636e0fb34da329b76630341df15488d1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

636e0fb34da329b76630341df15488d1_JaffaCakes118
Size

157KB
MD5

636e0fb34da329b76630341df15488d1
SHA1

3f8115c7d442ce5c30d90aa8e8e65a1f94bd9824
SHA256

169c2e1a9e7e07797d51501c6c7263f6e2595fe602e448681b17b59bdb602fb0
SHA512

7358184c9f649f8fff670f555fc2a006bab469d6bdb69a60a674322300db024bc9ca2f7c94833ef74abfc712012b0f9d3321e7d76d4ac7649c25b9952e7adf76
SSDEEP

3072:hHVIQRXkNb2bL03ErZkJ9Dl1H2WcY0oPIsvMw9IEnbv:hVI6L0nZb2WLvMg

Score

1^/10

Malware Config

Signatures

Files

636e0fb34da329b76630341df15488d1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b5f05541a7beeff1163db8cdfec25734

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:3a:20:05:ff:02:9a:fe:6d:d9:15:43:42:0e:07:5b
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/06/2006, 00:00

Not After

22/06/2007, 23:59

Subject

CN=Software995 Inc.,O=Software995 Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAddAtomA
GlobalGetAtomNameA
LockResource
LoadResource
FindResourceA
FreeLibrary
GetProcessVersion
SetErrorMode
GetCPInfo
GetOEMCP
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
HeapFree
HeapAlloc
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
HeapReAlloc
HeapSize
UnhandledExceptionFilter
GlobalFindAtomA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCurrentDirectoryA
lstrcatA
GlobalFlags
MulDiv
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
SetFileAttributesA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileTime
GetFileSize
GetFileAttributesA
GetTickCount
FindNextFileA
LocalFree
FileTimeToLocalFileTime
FileTimeToSystemTime
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
SetLastError
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
LoadLibraryA
GetProcAddress
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetLastError
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GetPrivateProfileStringA
lstrlenA
CloseHandle
WritePrivateProfileStringA
Sleep
MultiByteToWideChar
DeleteFileA
RemoveDirectoryA
GetVersion
GetEnvironmentStrings
CreateProcessA
GetModuleHandleA
GetModuleFileNameA
FreeEnvironmentStringsA
CreateDirectoryA

user32

UpdateWindow
LoadIconA
GetSysColorBrush
LoadStringA
PostThreadMessageA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
CopyRect
GetTopWindow
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
MapWindowPoints
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
UnhookWindowsHookEx
GetWindowTextA
SetWindowTextA
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
ClientToScreen
LoadCursorA
GetCapture
RegisterClipboardFormatA
GetSystemMetrics
CharUpperA
wsprintfA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
GetSysColor
SetActiveWindow
IsWindow
AdjustWindowRectEx
GetClientRect
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
SendMessageA
PostQuitMessage
PostMessageA
GetDesktopWindow
GrayStringA
UnregisterClassA

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetDeviceCaps
GetObjectA
CreateBitmap
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA

shell32

SHChangeNotify
SHGetSpecialFolderLocation
SHGetPathFromIDListA

comctl32

ord17

oledlg

ord8

ole32

OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoCreateInstance

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5f05541a7beeff1163db8cdfec25734

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

37:3a:20:05:ff:02:9a:fe:6d:d9:15:43:42:0e:07:5bCertificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

Sections

.text Size: 96KB - Virtual size: 93KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 16KB - Virtual size: 30KB

.rsrc Size: 12KB - Virtual size: 11KB

01
Certificate

0a
Certificate

37:3a:20:05:ff:02:9a:fe:6d:d9:15:43:42:0e:07:5b
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

.text
Size: 96KB - Virtual size: 93KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 16KB - Virtual size: 30KB

.rsrc
Size: 12KB - Virtual size: 11KB