67654435d4740a06e9bcfef938c4ec5e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

67654435d4740a06e9bcfef938c4ec5e_JaffaCakes118
Size

265KB
MD5

67654435d4740a06e9bcfef938c4ec5e
SHA1

ce5e6ae7cec3eb270f8bc2016643847db42750c0
SHA256

431b78465493a211bb0c4a5ecdbba2d6cd9e95a545374849b65c1cc7169a69d4
SHA512

b018df18757d5499f3ca95763413685370714ed7c57d22eda36b5845b117a5d68f5cf48e30dd12ce0b745cde33ac0188ea1b775c76272948d7ef474a092640c8
SSDEEP

3072:jEMxoSPII+rmaeo+zrc5pjXmyGAWhjXxfnfgpQSP7MSHkRiFMvbd5Zvd+OskSMeQ:jEqPu5jWyFWhjh/fgpQSY3ihdK

Score

1^/10

Malware Config

Signatures

Files

67654435d4740a06e9bcfef938c4ec5e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

96dc3659d872ba582b678abeb950fe33

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

29:ab:bf:b3:04:a7:81:82:9f:d1:e6:2c:77:3a:4a:ff
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

14/06/2006, 00:00

Not After

15/07/2009, 23:59

Subject

CN=Sun Microsystems\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Sun Microsystems,O=Sun Microsystems\, Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILD_AREA\jdk6\control\build\windows-i586\tmp\deploy\plugin\jucheck\obj\jucheck.pdb

Imports

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

user32

GetDC
DestroyWindow
FillRect
SetCapture
ReleaseCapture
GetSysColor
DefWindowProcA
MsgWaitForMultipleObjects
IsWindowUnicode
GetMessageW
GetMessageA
TranslateMessage
DispatchMessageW
DispatchMessageA
PeekMessageA
wsprintfA
GetDesktopWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
GetClassNameA
GetParent
CreateAcceleratorTableA
CreateWindowExA
LoadCursorA
GetClassInfoExA
ReleaseDC
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
RegisterWindowMessageA
DialogBoxIndirectParamA
LoadImageA
PostMessageA
TrackPopupMenu
SetForegroundWindow
InvalidateRect
InvalidateRgn
CallWindowProcA
EndPaint
BeginPaint
SetFocus
GetWindow
IsChild
GetFocus
SendMessageA
IsWindow
GetDlgItem
GetCursorPos
AppendMenuA
CreatePopupMenu
PostQuitMessage
ShowWindow
RegisterClassA
EnableWindow
SetCursor
PtInRect
GetWindowRect
EndDialog
LoadBitmapA
GetDlgCtrlID
SetWindowContextHelpId
MapDialogRect
LoadStringA
MessageBoxA
DestroyAcceleratorTable
RegisterClassExA
RedrawWindow
CharNextA
UnregisterClassA
GetClientRect

gdi32

SetTextColor
SetBkMode
SaveDC
SetGraphicsMode
ModifyWorldTransform
SetViewportOrgEx
SetWindowOrgEx
DPtoLP
CreateFontIndirectA
RestoreDC
CreateSolidBrush
GetStockObject
GetObjectA
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
StretchBlt

comctl32

ord17

wintrust

WinVerifyTrust

wininet

HttpAddRequestHeadersA
InternetTimeFromSystemTime
InternetErrorDlg
InternetTimeToSystemTime
InternetReadFile
InternetGetConnectedState
InternetOpenA
InternetCrackUrlA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetCloseHandle

urlmon

URLDownloadToFileA

shell32

Shell_NotifyIconA
ShellExecuteA

kernel32

GetTempPathA
LockResource
GlobalHandle
GlobalFree
SetLastError
GlobalLock
GlobalUnlock
MulDiv
GetCurrentThreadId
CreateProcessA
GetExitCodeProcess
CreateFileA
GetFileSize
GetFileTime
FileTimeToSystemTime
Sleep
SystemTimeToFileTime
CompareFileTime
QueryPerformanceCounter
SetEndOfFile
WaitForSingleObject
WriteFile
HeapAlloc
FormatMessageA
HeapFree
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
lstrcmpA
lstrcpyA
lstrcatA
IsDBCSLeadByte
lstrcpynA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetModuleFileNameA
lstrlenA
MultiByteToWideChar
GetModuleHandleA
lstrlenW
InterlockedDecrement
InterlockedIncrement
DeleteFileA
SetEvent
WaitForMultipleObjects
ResetEvent
CreateThread
CreateEventA
GetSystemTime
GetProcAddress
LoadLibraryA
GetSystemInfo
GetEnvironmentVariableA
LocalFree
SystemTimeToTzSpecificLocalTime
GetTickCount
GetCurrentProcessId
ReadFile
SetHandleInformation
CreatePipe
GetStartupInfoA
GetProcessHeap
ExitProcess
GetSystemTimeAsFileTime
SetFilePointer
GetCommandLineA
lstrcmpiA
CreateMutexA
GetLastError
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeSecurity
StringFromGUID2
OleLockRunning
CreateStreamOnHGlobal
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleInitialize
StringFromCLSID
OleUninitialize

oleaut32

OleCreateFontIndirect
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
VariantInit
VariantClear
SysFreeString
SysStringByteLen
SysStringLen
SysAllocString
SysAllocStringLen

msvcr71

_strdup
_stricmp
_strcmpi
srand
strncat
strncpy
time
localtime
asctime
sscanf
_controlfp
__security_error_handler
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_purecall
_splitpath
??2@YAPAXI@Z
strstr
sprintf
_CxxThrowException
realloc
??_U@YAPAXI@Z
_resetstkoflw
malloc
strncmp
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z
free
_except_handler3
rand
strrchr
isspace
iswspace
memset
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
strtol

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96dc3659d872ba582b678abeb950fe33

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

29:ab:bf:b3:04:a7:81:82:9f:d1:e6:2c:77:3a:4a:ffCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

advapi32

user32

gdi32

comctl32

wintrust

wininet

urlmon

shell32

kernel32

ole32

oleaut32

msvcr71

Sections

.text Size: 72KB - Virtual size: 69KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 156KB - Virtual size: 155KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

29:ab:bf:b3:04:a7:81:82:9f:d1:e6:2c:77:3a:4a:ff
Certificate

.text
Size: 72KB - Virtual size: 69KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 156KB - Virtual size: 155KB