75876d65612cbdfebccf1065bedf284c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

75876d65612cbdfebccf1065bedf284c_JaffaCakes118
Size

157KB
MD5

75876d65612cbdfebccf1065bedf284c
SHA1

b2b30e2b37cbf69ffc2c93c7a683ec8da63a609d
SHA256

a8966bbc4a771da485bb79fbf7cac162bf6f55ab017a85ca1303d6e656b20b52
SHA512

0c15731a0b8fbbe63926c8dcfc24047fe9cdbe3ec3a093f3ffe90ce29e303e3437a1248f87c1293cc3bd499a504fa689385d427ecfa17b891fcc7efec858e6a3
SSDEEP

3072:g0/AMdBs/q7qxQy/2NZSj/MeZLV3EaPvjfG1k78tGdq4VYl5S:gzMBs/q7qxQy/27a/f5V3R7dH84VYm

Score

1^/10

Malware Config

Signatures

Files

75876d65612cbdfebccf1065bedf284c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3b44a7c85ba72d6cab091f4249e19025

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:a4:e3:40:b4:70:b6:9b:40:99:8f:7d:c4:94:d9:97
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24-11-2008 00:00

Not After

06-01-2011 23:59

Subject

CN=Trusteer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Trusteer,L=Tel-Aviv,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d5:ce:b0:d7:d7:57:0d:ba:45:a0:57:a5:96:72:b7:50:8e:11:0c:72
Signer

Actual PE Digest

d5:ce:b0:d7:d7:57:0d:ba:45:a0:57:a5:96:72:b7:50:8e:11:0c:72

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

RapportSetup.pdb

Imports

shlwapi

SHDeleteKeyA
SHDeleteValueA

kernel32

InitializeCriticalSection
IsWow64Process
GetCurrentProcess
CreateProcessA
GetProcAddress
LoadLibraryA
FreeLibrary
RemoveDirectoryA
DeleteFileA
CompareStringA
lstrlenA
GetModuleFileNameA
lstrcpyA
lstrcpynA
GetSystemDirectoryA
GetExitCodeProcess
GetFileAttributesA
CreateDirectoryA
WideCharToMultiByte
LoadResource
GetUserDefaultLangID
FindResourceExA
FindResourceA
SizeofResource
LockResource
CreateMutexA
GlobalFree
GlobalAlloc
GetModuleHandleA
GetVersionExA
GetEnvironmentVariableA
WaitForSingleObject
GetTempPathA
SetLastError
TerminateProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
LocalFree
FormatMessageA
OutputDebugStringA
MultiByteToWideChar
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
HeapSize
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
FreeEnvironmentStringsA
GetFileType
SetHandleCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
SetFilePointer
WriteFile
ReadFile
CloseHandle
CreateFileA
GetLastError
GetEnvironmentStrings
FreeEnvironmentStringsW
GetTickCount
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
LocalAlloc
InterlockedExchange
RaiseException
HeapAlloc
HeapFree
GetCurrentThreadId
RtlUnwind
GetCommandLineA
GetProcessHeap
GetStartupInfoA
HeapReAlloc
HeapDestroy
HeapCreate
ExitProcess
GetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
GetCPInfo
GetEnvironmentStringsW

user32

CharNextA
CreateDialogParamA
SetWindowTextA
MoveWindow
SetFocus
ShowWindow
SetForegroundWindow
LoadIconA
LoadCursorA
SetCursor
GetDlgItem
SendMessageA
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
SetDlgItemTextA
DestroyWindow
GetWindowRect
SystemParametersInfoA
GetSystemMetrics
GetForegroundWindow
MessageBoxA
CharPrevA

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
FreeSid
QueryServiceStatus
OpenSCManagerA
OpenServiceA
StartServiceA
CloseServiceHandle
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
EqualSid

shell32

ShellExecuteExA
ShellExecuteA
SHGetFolderPathA
SHFileOperationA

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b44a7c85ba72d6cab091f4249e19025

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

31:a4:e3:40:b4:70:b6:9b:40:99:8f:7d:c4:94:d9:97Certificate

Extended Key Usages

Key Usages

d5:ce:b0:d7:d7:57:0d:ba:45:a0:57:a5:96:72:b7:50:8e:11:0c:72Signer

Headers

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

advapi32

shell32

Sections

.text Size: 76KB - Virtual size: 73KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 44KB - Virtual size: 40KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

31:a4:e3:40:b4:70:b6:9b:40:99:8f:7d:c4:94:d9:97
Certificate

d5:ce:b0:d7:d7:57:0d:ba:45:a0:57:a5:96:72:b7:50:8e:11:0c:72
Signer

.text
Size: 76KB - Virtual size: 73KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 44KB - Virtual size: 40KB