77552f844b233de7ff72f380f13d1e56_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

77552f844b233de7ff72f380f13d1e56_JaffaCakes118
Size

349KB
MD5

77552f844b233de7ff72f380f13d1e56
SHA1

f5288dd38ca4383b6e8368e2c5f6e6dfe7ae6e20
SHA256

90d46c35be6c5f3aaafc2bd0c977606432ffdd17983af4fa8a8fca9013807e9b
SHA512

54ea34ed1629a9aceb78e59bdb2c44e43dfeff4f345ed5c5eebd928475837a5b5163ea9524b056b598ec2c84dec20766036165f98f5115dca738401c55b53ae9
SSDEEP

6144:EdlSZ5eMUoOlVKNbjCF2U1CBN6rjTBxAOh+a7Bz40C:EX25e3lVw3Ch4erjT/D+h

Score

1^/10

Malware Config

Signatures

Files

77552f844b233de7ff72f380f13d1e56_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9ff25053abd94c7653cb2a5a1106d5aa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:f6:33:b2:64:72:f3:36:7c:84:ce:a1:b3:46:c2:5b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/07/2008, 00:00

Not After

11/07/2009, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D Center,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\sogouime36\Bin\SogouInput\SkinReg.pdb

Imports

user32

GetCursorPos
GetLastInputInfo
LoadCursorW
SubtractRect
FindWindowW
BeginPaint
CreateWindowExW
PtInRect
GetSystemMetrics
CloseWindow
TranslateMessage
AdjustWindowRect
GetForegroundWindow
EndPaint
DestroyWindow
GetMonitorInfoW
RegisterClassExW
DefWindowProcW
SetCursor
OffsetRect
SetTimer
IntersectRect
DispatchMessageW
InvalidateRect
GetMessageW
MonitorFromPoint
PostQuitMessage
GetWindowRect
GetWindowTextW
CheckDlgButton
EndDialog
GetClientRect
SendMessageW
GetWindowDC
SetWindowPos
IsDlgButtonChecked
DialogBoxParamW
MessageBoxW
GetParent
ReleaseDC
GetWindowLongW
DrawTextW
MonitorFromRect
SetForegroundWindow
SetWindowLongW

gdi32

SelectObject
GetTextExtentPoint32W
CreateCompatibleDC
CreatePen
DeleteObject
SetBkMode
DeleteDC
SetViewportOrgEx
Rectangle
SetTextColor
CreateFontIndirectW
GetStockObject
GetObjectW
BitBlt
CreateCompatibleBitmap
CreateSolidBrush

comctl32

InitCommonControlsEx

imm32

ImmDisableIME

kernel32

GetCurrentProcessId
GetSystemInfo
Process32NextW
Process32FirstW
GetTempPathW
CreateToolhelp32Snapshot
GetCurrentProcess
CreateThread
WaitForMultipleObjects
FormatMessageW
SetFilePointer
WriteFile
DuplicateHandle
ExitThread
CreateEventW
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
MultiByteToWideChar
InterlockedIncrement
InterlockedCompareExchange
RemoveDirectoryW
GetFileSize
Sleep
ReadFile
FlushFileBuffers
OpenMutexW
WaitForSingleObject
CreateMutexW
ReleaseMutex
WideCharToMultiByte
FreeLibrary
LoadLibraryW
HeapReAlloc
HeapAlloc
HeapFree
GetVersionExA
GetProcessHeap
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlUnwind
EnterCriticalSection
GetCommandLineW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetSystemTimeAsFileTime
TerminateProcess
IsDebuggerPresent
RaiseException
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapSize
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedDecrement
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetFullPathNameW
GetCurrentDirectoryA
GetTimeZoneInformation
InitializeCriticalSection
LoadLibraryA
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
FindClose
FindFirstFileW
LocalFree
FindNextFileW
CreateProcessW
SetFileAttributesW
CreateFileW
DeleteFileW
GetTempFileNameW
CloseHandle
CopyFileW
GetCurrentThreadId
CreateDirectoryW
MoveFileExW
SetLastError
GlobalAlloc
GlobalFree
GetTickCount
GetModuleHandleW
GetLastError
ExitProcess
GetProcAddress
LeaveCriticalSection
GetCommandLineA

advapi32

RegOpenKeyExW
RegQueryValueW
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegEnumKeyW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHFileOperationW

Sections

.text
Size: 228KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ff25053abd94c7653cb2a5a1106d5aa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

67:f6:33:b2:64:72:f3:36:7c:84:ce:a1:b3:46:c2:5bCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

user32

gdi32

comctl32

imm32

kernel32

advapi32

shell32

Sections

.text Size: 228KB - Virtual size: 224KB

.rdata Size: 88KB - Virtual size: 85KB

.data Size: 12KB - Virtual size: 22KB

.rsrc Size: 12KB - Virtual size: 10KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

67:f6:33:b2:64:72:f3:36:7c:84:ce:a1:b3:46:c2:5b
Certificate

.text
Size: 228KB - Virtual size: 224KB

.rdata
Size: 88KB - Virtual size: 85KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 12KB - Virtual size: 10KB