78de35512beaf629f566b89ca77212ec_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

78de35512beaf629f566b89ca77212ec_JaffaCakes118
Size

124KB
MD5

78de35512beaf629f566b89ca77212ec
SHA1

da86dcea6ffa7f197e2bb7105d21358be6ddbd30
SHA256

5a2d7327d3dedb42642ba1de29c8d62d24ece937d64a1a9377d47f77f0f0a925
SHA512

7eeea51680ee1339898031bb6752e27feff7d56ee12b95311a27bddb35b07560ca0cdaae325576a31054055275c2b8ad42fcc7cf674d1b2c5bbef898cce0c7c6
SSDEEP

3072:p297I6EsImnrtMedkP4BNlTONdYYNJTStyV/zzZe0Y+Q1v8Jgi2Bl:p29jEKI+DaNz3S8VLcF31kJgHl

Score

1^/10

Malware Config

Signatures

Files

78de35512beaf629f566b89ca77212ec_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e8a4601b3c815ba0ca4c4592c6b35e44

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:da:43:8e:69:27:c9:46:a4:9a:dd:3e:6a:c9:da:d2
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

09/11/2004, 00:00

Not After

21/11/2005, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f8:de:3a:55:15:fb:2a:e2:89:19:37:44:a7:df:84:4e:f0:b7:1b:39
Signer

Actual PE Digest

f8:de:3a:55:15:fb:2a:e2:89:19:37:44:a7:df:84:4e:f0:b7:1b:39

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\bld_area\navcon_r11.5.3\Norton_AntiVirus\Consumer\src\bin.ira\navapsvc.pdb

Imports

savrt32

ord2
ord9
ord10
ord6
ord51
ord28
ord38
ord44
ord4
ord39
ord35
ord27
ord29
ord33
ord32
ord34
ord43

n32exclu

_ExcludeSFN2LFN@12
_ExcludeIsValid@8
_ThreatDefaultExcludeTerminateEx@8
_ExcludeLFN2SFN@12
_ExcludeIsEx@16
_ExcludeIsDirEx@12
_ExcludeDelete@8
_ExcludeAddEx@12
_ExcludeGetCount@4
_ExcludeGet@20
_ThreatExcludeInit@4
_ExcludeCreateCopy@8
_ExcludeObjectsIdentical@8
_ExcludeKillCopy@4
_ThreatExcludeTerminateEx@8
_ThreatDefaultExcludeInit@4
_ExcludeDeleteIndex@8

kernel32

HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetStartupInfoA
ExitProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
ReleaseMutex
OpenEventA
GetPrivateProfileStringA
lstrcmpA
GetLogicalDrives
GetDriveTypeA
GetComputerNameA
GetTickCount
WaitForSingleObject
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventA
CloseHandle
GetProcAddress
LoadLibraryA
FreeLibrary
GetCurrentThreadId
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
WideCharToMultiByte
LoadLibraryExA
lstrcatA
GetFileAttributesA
MultiByteToWideChar
GetLastError
lstrcpyA
lstrlenA
FindCloseChangeNotification
PulseEvent
FindNextChangeNotification
WaitForMultipleObjects
FindFirstChangeNotificationA
GetShortPathNameA
GetVolumeInformationA
SetErrorMode
GetExitCodeThread
TerminateThread
InterlockedIncrement
InterlockedDecrement
SetProcessWorkingSetSize
GetCurrentProcess
lstrcmpW
GetModuleFileNameA
LocalFree
GetModuleHandleA
LocalAlloc
FormatMessageA
GetCurrentThread
CreateMutexA
GetCommandLineA
GetVersion
FindClose
FindNextFileA
FindFirstFileA
ResetEvent
GetTempPathA

user32

wsprintfA
CharNextA
DispatchMessageA
GetMessageA
LoadStringA
PostThreadMessageA
LoadStringW
GetSystemMetrics
CharPrevA
GetKeyboardType
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
MessageBoxA

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoInitialize
CoInitializeSecurity
CoUninitialize
CoInitializeEx

oleaut32

SafeArrayAccessData
SafeArrayDestroy
SafeArrayUnaccessData
VariantInit
VariantClear
SafeArrayCreateVector

msvcp71

??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGI@Z
?_Nomemory@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHPBG@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
?clear@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
?reserve@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z

atl71

ord23
ord61
ord18
ord22
ord17
ord20
ord49
ord32
ord64

shlwapi

PathRemoveBackslashA
PathAddBackslashA

msvcr71

_strcmpi
memset
strcat
_splitpath
_mbsnbcpy
strcpy
strlen
strncpy
_endthreadex
_beginthreadex
?what@exception@@UBEPBDXZ
_time64
_except_handler3
free
malloc
_resetstkoflw
memcmp
memmove
puts
_mbsrchr
wcslen
strcmp
swprintf
_mbsicmp
_mbsninc
_mbscmp
_mbstok
atol
_ultoa
strstr
_callnewh
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
__security_error_handler
__dllonexit
_onexit
?terminate@@YAXXZ
_controlfp
vsprintf
_vscprintf
_mbschr
_endthread
??1exception@@UAE@XZ
??0exception@@QAE@XZ
__CxxFrameHandler
??3@YAXPAX@Z
??0exception@@QAE@ABV0@@Z
_purecall
_CxxThrowException
_beginthread
sprintf
memcpy
_mbsinc

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8a4601b3c815ba0ca4c4592c6b35e44

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

4b:da:43:8e:69:27:c9:46:a4:9a:dd:3e:6a:c9:da:d2Certificate

Extended Key Usages

Key Usages

f8:de:3a:55:15:fb:2a:e2:89:19:37:44:a7:df:84:4e:f0:b7:1b:39Signer

Headers

File Characteristics

PDB Paths

Imports

savrt32

n32exclu

kernel32

user32

shell32

ole32

oleaut32

msvcp71

atl71

shlwapi

msvcr71

Sections

.text Size: 74KB - Virtual size: 73KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 7KB - Virtual size: 7KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

4b:da:43:8e:69:27:c9:46:a4:9a:dd:3e:6a:c9:da:d2
Certificate

f8:de:3a:55:15:fb:2a:e2:89:19:37:44:a7:df:84:4e:f0:b7:1b:39
Signer

.text
Size: 74KB - Virtual size: 73KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 7KB - Virtual size: 7KB