847555af9cf78183257c3cb7c363b049_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

847555af9cf78183257c3cb7c363b049_JaffaCakes118
Size

4.2MB
MD5

847555af9cf78183257c3cb7c363b049
SHA1

9c937c647280f58e29f1488617adee5f1377d9a5
SHA256

20eb4430e3b85107f79d1fb99e27ba3d031e5624ed6979d02abf2423ca7ba787
SHA512

c7dd73aaf5088304383573ad56365dbf4f585de83be3602c8912f445a1d17fb05c398a5dc29df19998ac4deea1494bdbb865b3d345bde3b3ee4a75ec693e247f
SSDEEP

98304:MFZR+oUwfywe23sO1TCuQgDDVX51/y8fqrn5p0hK7Uw2RY1w:ops23sO1WDg3968fA5pFoRYu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/iNViSiBLE/aep.exe

Files

847555af9cf78183257c3cb7c363b049_JaffaCakes118
.rar
aeppro_setup.exe
.exe windows:5 windows x86 arch:x86

5b5affe5cc3d8e2098fc60270b23e0a6

Code Sign

01:00:00:00:00:01:10:54:6b:82:03
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

24/01/2007, 14:03

Not After

24/01/2008, 14:03

Subject

CN=SecureAction Research LLC,O=SecureAction Research LLC,C=US,1.2.840.113549.1.9.1=#0c18737570706f727440736563757265616374696f6e2e636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

92:1c:d5:ca:6e:fa:b7:3f:3f:5d:32:df:56:de:32:7f:b1:bd:c8:53
Signer

Actual PE Digest

92:1c:d5:ca:6e:fa:b7:3f:3f:5d:32:df:56:de:32:7f:b1:bd:c8:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalAlloc
GetLastError
GetCurrentProcess
LoadLibraryA
CloseHandle
LocalFree
GetFileAttributesA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrlenA
lstrcmpiA
lstrcatA
GetShortPathNameA
GetSystemDirectoryA
RemoveDirectoryA
lstrcpyA
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
GetModuleFileNameA
FindClose
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
ExitProcess
GetProcAddress
GetStartupInfoA
GetCommandLineA
LoadResource
FindResourceA
CreateMutexA
SetEvent
CreateEventA
SetCurrentDirectoryA
CreateThread
ResetEvent
TerminateThread
GetVersionExA
FreeLibrary
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
FreeResource
LockResource
SizeofResource
CreateFileA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetTempFileNameA
GetSystemInfo
GetDriveTypeA
lstrcpynA
GetVolumeInformationA
GetCurrentDirectoryA
LoadLibraryExA
GetModuleHandleA
CreateDirectoryA
ExpandEnvironmentStringsA
FormatMessageA
EnumResourceLanguagesA
MulDiv
GetDiskFreeSpaceA

gdi32

GetDeviceCaps

user32

ExitWindowsEx
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
wsprintfA
GetWindowLongA
CallWindowProcA
GetDlgItem
SetForegroundWindow
SetWindowTextA
SendDlgItemMessageA
EnableWindow
GetDesktopWindow
EndDialog
DispatchMessageA
LoadStringA
PeekMessageA
MessageBoxA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
ShowWindow
DialogBoxIndirectParamA
SetDlgItemTextA
MessageBeep
SendMessageA
GetDlgItemTextA
MsgWaitForMultipleObjects
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
iNViSiBLE/aep.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 977KB - Virtual size: 980KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
安装说明.url
.url

Sharing

General

Malware Config

Signatures

Files

5b5affe5cc3d8e2098fc60270b23e0a6

Code Sign

01:00:00:00:00:01:10:54:6b:82:03Certificate

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:08:d9:61:1c:d6Certificate

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:08:d9:61:24:48Certificate

Key Usages

92:1c:d5:ca:6e:fa:b7:3f:3f:5d:32:df:56:de:32:7f:b1:bd:c8:53Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

comctl32

version

Sections

.text Size: 34KB - Virtual size: 33KB

.data Size: 1024B - Virtual size: 7KB

.rsrc Size: 3.3MB - Virtual size: 3.3MB

Headers

File Characteristics

Sections

Size: - Virtual size: 1.9MB

Size: 977KB - Virtual size: 980KB

01:00:00:00:00:01:10:54:6b:82:03
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

04:00:00:00:00:01:08:d9:61:24:48
Certificate

92:1c:d5:ca:6e:fa:b7:3f:3f:5d:32:df:56:de:32:7f:b1:bd:c8:53
Signer

.text
Size: 34KB - Virtual size: 33KB

.data
Size: 1024B - Virtual size: 7KB

.rsrc
Size: 3.3MB - Virtual size: 3.3MB