4c58047abf858726ea171d224ef70004_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4c58047abf858726ea171d224ef70004_JaffaCakes118
Size

239KB
MD5

4c58047abf858726ea171d224ef70004
SHA1

069bc62d95bbe5c1b0b6e86f8af7fb9ac0c9f90d
SHA256

d8aebe4cdf2add4c9157e28bfd823bbad4fd204d8d69d5775124b9de84910098
SHA512

7f603c70ad4146300e4002266ef62af862a23590552f7efb16f4fc8f1aa02f8237eb55b5b4f80f8c55720dae2a163c69d12f22d97ed861381d0b5b14c28a9596
SSDEEP

3072:sU/qWo20KKrcyJyReTShwJQjXa3u73nSYfeHu0TkN3gkYmYp/B8rqi61HJwA0WoQ:sso2dJeTShG67q1QN3nYSqi61f0WoQ

Score

1^/10

Malware Config

Signatures

Files

4c58047abf858726ea171d224ef70004_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ec5d8c4a2ed1e7c5980d18f75a4c664c

Code Sign

7c:b4:5a:b3:70:a1:82:07:78:b4:e7:1e:8a:32:76:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

10/05/2010, 00:00

Not After

09/05/2012, 23:59

Subject

CN=Towers Watson & Co,OU=Digital ID Class 3 - Microsoft VBA Software Validation v2,O=Towers Watson & Co,L=Philadelphia,ST=Pennsylvania,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7a:2a:4b:50:f4:e8:04:6a:7e:e7:f6:12:c3:70:7b:40:4b:7b:ca:d0
Signer

Actual PE Digest

7a:2a:4b:50:f4:e8:04:6a:7e:e7:f6:12:c3:70:7b:40:4b:7b:ca:d0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

K:\Ieukqqid\RBsxtOjDcm\yzvSIUivE\xcowAWcs\MwEoswuKtWxrWo.pdb

Imports

user32

CheckMenuRadioItem
LockWindowUpdate
SetScrollInfo
AppendMenuA
wsprintfA
AttachThreadInput
InsertMenuItemW
IsZoomed
DrawFocusRect
AdjustWindowRect
GetSystemMenu
InvalidateRgn
IsWindowEnabled
IsCharAlphaA
GetClassLongW
MessageBoxA
SetUserObjectInformationW
GetDlgItemInt
ShowOwnedPopups
IsWindowUnicode
OemToCharA
GetKeyState
BeginDeferWindowPos
ToUnicodeEx
MoveWindow
DrawStateA
GetDCEx
LoadIconA
EnableMenuItem
SetCursorPos
keybd_event
GetDoubleClickTime
GetClassInfoW
DragObject
MapVirtualKeyA
DrawEdge
CreateDialogParamA
IsWindow
UnionRect
CreateAcceleratorTableW
SetCursor
InSendMessage
PostQuitMessage
EndDialog
ValidateRect
ScrollWindowEx
CallWindowProcW
LoadMenuW
mouse_event
DispatchMessageA
GetMessagePos
SetMenuItemInfoW
SystemParametersInfoA
DrawAnimatedRects
GetMonitorInfoW
LoadStringW
ScreenToClient
DestroyWindow
GetMenuItemCount
MapWindowPoints
SetDlgItemTextA
IsWindowVisible
SetActiveWindow
ScrollWindow
DeferWindowPos
IsChild
RegisterClassA
SendDlgItemMessageW
SendMessageA
TranslateAcceleratorW
KillTimer
CopyImage
GetScrollRange
SendNotifyMessageW
CreateDialogParamW
CallWindowProcA
GetMenuState
CharPrevW
GetMenuItemRect
CreateWindowExW
GetDlgItemTextA
GetMenu
SetWindowTextW
GetClassInfoExW
OpenDesktopW
IsDialogMessageA
wvsprintfA
GetNextDlgTabItem
DefFrameProcW
CharToOemW
DestroyCaret
TrackPopupMenuEx
GetSysColorBrush
OemToCharBuffA
PostMessageW
TabbedTextOutW
DrawIcon
LoadIconW
IsDialogMessageW
GetCursorPos
GetKeyboardType
ActivateKeyboardLayout
FindWindowExA
IsMenu
SetLastErrorEx
SendInput
DestroyIcon
SetRect
GetScrollPos
GetClassLongA
CheckRadioButton
MessageBoxW
IntersectRect
GetUserObjectInformationW
PeekMessageA
FillRect
GetParent
SetMenuDefaultItem

