64d4c37a35156dacf3a68e37a3350cd6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

64d4c37a35156dacf3a68e37a3350cd6_JaffaCakes118
Size

204KB
MD5

64d4c37a35156dacf3a68e37a3350cd6
SHA1

4e3fe150f1f54775c78d21414cd43d44f3ea23f6
SHA256

7a9e382d57b8128557da558ac2c988eadc670e56cb4804fcdf130f8f6ca54c9a
SHA512

d8e90bf2a914401b86e132789a5791db633d8da310c59f0c855566583a487456e8aec4d61cf10dddebee367e1f45a070d62ffe7d9909977330c4e886eebffb4d
SSDEEP

3072:9FeODNAUrSqDMKKVILkt6i2ox7c39b1a0J86W8xXCKNWOHU/ezYMVWtG4SPUkxbu:9FeGpfMtboVBJtNWyPnYG4fUbu

Score

1^/10

Malware Config

Signatures

Files

64d4c37a35156dacf3a68e37a3350cd6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e60c81803d69802a44293b77dcfe8006

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20/01/2010, 00:00

Not After

24/01/2012, 23:59

Subject

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:ab:b8:36:24:17:19:74:da:e2:94:1a:ad:bd:c7:ad:07:6e:52:51
Signer

Actual PE Digest

51:ab:b8:36:24:17:19:74:da:e2:94:1a:ad:bd:c7:ad:07:6e:52:51

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCPInfo
SetLocaleInfoA
GetLocalTime
lstrcmpi
AddAtomA
SetEvent
lstrcatA
EnumDateFormatsA
GetProcAddress
OpenEventA
GetModuleFileNameA
GetExpandedNameW
GetSystemInfo
GetCurrentThread
DuplicateHandle
DeleteAtom
GetModuleHandleA
GetShortPathNameW
GetEnvironmentVariableA
GetLastError
GetDiskFreeSpaceA
GetFullPathNameW
CreateEventA
GetProcessHeaps
BeginUpdateResourceA
lstrcpynA
SuspendThread
CreateEventW
InitializeCriticalSection
TlsAlloc
GetProcessHeap
GetSystemDefaultLangID
GetLocaleInfoW
GetComputerNameA
SetErrorMode
CreateSemaphoreW
SetPriorityClass
CompareStringA
SearchPathA
CreateDirectoryA
SetCurrentDirectoryW
ExitThread
GetCommandLineA
SetComputerNameA
IsBadStringPtrA

user32

GetDCEx
WaitMessage
IsWindow
ArrangeIconicWindows
CharPrevW
MoveWindow
GetClassInfoExW
GetCursorPos
CharLowerA
GetIconInfo
CreateDesktopW
CallWindowProcW
LoadMenuW
DefWindowProcA
MonitorFromRect
GetClientRect
EndMenu
SetDlgItemInt
GetParent

gdi32

DescribePixelFormat
SetDCBrushColor
ResizePalette
StartPage
ModifyWorldTransform
GetClipBox
GetBkMode
ExtFloodFill
EnumICMProfilesA
CreateRoundRectRgn
GetPolyFillMode
GetCharABCWidthsI
SetSystemPaletteUse
CreateSolidBrush
GetMetaFileA
SetBkMode

advapi32

RegCreateKeyW
RegRestoreKeyA
RegFlushKey

shlwapi

SHGetValueW
StrRetToStrW
PathIsUNCW
StrRetToStrA
StrDupA
StrStrA

comdlg32

GetSaveFileNameA
GetOpenFileNameW
ReplaceTextW
PrintDlgExW

oleaut32

LoadTypeLib
GetRecordInfoFromGuids

version

GetFileVersionInfoW
VerInstallFileW

inetcomm

HrAttachDataFromFile
MimeOleCreateByteStream
HrAthGetFileName
CreateRASTransport
MimeOleSetBodyPropA
GetDllMajorVersion

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.VqkkjU
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uZgjfC
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hEYO
Size: 1KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lNjS
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.duM
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xkix
Size: 2KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.XEio
Size: 1024B - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HGPN
Size: 1024B - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e60c81803d69802a44293b77dcfe8006

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

51:ab:b8:36:24:17:19:74:da:e2:94:1a:ad:bd:c7:ad:07:6e:52:51Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

comdlg32

oleaut32

version

inetcomm

Sections

.text Size: 11KB - Virtual size: 11KB

.VqkkjU Size: 512B - Virtual size: 4KB

.uZgjfC Size: 1024B - Virtual size: 4KB

.hEYO Size: 1KB - Virtual size: 31KB

.lNjS Size: 3KB - Virtual size: 8KB

.duM Size: 512B - Virtual size: 6KB

.xkix Size: 2KB - Virtual size: 45KB

.data Size: 10KB - Virtual size: 10KB

.XEio Size: 1024B - Virtual size: 37KB

.HGPN Size: 1024B - Virtual size: 212KB

.rsrc Size: 164KB - Virtual size: 163KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

51:ab:b8:36:24:17:19:74:da:e2:94:1a:ad:bd:c7:ad:07:6e:52:51
Signer

.text
Size: 11KB - Virtual size: 11KB

.VqkkjU
Size: 512B - Virtual size: 4KB

.uZgjfC
Size: 1024B - Virtual size: 4KB

.hEYO
Size: 1KB - Virtual size: 31KB

.lNjS
Size: 3KB - Virtual size: 8KB

.duM
Size: 512B - Virtual size: 6KB

.xkix
Size: 2KB - Virtual size: 45KB

.data
Size: 10KB - Virtual size: 10KB

.XEio
Size: 1024B - Virtual size: 37KB

.HGPN
Size: 1024B - Virtual size: 212KB

.rsrc
Size: 164KB - Virtual size: 163KB