@Z
??_U@YAPAXI@Z
_vsnprintf
_stricmp
atoi
strnlen
memcpy_s
memmove_s
_gmtime32
_time32
vsprintf
asctime

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

351e37aefa3f443c87a50327a7464158

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

4c:54:8d:34:bc:72:7d:ed:eb:3c:b1:d4:52:ba:3f:fbCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

c4:bc:51:34:f0:ab:95:a2:e5:f1:6b:fa:f2:53:e0:43:8e:6b:a9:3cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ole32

kernel32

user32

advapi32

version

gdi32

shell32

shlwapi

msvcr90

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 1KB - Virtual size: 5KB

.rsrc Size: 292KB - Virtual size: 291KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

4c:54:8d:34:bc:72:7d:ed:eb:3c:b1:d4:52:ba:3f:fb
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

c4:bc:51:34:f0:ab:95:a2:e5:f1:6b:fa:f2:53:e0:43:8e:6b:a9:3c
Signer

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 1KB - Virtual size: 5KB

.rsrc
Size: 292KB - Virtual size: 291KB