msvcrt

_controlfp
isspace
fseek
strtok
__set_app_type
fread
__p__fmode
wcstol
putchar
time
isdigit
swprintf
__p__commode
_amsg_exit
wcstoul
isxdigit
swscanf
vswprintf
fgets
wcspbrk
strtoul
wcsncmp
getc
isalpha
strcoll
perror
sprintf
_initterm
_ismbblead
fflush
_XcptFilter
fprintf
toupper
strcpy
isupper
_exit
getenv
floor
printf
strrchr
atol
_cexit
__setusermatherr
strncmp
gmtime
putc
__getmainargs

kernel32

GetCurrentThreadId
GlobalDeleteAtom
VirtualFree
LCMapStringW
GlobalGetAtomNameW
AddAtomA
GetAtomNameA
VirtualQuery
DisconnectNamedPipe
SetupComm
LocalFree
EnumResourceLanguagesA
FindFirstFileW
SetMailslotInfo
SetCurrentDirectoryW
lstrcpynW
SetThreadPriority
GetThreadTimes
IsBadReadPtr
CompareStringA
HeapValidate
SetFileAttributesW
CreateSemaphoreA
ResetEvent
LockResource
GlobalSize
FileTimeToDosDateTime
ClearCommError
CopyFileA
GetLastError
EnumSystemLocalesA
LoadLibraryA
GetCurrentThread
GetOverlappedResult
MoveFileA
GetCommandLineW
lstrcatW
GetFileInformationByHandle
FindNextChangeNotification
LocalAlloc
ConnectNamedPipe
GetCommConfig
GetFileTime
IsBadStringPtrW
LoadLibraryExA
FindFirstChangeNotificationW
CreateRemoteThread
CreateDirectoryA
CopyFileW
SetCommBreak
GetAtomNameW
LocalSize
GlobalAddAtomA
EnumResourceTypesA

comctl32

ImageList_AddMasked
InitCommonControlsEx
ImageList_Write
ImageList_GetIconSize
DestroyPropertySheetPage
ImageList_Destroy

Exports

Exports

?DialogReactivateIns@@YGK_KHE[D

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec5d8c4a2ed1e7c5980d18f75a4c664c

Code Sign

7c:b4:5a:b3:70:a1:82:07:78:b4:e7:1e:8a:32:76:1bCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

7a:2a:4b:50:f4:e8:04:6a:7e:e7:f6:12:c3:70:7b:40:4b:7b:ca:d0Signer

Headers

File Characteristics

PDB Paths

Imports

user32

msvcrt

kernel32

comctl32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.idata Size: 6KB - Virtual size: 5KB

.edata Size: 512B - Virtual size: 240B

.data Size: 2KB - Virtual size: 167KB

.rsrc Size: 205KB - Virtual size: 204KB

.reloc Size: 1KB - Virtual size: 1KB

7c:b4:5a:b3:70:a1:82:07:78:b4:e7:1e:8a:32:76:1b
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

7a:2a:4b:50:f4:e8:04:6a:7e:e7:f6:12:c3:70:7b:40:4b:7b:ca:d0
Signer

.text
Size: 20KB - Virtual size: 19KB

.idata
Size: 6KB - Virtual size: 5KB

.edata
Size: 512B - Virtual size: 240B

.data
Size: 2KB - Virtual size: 167KB

.rsrc
Size: 205KB - Virtual size: 204KB

.reloc
Size: 1KB - Virtual size: 1KB