695df7902ca86b16cda3eb127fccd69e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

695df7902ca86b16cda3eb127fccd69e_JaffaCakes118
Size

406KB
MD5

695df7902ca86b16cda3eb127fccd69e
SHA1

bf58dd7fce1776c8b65329037e7daf59c0d505d2
SHA256

5d0288f80c13e0864f6269649ca7309b8e450fc7bceca6623a738ac639568bb2
SHA512

c24f6b2de73672ffd14ef80d2de223cdc066caac4a1bf9d5c5e2ef5ce8b0361147f419d77bc00d7b095c84393e2ebe25eedd72a152857fb7509e38f8e5768d2c
SSDEEP

12288:YfQJEfZN+X32clxZOwNJk2ox3XMwdoveQ:YfQJEfZN+B3ZOwNJ8x3X3oveQ

Score

1^/10

Malware Config

Signatures

Files

695df7902ca86b16cda3eb127fccd69e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7ba6c4321409f073a3acc9585e5d19fb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7a:be:f8:db:40:cf:30:09:88:0c:81:81:b1:34:de:dc
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2011, 00:00

Not After

12/04/2012, 23:59

Subject

CN=DSNR,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=DSNR labs,O=DSNR,L=Raanana,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7a:52:1f:0b:0f:50:39:f5:17:53:b7:3c:e2:0a:fa:8d:e9:c6:ea:74
Signer

Actual PE Digest

7a:52:1f:0b:0f:50:39:f5:17:53:b7:3c:e2:0a:fa:8d:e9:c6:ea:74

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
ShellExecuteExW

gdiplus

GdiplusStartup
GdipCloneImage
GdipDrawImageI
GdipCreateFromHDC
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdiplusShutdown

comctl32

InitCommonControlsEx

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

WriteConsoleW
SetStdHandle
GetConsoleOutputCP
WriteConsoleA
GetCurrentProcessId
QueryPerformanceCounter
SetFilePointer
CreateFileW
CloseHandle
ReadFile
SystemTimeToFileTime
LocalFileTimeToFileTime
MultiByteToWideChar
WideCharToMultiByte
CreateDirectoryW
GetFileAttributesW
GetCurrentDirectoryW
SetFileTime
WriteFile
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
LockResource
LoadResource
SizeofResource
FindResourceW
Process32NextW
TerminateProcess
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
Sleep
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
OutputDebugStringW
DeleteFileW
ExpandEnvironmentStringsW
FindClose
GetLastError
GetLocaleInfoA
FindFirstFileW
CreateThread
FileTimeToSystemTime
GetFileInformationByHandle
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCurrentDirectoryA
PeekNamedPipe
GetFullPathNameW
FlushFileBuffers
GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
LoadLibraryA
InterlockedExchange
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetModuleHandleA
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetLocaleInfoW
InitializeCriticalSection
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetEndOfFile
GetProcessHeap
CreateFileA
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedCompareExchange
FindNextFileW
GetStdHandle
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapCreate
GetStartupInfoA
HeapFree
HeapAlloc
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
InterlockedDecrement
GetCPInfo
GetModuleHandleW
GetProcAddress
ExitProcess
FileTimeToLocalFileTime
GetDriveTypeW
GetCommandLineA

user32

wsprintfW
PostMessageW
InvalidateRect
DestroyWindow
GetMessageW
DispatchMessageW
TranslateMessage
LoadIconW
RegisterClassW
GetClientRect
MoveWindow
GetForegroundWindow
GetWindowThreadProcessId
GetKeyboardLayout
GetKeyboardLayoutList
SetFocus
FillRect
SetWindowPos
UpdateWindow
IsCharAlphaNumericW
MessageBoxW
CreateWindowExW
BeginPaint
LoadBitmapW
GetDC
DrawTextW
ReleaseDC
EndPaint
SetCursor
GetSystemMetrics
LoadCursorW
PostQuitMessage
DefWindowProcW
SendMessageW
ShowWindow

gdi32

Polyline
CreateSolidBrush
GetStockObject
CreatePen
SelectObject
StretchBlt
DeleteDC
SetBkColor
SetTextColor
CreateFontW
DeleteObject
CreateCompatibleDC

advapi32

RegOpenKeyExW
RegSetValueExW
RegCloseKey

ole32

CoInitialize
CoCreateGuid
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal

wininet

InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle

Sections

.text
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ba6c4321409f073a3acc9585e5d19fb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

7a:be:f8:db:40:cf:30:09:88:0c:81:81:b1:34:de:dcCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7a:52:1f:0b:0f:50:39:f5:17:53:b7:3c:e2:0a:fa:8d:e9:c6:ea:74Signer

Headers

DLL Characteristics

File Characteristics

Imports

shell32

gdiplus

comctl32

version

kernel32

user32

gdi32

advapi32

ole32

wininet

Sections

.text Size: 227KB - Virtual size: 227KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 7KB - Virtual size: 14KB

.rsrc Size: 122KB - Virtual size: 121KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

7a:be:f8:db:40:cf:30:09:88:0c:81:81:b1:34:de:dc
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7a:52:1f:0b:0f:50:39:f5:17:53:b7:3c:e2:0a:fa:8d:e9:c6:ea:74
Signer

.text
Size: 227KB - Virtual size: 227KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 122KB - Virtual size: 121KB