65af90847979f41741daa9d83ba76758_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

65af90847979f41741daa9d83ba76758_JaffaCakes118
Size

14.8MB
MD5

65af90847979f41741daa9d83ba76758
SHA1

f700b7411ba4bf94ccc3b4b44657c19ed061029b
SHA256

211edf55e817dadbd5dbb609cec167943349f223a862e61aa267328b91d34d20
SHA512

17a49c0564c5a84bef2eeea320e4a75ef1a5824d57cd05093a766f76100090f000bf19dd77ff9644fac79731c8d16d7c4c3d817795d035509f4e2df0ed6149b3
SSDEEP

3072:SRpwpq8KBv2dP0lF3IGmPDlSTCkVs1+++++++++++++++++++++++++++++++++c:SIpqbOdPgF3ULQDsB

Score

1^/10

Malware Config

Signatures

Files

65af90847979f41741daa9d83ba76758_JaffaCakes118
.exe windows:4 windows x86 arch:x86

52a6b70e42575eb140b2ad25fcc76949

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:ad:aa:d1:64:df:93:e3:b5:ed:de:9a:38:e1:29:c5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24/10/2006, 00:00

Not After

23/10/2009, 23:59

Subject

CN=Beijing Founder Apabi Technology Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Founder Apabi Technology Limited,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bb:86:5f:cb:e0:35:ab:fc:9e:59:19:5a:a8:62:07:72:f6:83:bf:42
Signer

Actual PE Digest

bb:86:5f:cb:e0:35:ab:fc:9e:59:19:5a:a8:62:07:72:f6:83:bf:42

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
Process32Next
TerminateProcess
OpenProcess
Process32First
GetProcAddress
LoadLibraryA
CreateProcessA
MoveFileA
DeleteFileA
WideCharToMultiByte
CreateMutexA
GetCurrentProcess
FindClose
FindNextFileA
FindFirstFileA
lstrcpyA
CopyFileA
GetModuleFileNameA
CreateToolhelp32Snapshot
GetModuleHandleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
MultiByteToWideChar
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapAlloc
HeapFree
GetOEMCP
GetACP
GetCPInfo
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
RtlUnwind
SizeofResource
LoadResource
Sleep
GetFileSize
ReadFile
VirtualFree
VirtualAlloc
CreateThread
WaitForSingleObject
GetExitCodeThread
TerminateThread
GlobalAlloc
GlobalFree
lstrlenA
GetWindowsDirectoryA
CreateFileA
SetFilePointer
WriteFile
GetLocalTime
FlushFileBuffers
CloseHandle
GetLastError

user32

EndDialog
DialogBoxParamA
FillRect
SetWindowPos
SetWindowLongA
GetForegroundWindow
SetFocus
DestroyCaret
CreateCaret
SetCaretPos
ShowCaret
DrawTextA
GetDC
ReleaseDC
GetAsyncKeyState
CreateDialogParamA
MessageBoxA
GetSystemMetrics
IsRectEmpty
ShowWindow
UpdateWindow
GetMessageA
MoveWindow
GetWindowRect
wsprintfA
IsWindow
GetWindowLongA
SendMessageA
keybd_event
mouse_event
SetCursorPos
GetCursorPos
SetForegroundWindow
GetKeyState
DestroyWindow
InvalidateRect
EnumChildWindows
FindWindowExA
GetWindowTextA
DispatchMessageA
TranslateMessage
BeginPaint
EndPaint
PostQuitMessage

gdi32

CreateSolidBrush
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
BitBlt

advapi32

AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
LookupPrivilegeValueA

shell32

ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA

dnsapi

DnsQuery_A
DnsRecordListFree

ws2_32

setsockopt
ioctlsocket
select
inet_addr
WSAStartup
WSACleanup
gethostbyname
socket
htons
inet_ntoa
connect
closesocket
send
recv
gethostname

psapi

GetModuleFileNameExA
EnumProcesses
EnumProcessModules

shlwapi

PathFileExistsA

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52a6b70e42575eb140b2ad25fcc76949

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

42:ad:aa:d1:64:df:93:e3:b5:ed:de:9a:38:e1:29:c5Certificate

Extended Key Usages

Key Usages

bb:86:5f:cb:e0:35:ab:fc:9e:59:19:5a:a8:62:07:72:f6:83:bf:42Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

dnsapi

ws2_32

psapi

shlwapi

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 37KB

Shared Size: 4KB - Virtual size: 1KB

.rsrc Size: 32KB - Virtual size: 29KB

.vmp0 Size: 80KB - Virtual size: 76KB

.reloc Size: 4KB - Virtual size: 132B

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

42:ad:aa:d1:64:df:93:e3:b5:ed:de:9a:38:e1:29:c5
Certificate

bb:86:5f:cb:e0:35:ab:fc:9e:59:19:5a:a8:62:07:72:f6:83:bf:42
Signer

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 37KB

Shared
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 32KB - Virtual size: 29KB

.vmp0
Size: 80KB - Virtual size: 76KB

.reloc
Size: 4KB - Virtual size: 132B