5ca9f15f15cad588b54b535cd36c214e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5ca9f15f15cad588b54b535cd36c214e_JaffaCakes118
Size

232KB
MD5

5ca9f15f15cad588b54b535cd36c214e
SHA1

d44d0c34d805ce9d2740b70070958298d450de4b
SHA256

12dd7ce9690a5e997210b6d9d9063bd224e43e7a25afd121caeb2086c310c2d5
SHA512

266134435fcd496815074860501f183483f787e772a76aa52db7ec527f4bf81535d22931ffd25ae236f09bc8d1c2400070db387203756343965973920befbe30
SSDEEP

6144:d4w/lNI34Sazvs8j7FQ8SUl5QM1Hr4tctR:d634Lj7FLSUlahtct

Score

1^/10

Malware Config

Signatures

Files

5ca9f15f15cad588b54b535cd36c214e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7f257325a96fabc1b6310d0803efbfdb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/02/2009, 00:00

Not After

11/02/2012, 23:59

Subject

CN=Avira GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development 2009,O=Avira GmbH,L=Tettnang,ST=Baden-Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindAtomW
EnumTimeFormatsW
SuspendThread
GetStringTypeW
GetStartupInfoA
GetThreadLocale
SystemTimeToFileTime
GetDateFormatW
LoadLibraryA
GlobalGetAtomNameW
GetEnvironmentVariableW
GetVersionExW
GetStringTypeA
GetThreadPriority
ExitProcess
CompareFileTime
GetComputerNameA
VirtualAlloc
LoadResource
SearchPathW
lstrcpyn
GetCPInfo

user32

DestroyWindow
GetClassInfoExW
GetDC
CopyImage
GetSysColor
GetWindowTextA
InsertMenuW
CreateDialogParamA
GetMenuItemID
GetDlgItem
CheckRadioButton
InvalidateRgn
CreateDialogIndirectParamW
GetMenuInfo
EnumDesktopsA
GetWindowRgn
CreateMenu
LoadCursorA
mouse_event
ShowCaret
IsDlgButtonChecked
GetWindowLongW
RegisterWindowMessageW
MoveWindow
LoadMenuIndirectA
MonitorFromRect
GetMenuStringW
SetWindowLongA
FrameRect
LoadCursorW
InsertMenuA
InsertMenuItemA
SetCursor
CharLowerA
GetWindowTextLengthW
RegisterWindowMessageA
UnregisterClassA
PeekMessageA
CloseWindow
DialogBoxParamW
ShowWindow
GetMenuItemInfoW
GetDlgItemInt
LoadIconA
wvsprintfW

gdi32

CreateCompatibleBitmap
RemoveFontResourceA
RemoveFontResourceW
StartPage
SetViewportOrgEx
CopyMetaFileW
UnrealizeObject
CreateColorSpaceA
GetViewportExtEx
AddFontResourceA
SetDCPenColor
InvertRgn

advapi32

RegOpenKeyExA
RegQueryInfoKeyW
RegOpenKeyExW
RegDeleteValueW

shell32

SHFreeNameMappings

inetcomm

MimeOleCreateBody
MimeOleSetPropW
CreateIMAPTransport
EssMLHistoryEncodeEx
MimeOleGetRelatedSection
MimeOleCreateVirtualStream
CreateRangeList
MimeOleGetPropertySchema
MimeOleAlgNameFromSMimeCap
MimeOleFindCharset
MimeOleSetBodyPropW
MimeEditDocumentFromStream
MimeEditCreateMimeDocument
MimeOleGetDefaultCharset
HrAttachDataFromFile
MimeOleInetDateToFileTime

Sections

.J
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.n
Size: 512B - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.7
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.&/-W
Size: 2KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.K
Size: 1024B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.6?8+'
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.83o
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 205KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f257325a96fabc1b6310d0803efbfdb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

inetcomm

Sections

.J Size: 9KB - Virtual size: 12KB

.n Size: 512B - Virtual size: 34KB

.7 Size: 3KB - Virtual size: 3KB

.&/-W Size: 2KB - Virtual size: 41KB

.K Size: 1024B - Virtual size: 12KB

.6?8+' Size: 3KB - Virtual size: 12KB

.83o Size: 512B - Virtual size: 24KB

.rsrc Size: 205KB - Virtual size: 248KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

.J
Size: 9KB - Virtual size: 12KB

.n
Size: 512B - Virtual size: 34KB

.7
Size: 3KB - Virtual size: 3KB

.&/-W
Size: 2KB - Virtual size: 41KB

.K
Size: 1024B - Virtual size: 12KB

.6?8+'
Size: 3KB - Virtual size: 12KB

.83o
Size: 512B - Virtual size: 24KB

.rsrc
Size: 205KB - Virtual size: 248KB