82b61cfffcb652d1e15e8a80511d4102_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

82b61cfffcb652d1e15e8a80511d4102_JaffaCakes118
Size

128KB
MD5

82b61cfffcb652d1e15e8a80511d4102
SHA1

46b1912f3760e199830a478a0deb08084e902f46
SHA256

da6739142bcf3c07dd23b531f53c6751cbe0ca28715f9f9438a64dcd7545ce25
SHA512

4c822ecfafad59bd913e67fbed7f34ee731ea741ec8379384e8115cb430f4697e2a8cf27f6bd2d04a1ae99a69dda2e86833458925f1795133f6568435cdc72c2
SSDEEP

3072:JS2SOrQzmotYimBvhg3IpGQ1q9dvdfU6Y8h0rtcmshDjDtqRX/Pl:JWOszpYeYQ1tBhecmOjDtqhPl

Score

1^/10

Malware Config

Signatures

Files

82b61cfffcb652d1e15e8a80511d4102_JaffaCakes118
.exe windows:4 windows x86 arch:x86

921b8b40f8f259801a7c072aa116a6b7

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:d8:c5:02:dd:23:79:9e:05:49:bd:38:96:5a:a6:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

14-04-2009 00:00

Not After

14-04-2011 23:59

Subject

CN=AnchorFree Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AnchorFree Inc,L=Sunnyvale,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d3:02:a4:5f:33:a2:f3:93:0c:ad:b2:c2:59:66:fa:9b:be:eb:0d:65
Signer

Actual PE Digest

d3:02:a4:5f:33:a2:f3:93:0c:ad:b2:c2:59:66:fa:9b:be:eb:0d:65

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

libcurl

curl_easy_cleanup
curl_easy_init
curl_easy_perform
curl_easy_setopt
curl_formadd
curl_formfree
curl_global_init
curl_multi_add_handle
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_slist_append
curl_slist_free_all

libeay32

MD5
MD5_Final
MD5_Init
MD5_Update

advapi32

ChangeServiceConfig2A
CloseServiceHandle
ControlService
CreateServiceA
DeleteService
DeregisterEventSource
InitializeSecurityDescriptor
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegisterEventSourceA
RegisterServiceCtrlHandlerExA
ReportEventA
SetSecurityDescriptorDacl
SetServiceStatus
StartServiceA
StartServiceCtrlDispatcherA

iphlpapi

GetAdaptersInfo

kernel32

AddAtomA
CloseHandle
CompareFileTime
CreateDirectoryA
CreateEventA
CreateFileA
CreateProcessA
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
FindAtomA
FormatMessageA
GetAtomNameA
GetLastError
GetModuleFileNameA
GetStartupInfoA
GetStdHandle
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetTickCount
GetVolumeInformationA
InitializeCriticalSection
InterlockedExchange
LeaveCriticalSection
LocalFree
Process32First
Process32Next
ResetEvent
SetConsoleCtrlHandler
SetEvent
SetFilePointer
SetLastError
SetUnhandledExceptionFilter
Sleep
WaitForSingleObject
WriteFile
lstrlenA

msvcrt

_close
_fstat
_open
_read
_stat
_strdup
_unlink
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_iob
_isctype
_mkdir
_onexit
_pctype
_setmode
_snprintf
_splitpath
_stat
_stricmp
abort
atexit
atoi
calloc
ctime
exit
fclose
fflush
fgets
fopen
fprintf
fread
free
fseek
ftell
fwrite
gmtime
malloc
memcpy
memmove
memset
printf
putchar
puts
rand
realloc
rename
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strlen
strncat
strncmp
strncpy
strrchr
strstr
strtok
time
vfprintf

shell32

SHGetFolderPathA

ws2_32

WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
gethostname
htonl
htons
ioctlsocket
listen
ntohs
recv
select
send
socket

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

921b8b40f8f259801a7c072aa116a6b7

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

3b:d8:c5:02:dd:23:79:9e:05:49:bd:38:96:5a:a6:8dCertificate

Extended Key Usages

Key Usages

d3:02:a4:5f:33:a2:f3:93:0c:ad:b2:c2:59:66:fa:9b:be:eb:0d:65Signer

Headers

File Characteristics

Imports

libcurl

libeay32

advapi32

iphlpapi

kernel32

msvcrt

shell32

ws2_32

Sections

.text Size: 94KB - Virtual size: 94KB

.data Size: 1024B - Virtual size: 608B

.rdata Size: 24KB - Virtual size: 23KB

.bss Size: - Virtual size: 6KB

.idata Size: 5KB - Virtual size: 4KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

3b:d8:c5:02:dd:23:79:9e:05:49:bd:38:96:5a:a6:8d
Certificate

d3:02:a4:5f:33:a2:f3:93:0c:ad:b2:c2:59:66:fa:9b:be:eb:0d:65
Signer

.text
Size: 94KB - Virtual size: 94KB

.data
Size: 1024B - Virtual size: 608B

.rdata
Size: 24KB - Virtual size: 23KB

.bss
Size: - Virtual size: 6KB

.idata
Size: 5KB - Virtual size: 4KB