737cb796b8b96b5e2bdbe9cd919727c9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

737cb796b8b96b5e2bdbe9cd919727c9_JaffaCakes118
Size

54KB
MD5

737cb796b8b96b5e2bdbe9cd919727c9
SHA1

01c5f51d0069fd2f56cd60deaa26ec5e3ef9bb93
SHA256

f1ea7a163dbb242d4ca9c687edc7f616759b02798547d347b50ada0b8f0c8cc6
SHA512

1f13f4ec0ccaa1546afabd9c458b891ec6efcab2f75d746c0c78fa3c8cd1fcdac4e9cee732d97b6973c94f9a8727d0d3527dcca15c0a321b9f4d48926446e33c
SSDEEP

1536:QgX1PLwijJ/yUT0h4K6Mb8gX8tdoj6GjRo:b1Lwijoogstdojzdo

Score

1^/10

Malware Config

Signatures

Files

737cb796b8b96b5e2bdbe9cd919727c9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

79a59b431f82a25bfd21dc9a89eddb67

Code Sign

01:00:00:00:00:01:1d:91:a4:6e:5b
Certificate

Issuer

CN=Cybertrust Educational CA,OU=Educational CA,O=Cybertrust,C=BE

Not Before

12/11/2008, 16:59

Not After

12/11/2011, 16:59

Subject

CN=stfmail.ccn.ac.uk,OU=I.T. Services,O=City College Norwich,L=Norwich,ST=Norfolk,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

04:00:03:fb
Certificate

Issuer

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Not Before

14/03/2006, 20:30

Not After

14/03/2013, 23:59

Subject

CN=Cybertrust Educational CA,OU=Educational CA,O=Cybertrust,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:d2:70:89:2f:07:d9:f1:17:bc:8b:b8:a4:fa:5a:9d:e2:b7:e4:82
Signer

Actual PE Digest

3d:d2:70:89:2f:07:d9:f1:17:bc:8b:b8:a4:fa:5a:9d:e2:b7:e4:82

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
VirtualAllocEx
OpenProcess
GetProcAddress
GetModuleHandleA
GetCurrentProcessId
GetSystemDirectoryA
Process32Next
Process32First
CreateToolhelp32Snapshot
MoveFileExA
WriteProcessMemory
CreateRemoteThread
CreateFileA
CreateDirectoryA
FlushFileBuffers
GetLastError
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
WriteFile
InitializeCriticalSection
GetTickCount
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
ReadFile
GetCPInfo
GetACP
GetOEMCP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetStdHandle
InterlockedDecrement
InterlockedIncrement
GetStringTypeA
GetStringTypeW
LoadLibraryA
SetEndOfFile
CreateProcessA
GetExitCodeProcess
Sleep
GetLocalTime
GetFileAttributesA
SetFileAttributesA
CopyFileA
GetModuleFileNameA
DeleteCriticalSection
DeleteFileA

shell32

SHGetSpecialFolderPathA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
FreeSid
CheckTokenMembership
RegCloseKey
AllocateAndInitializeSid

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

79a59b431f82a25bfd21dc9a89eddb67

Code Sign

01:00:00:00:00:01:1d:91:a4:6e:5bCertificate

Key Usages

04:00:03:fbCertificate

Key Usages

3d:d2:70:89:2f:07:d9:f1:17:bc:8b:b8:a4:fa:5a:9d:e2:b7:e4:82Signer

Headers

File Characteristics

Imports

kernel32

shell32

advapi32

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 14KB

01:00:00:00:00:01:1d:91:a4:6e:5b
Certificate

04:00:03:fb
Certificate

3d:d2:70:89:2f:07:d9:f1:17:bc:8b:b8:a4:fa:5a:9d:e2:b7:e4:82
Signer

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 14KB