7678f4ee0c366413f3b5f71317989eaa_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

7678f4ee0c366413f3b5f71317989eaa_JaffaCakes118
Size

1.0MB
MD5

7678f4ee0c366413f3b5f71317989eaa
SHA1

a2887fb0f82bc4672737fc29cd96471d74083190
SHA256

c9bd255e859e394937e3c10b8a72a95ffc525a438c3d605c5a5763059ea489b6
SHA512

2e3f752ee220fd15794c3d9766d86e05191678af26e83b5d66007d74717ee7b2e655235ddd94e965fc0b3fdc65b8f3b99d135d2a88c8b5b877580587c9d46806
SSDEEP

24576:0/HCzAtJmN5a2lzroWWDeSxX+ce//twPKdET3ShSrEgElzroWWDeSxX+ce//twPB:F8tm3rcX+ce//twPKd4ShSrercX+ce/I

Score

1^/10

Malware Config

Signatures

Files

7678f4ee0c366413f3b5f71317989eaa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ff476809d9c3b3d4799cb77c57b41d91

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:e5:4b:be:25:df:3d:30:bd:27:3c:27:af:79:d3:c3
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

21-04-2008 00:00

Not After

21-04-2010 23:59

Subject

CN=SPAMfighter ApS,OU=Application Development,O=SPAMfighter ApS,L=Copenhagen,ST=Denmark,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

db:af:69:86:9e:c0:f5:5f:b4:53:a2:2b:55:b0:af:98:f7:96:03:a6
Signer

Actual PE Digest

db:af:69:86:9e:c0:f5:5f:b4:53:a2:2b:55:b0:af:98:f7:96:03:a6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\TFS\SLOW-PCfighter\trunk\Installer\Builds\Win32\Release (Static Runtime, Windows 98)\Reader.pdb

Imports

kernel32

ReleaseMutex
OpenMutexA
CloseHandle
GetCurrentProcess
WriteFile
CreateMutexA
SetFilePointer
GetProcAddress
GetLastError
GetModuleHandleA
WaitForSingleObject
GetModuleFileNameA
SetCurrentDirectoryA
ReadFile
CreateDirectoryA
GetVersionExA
FindNextFileA
FindClose
GetCurrentProcessId
GetTempPathA
FormatMessageA
FindFirstFileA
LocalFree
DeleteFileA
TerminateProcess
RemoveDirectoryA
ExpandEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLocaleInfoA
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapSize
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LoadLibraryA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA

user32

MessageBoxA

advapi32

RegQueryValueExW
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyExW
RegSetValueExW

shell32

ShellExecuteExA

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff476809d9c3b3d4799cb77c57b41d91

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

41:e5:4b:be:25:df:3d:30:bd:27:3c:27:af:79:d3:c3Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

db:af:69:86:9e:c0:f5:5f:b4:53:a2:2b:55:b0:af:98:f7:96:03:a6Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 95KB - Virtual size: 95KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 74KB - Virtual size: 74KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

41:e5:4b:be:25:df:3d:30:bd:27:3c:27:af:79:d3:c3
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

db:af:69:86:9e:c0:f5:5f:b4:53:a2:2b:55:b0:af:98:f7:96:03:a6
Signer

.text
Size: 95KB - Virtual size: 95KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 74KB - Virtual size: 74KB