67edf75e6a2efbe3f9979f4e2f87842e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

67edf75e6a2efbe3f9979f4e2f87842e_JaffaCakes118
Size

259KB
MD5

67edf75e6a2efbe3f9979f4e2f87842e
SHA1

d31b132d66ff771f9598d87e2e5c7069130a4d20
SHA256

a48c877248bc033d636206c2adc349a58aa10ae68b5e736733a4229038fc11bd
SHA512

b500eeb74f1326c7aedd10620dc2ff8b72bc2bb6d1e5ebe90c1a7c974ff6691eefddeb473bc3aabc9d5fe733cf299f76ab33a62c40b22b81399b07fa1243ef41
SSDEEP

3072:pVWIbbNbOp3n9N41CN/sqSGDqCAh6paSQGUDDlOOsC/R9cYOoH:ptbbNbOJn0y/s+DO8AS60OsCjfZH

Score

1^/10

Malware Config

Signatures

Files

67edf75e6a2efbe3f9979f4e2f87842e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a94c86df9efff9b94afd0cbd92a8cb72

Code Sign

31:1b:d7:df:e6:e9:eb:bb:23:6c:a8:c1:d8:45:dc:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/10/2009, 00:00

Not After

22/11/2012, 23:59

Subject

CN=InterLogic Ltd.,OU=Digital ID Class 3 - Microsoft VBA Software Validation v2+OU=Skill Games,O=InterLogic Ltd.,L=Carmel,ST=North,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:64:c5:4c:e0:7d:35:3a:e0:60:95:bd:25:8b:b1:8e:f4:34:ce:a0
Signer

Actual PE Digest

50:64:c5:4c:e0:7d:35:3a:e0:60:95:bd:25:8b:b1:8e:f4:34:ce:a0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

kernel32

LocalFree
SetEnvironmentVariableA
SetEndOfFile
GetLocaleInfoW
SetStdHandle
lstrlenW
MultiByteToWideChar
GetOEMCP
GetCurrentThreadId
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
GetLastError
IsValidLocale
lstrcmpiA
lstrlenA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
CloseHandle
CompareStringA
CompareStringW
WriteFile
DeleteFileA
FreeLibrary
EndUpdateResourceA
UpdateResourceA
SizeofResource
BeginUpdateResourceA
LockResource
LoadResource
FindResourceA
LoadLibraryExA
CreateDirectoryA
CreateFileA
TerminateProcess
OpenProcess
GetStringTypeA
Sleep
GetModuleFileNameA
GetTempPathA
CreateProcessA
SetLastError
GetFileType
GetFileAttributesA
VerifyVersionInfoA
GetProcAddress
GetModuleHandleA
CopyFileA
SetCurrentDirectoryA
SetHandleCount
HeapAlloc
FreeEnvironmentStringsW
GetCurrentDirectoryA
GetEnvironmentStrings
GetExitCodeProcess
WaitForSingleObject
SetFileAttributesA
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
SetFilePointer
FlushFileBuffers
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetTickCount
QueryPerformanceCounter
IsBadWritePtr
VirtualFree
HeapCreate
GetProcessHeap
HeapFree
GetCurrentProcess
GetCPInfo
LCMapStringW
InterlockedIncrement
InterlockedDecrement
LCMapStringA
ExitThread
lstrcpynA
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
WideCharToMultiByte
GetVersionExA
IsDBCSLeadByte
GetTimeZoneInformation
MoveFileExA
GetCurrentProcessId
GetThreadLocale
ReadFile
GetFileSize
CreateThread
LoadLibraryA
MoveFileA
GetSystemTimeAsFileTime
Process32Next
Process32First
CreateToolhelp32Snapshot
FindClose
FindNextFileA
FindFirstFileA
GetCommandLineA
RemoveDirectoryA
GetStartupInfoA
SetEvent
ResetEvent
WaitForMultipleObjects
CreateEventA
RtlUnwind
GetLocaleInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
ExitProcess
HeapSize
HeapReAlloc
HeapDestroy
GetACP
InterlockedExchange
GetEnvironmentStringsW

user32

EnumWindows
IsWindowVisible
GetWindowLongA
PostMessageA
DefWindowProcA
PostQuitMessage
UnregisterClassA
LoadCursorA
GetWindowThreadProcessId
GetClassInfoExA
MessageBoxA
ShowWindow
ScreenToClient
GetClientRect
SetWindowLongA
SetWindowTextA
MoveWindow
SetWindowPos
GetWindowRect
InvalidateRect
GetDlgItem
SendMessageA
MapWindowPoints
SystemParametersInfoA
GetWindow
GetParent
CreateWindowExA
wsprintfA
DestroyWindow
GetActiveWindow
CharNextA
DialogBoxParamA
CreateIconFromResource
GetSystemMetrics
CallWindowProcA
RegisterClassExA
EndDialog

shell32

ShellExecuteA
SHFileOperationA
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

advapi32

RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
GetUserNameA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA

wininet

HttpOpenRequestA
InternetCloseHandle
HttpQueryInfoA
InternetConnectA
InternetOpenA
InternetReadFile
InternetSetOptionA
InternetQueryOptionA
HttpSendRequestA
HttpAddRequestHeadersA

ole32

CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
SysStringLen
LoadTypeLi
LoadRegTypeLi
SysAllocStringLen
VariantClear
VariantInit
SysFreeString

Sections

.text
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a94c86df9efff9b94afd0cbd92a8cb72

Code Sign

31:1b:d7:df:e6:e9:eb:bb:23:6c:a8:c1:d8:45:dc:8dCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

50:64:c5:4c:e0:7d:35:3a:e0:60:95:bd:25:8b:b1:8e:f4:34:ce:a0Signer

Headers

File Characteristics

Imports

comctl32

kernel32

user32

shell32

advapi32

wininet

ole32

oleaut32

Sections

.text Size: 176KB - Virtual size: 172KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 24KB - Virtual size: 29KB

.rsrc Size: 20KB - Virtual size: 17KB

31:1b:d7:df:e6:e9:eb:bb:23:6c:a8:c1:d8:45:dc:8d
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

50:64:c5:4c:e0:7d:35:3a:e0:60:95:bd:25:8b:b1:8e:f4:34:ce:a0
Signer

.text
Size: 176KB - Virtual size: 172KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 24KB - Virtual size: 29KB

.rsrc
Size: 20KB - Virtual size: 17KB