8401e6f9b3795475640f70e16365e3b7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8401e6f9b3795475640f70e16365e3b7_JaffaCakes118
Size

2.7MB
MD5

8401e6f9b3795475640f70e16365e3b7
SHA1

641664bda47ded84af855145d3303cb4ca404430
SHA256

1b759babe342c223342238964907620cfd54f46dfd82ff0bc3dbf35afd7f9447
SHA512

eccd10fb11ae02380f1b9ccf9b1ec94d6ca2ddaf3b4d5e59363dd2065cf00aea35055be44e4777133b2f7552ec1752417508c8dda36220c5a01850d8844e3311
SSDEEP

49152:lbuP0QUDH0TJ/BCewVRmjzhO4ZsFdNUqETkEHXB+vndBDqUN6+:lbuPlUDH0TJZCencEsqXR8nzeb

Score

1^/10

Malware Config

Signatures

Files

8401e6f9b3795475640f70e16365e3b7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bd4fb3744a6f739ad65ca43b2d30a68c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:69:e9:79:07:f3:83:e4:ff:81:ae:9b:04:5c:64:aa
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18/12/2008, 00:00

Not After

20/01/2010, 23:59

Subject

CN=Fun Web Products,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Fun Web Products,L=White Plains,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateProcessA
GetPriorityClass
GetCurrentProcess
DeleteFileA
SetFileAttributesA
ResumeThread
GetCurrentThreadId
CreateEventA
SetEvent
GetExitCodeThread
GetStartupInfoA
ExitProcess
GetCommandLineA
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
GetProcessHeap
HeapReAlloc
HeapFree
CreateThread
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
WaitForMultipleObjects
ReadFile
GetFileSize
MoveFileA
GetShortPathNameA
GetWindowsDirectoryA
SetLastError
GetExitCodeProcess
CreateFileA
WriteFile
LocalFree
GetProcAddress
GetTempPathA
EnumResourceNamesA
FindResourceA
LoadResource
LockResource
SizeofResource
lstrcmpiA
lstrlenA
lstrcpyA
GetModuleFileNameA
lstrcatA
FreeLibrary
LoadLibraryA
lstrlenW
WideCharToMultiByte
HeapAlloc
GetModuleHandleA

user32

SetWindowTextA
GetSystemMetrics
EndDeferWindowPos
DeferWindowPos
ScreenToClient
BeginDeferWindowPos
PostMessageA
CharNextA
DispatchMessageA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects
GetSysColor
LoadStringA
GetClientRect
GetDC
LoadCursorA
SetCursor
SetWindowLongA
GetWindowTextA
EndDialog
SetTimer
InvalidateRect
UpdateWindow
DefWindowProcA
RedrawWindow
GetDlgItem
EnableWindow
SetForegroundWindow
SendMessageA
SendDlgItemMessageA
GetWindowRect
MapWindowPoints
SetWindowPos
KillTimer
ReleaseDC
DialogBoxParamA
LoadImageA
wsprintfA

gdi32

GetDeviceCaps
CreateHalftonePalette
DeleteObject
UpdateColors
SetTextColor
SelectPalette
CreateFontIndirectA
CreateCompatibleDC
GetObjectA
DeleteDC
RealizePalette
BitBlt
SelectObject

advapi32

RegCreateKeyExA
RegSetValueExA
RegFlushKey
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegDeleteValueA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantInit
VariantClear

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd4fb3744a6f739ad65ca43b2d30a68c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

74:69:e9:79:07:f3:83:e4:ff:81:ae:9b:04:5c:64:aaCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 12KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 2.6MB - Virtual size: 2.6MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

74:69:e9:79:07:f3:83:e4:ff:81:ae:9b:04:5c:64:aa
Certificate

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 2.6MB - Virtual size: 2.6MB