5a1d5071efff072ded4bcbbb2175a9fc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5a1d5071efff072ded4bcbbb2175a9fc_JaffaCakes118
Size

83KB
MD5

5a1d5071efff072ded4bcbbb2175a9fc
SHA1

2a8562b25ddb5f70ee1dc55cbe9ce7c75867bccc
SHA256

03b6e14841765be0f5f2651343c8d5f5af6456acde862a780643ab9d9c110236
SHA512

8c3d278137427af157fa010669e8cc9d503f65dfe1246c731f553a0f50ca86107eabc5b79fe850451fb54b551a3ff66f930a193f9f6ba501ee4c72fc3945de1c
SSDEEP

1536:ReLd+zeObqRrp4Q8e/VCrsIK4M4/O7Wky2HCqu:RxoRrX8e/YrsN4MuO7Wky2xu

Score

1^/10

Malware Config

Signatures

Files

5a1d5071efff072ded4bcbbb2175a9fc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0e6cb8c3376851c0c75e1330631850aa

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

67:24:34:0d:db:c7:25:2f:7f:b7:14:b8:12:a5:c0:4d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

27/11/2009, 00:00

Not After

27/11/2011, 23:59

Subject

CN=YNK JAPAN Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=YNK JAPAN Inc,L=\ Nihonbashi Kodenmachou10-6,ST=Chuo-ku,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetSystemDirectoryA
CreateMutexA
DeleteFileA
Sleep
GetTempFileNameA
GetTempPathA
CreateProcessA
WinExec
Module32Next
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
GetModuleHandleA
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
OpenProcess
DisconnectNamedPipe
PeekNamedPipe
ConnectNamedPipe
CreateNamedPipeA
TerminateThread
OpenMutexA
WaitForSingleObject
CreateThread
UnmapViewOfFile
WaitNamedPipeA
CreateFileMappingA
OpenFileMappingA
ExitProcess
CreateEventA
SetEvent
OpenEventA
SizeofResource
GlobalFree
LockResource
LoadResource
FindResourceA
GetVersionExA
CopyFileA
GetModuleFileNameA
_lclose
_lwrite
_lcreat
MoveFileExA
ReleaseMutex
GetWindowsDirectoryA
GetLastError
CancelIo
DeviceIoControl
DefineDosDeviceA
FlushFileBuffers
LCMapStringW
LCMapStringA
SetStdHandle
SetFileAttributesA
GetFileSize
VirtualAlloc
ReadFile
VirtualFree
SetFilePointer
CreateFileA
WriteFile
CloseHandle
LoadLibraryA
MapViewOfFile
GetProcAddress
HeapReAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
RtlUnwind
HeapFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
GetVersion
TerminateProcess

user32

PostMessageA
EnumWindows
wsprintfA
GetWindowThreadProcessId

advapi32

DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
OpenServiceA
StartServiceA
QueryServiceStatus
RegCreateKeyExA
RegSetValueExA
RegCloseKey
ControlService

ws2_32

closesocket
WSACleanup
ntohs
recvfrom
setsockopt
WSAStartup
gethostbyname
inet_ntoa
sendto
inet_addr
socket
htons
connect
send
recv
ioctlsocket

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e6cb8c3376851c0c75e1330631850aa

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

67:24:34:0d:db:c7:25:2f:7f:b7:14:b8:12:a5:c0:4dCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 24KB - Virtual size: 20KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

67:24:34:0d:db:c7:25:2f:7f:b7:14:b8:12:a5:c0:4d
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 24KB - Virtual size: 20KB