5d2296744d39432ccac99d9f3316c425_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5d2296744d39432ccac99d9f3316c425_JaffaCakes118
Size

240KB
MD5

5d2296744d39432ccac99d9f3316c425
SHA1

7735e154b0c88e8ffbd1602ba3fa1e648e2097fc
SHA256

3d914bf9e6f3b8f614852f4ebf8ce2cbad20caad06357b685b0ae3a12cf6aec6
SHA512

797f02e08c562eb474e73eeb574b4eef91216bb8e3f072513ea6f3844fb3667cdd97b3e004888c265c7e390a4388f0ebf65cc99d91c3f74f96e56b3597712cf8
SSDEEP

6144:PRQWqjLaQZGDxvThgdr019rbg5+XYidQvb:PFAL1G9bSdIvbg5Oe

Score

1^/10

Malware Config

Signatures

Files

5d2296744d39432ccac99d9f3316c425_JaffaCakes118
.exe windows:4 windows x86 arch:x86

101b237c1e08b5e24f74f3a7dc5b5612

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/02/2009, 00:00

Not After

11/02/2012, 23:59

Subject

CN=Avira GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development 2009,O=Avira GmbH,L=Tettnang,ST=Baden-Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDiskFreeSpaceA
FreeLibrary
GetShortPathNameW
GlobalDeleteAtom
lstrlenW
MultiByteToWideChar
GetCPInfo
FatalAppExitA
GetCurrentDirectoryA
VirtualAlloc
CompareStringA
QueryPerformanceFrequency
GetVolumeInformationW
GetWindowsDirectoryA
lstrcat
GlobalFindAtomA
GetProcessHeap
GlobalGetAtomNameW
GetLocaleInfoA
OpenMutexA
DeleteAtom
FindAtomW
IsBadCodePtr
LoadLibraryW

user32

LoadBitmapW
GetClassInfoExW
UpdateWindow
LoadBitmapA
OffsetRect
MonitorFromWindow
RemoveMenu
DefDlgProcW
GetKeyState
SetWindowPos
OpenClipboard
GetSysColorBrush
SendMessageW

gdi32

SetROP2
OffsetWindowOrgEx
ExtCreateRegion
SetMapperFlags
PlayMetaFile
AbortDoc
RemoveFontResourceExA
CreateDCW
AnimatePalette
GetEnhMetaFilePaletteEntries
ExtSelectClipRgn
GetMetaFileW
StartPage

advapi32

RegFlushKey
RegEnumValueW
RegCreateKeyExA
RegOpenKeyW
RegOpenKeyExA
RegSaveKeyW
RegRestoreKeyA

shell32

SHFreeNameMappings

comctl32

MakeDragList
UninitializeFlatSB
InitializeFlatSB
ImageList_GetIcon

ws2_32

WSAAccept
WSARecv
getservbyport
WSACleanup
WSASend
connect

urlmon

WriteHitLogging
HlinkSimpleNavigateToMoniker
RegisterFormatEnumerator
CoInternetGetSecurityUrl
URLOpenBlockingStreamW
URLDownloadToFileA
UrlMkBuildVersion
RegisterBindStatusCallback
HlinkGoBack
FindMimeFromData

winmm

waveInMessage
SendDriverMessage
midiInStop
midiInAddBuffer
DrvGetModuleHandle
midiInUnprepareHeader
waveOutGetID

sqlunirl

_ClearEventLog_@8

crypt32

I_CryptRemoveLruEntry
CryptGetOIDFunctionValue
CryptLoadSip
CryptBinaryToStringA
CryptHashToBeSigned
CryptSignCertificate
I_CryptReadTrustedPublisherDWORDValueFromRegistry
CertRDNValueToStrA
CertSetCertificateContextProperty
I_CryptAddRefLruEntry
CryptImportPublicKeyInfo
CryptSIPRetrieveSubjectGuid
I_CryptUnregisterSmartCardStore
CertSerializeCTLStoreElement
CertCreateCertificateContext
CryptCloseAsyncHandle
I_CryptGetOssGlobal
CryptAcquireContextU
CertVerifySubjectCertificateContext

Sections

.-L:
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.(9H8;
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Wx
Size: 1024B - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.()
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zUNv?
Size: 1KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.,
Size: 1KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.#.H!
Size: 1KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gg$"
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.G
Size: 512B - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.v7E:%g
Size: 1024B - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 698B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

101b237c1e08b5e24f74f3a7dc5b5612

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comctl32

ws2_32

urlmon

winmm

sqlunirl

crypt32

Sections

.-L: Size: 9KB - Virtual size: 13KB

.(9H8; Size: 2KB - Virtual size: 4KB

.Wx Size: 1024B - Virtual size: 21KB

.() Size: 3KB - Virtual size: 3KB

.zUNv? Size: 1KB - Virtual size: 49KB

., Size: 1KB - Virtual size: 31KB

.#.H! Size: 1KB - Virtual size: 24KB

.gg$" Size: 3KB - Virtual size: 15KB

.G Size: 512B - Virtual size: 21KB

.v7E:%g Size: 1024B - Virtual size: 22KB

.rsrc Size: 206KB - Virtual size: 206KB

.reloc Size: 1024B - Virtual size: 698B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

.-L:
Size: 9KB - Virtual size: 13KB

.(9H8;
Size: 2KB - Virtual size: 4KB

.Wx
Size: 1024B - Virtual size: 21KB

.()
Size: 3KB - Virtual size: 3KB

.zUNv?
Size: 1KB - Virtual size: 49KB

.,
Size: 1KB - Virtual size: 31KB

.#.H!
Size: 1KB - Virtual size: 24KB

.gg$"
Size: 3KB - Virtual size: 15KB

.G
Size: 512B - Virtual size: 21KB

.v7E:%g
Size: 1024B - Virtual size: 22KB

.rsrc
Size: 206KB - Virtual size: 206KB

.reloc
Size: 1024B - Virtual size: 698B