84cd6aa3c186f4ccb1a62d854aef4edd_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

84cd6aa3c186f4ccb1a62d854aef4edd_JaffaCakes118
Size

268KB
MD5

84cd6aa3c186f4ccb1a62d854aef4edd
SHA1

b34c43d4fe3e7eed7a7484bbc21f9c8591bd25b9
SHA256

7314f1d0e17ef476e05c1f6b5b4eb741fa678a75545c8611571ed64fab5a3ffa
SHA512

73f347043a4362376eac0a6c815cf2481defd37f7a0febfe634bf0c45879363321fe8d1b201297936e52deb50c4526ae2a682d5da4a94e70aa352fe37553276b
SSDEEP

3072:EfaRbrjohi5LtEOe6/vvCr88J4LBqLGmGmT9Q0MlWxWhndSIvi6pf2v7u9J:EyBuOTHCQLBqLHGmhQ95TJ2EJ

Score

1^/10

Malware Config

Signatures

Files

84cd6aa3c186f4ccb1a62d854aef4edd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2b7ff9f7fe575a6d22142d59ef09ac40

Code Sign

53:8f:5a:c1:92:19:a7:38:ef:bf:60:94:99:ad:c7:e3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17-03-2011 00:00

Not After

15-05-2014 23:59

Subject

CN=Guangzhou Kugou Computer Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Guangzhou Kugou Computer Technology Co.\, Ltd.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c2:cc:06:bf:60:49:07:ae:32:c9:12:bc:ff:43:07:c1:47:a5:a8:78
Signer

Actual PE Digest

c2:cc:06:bf:60:49:07:ae:32:c9:12:bc:ff:43:07:c1:47:a5:a8:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\work\VC\info\setup_x_86\setup_x_86\Release\setup_x_86.pdb

Imports

kernel32

SetFileAttributesW
SetFileAttributesA
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
GetTempPathW
GetSystemDirectoryW
Sleep
WinExec
SetCurrentDirectoryW
TerminateProcess
GetCurrentProcess
SetLocaleInfoW
CompareStringA
GetLastError
GetProcessHeap
SetEndOfFile
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateFileW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleHandleA
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetLocalTime
GetTickCount
DeleteFileW
GetFileAttributesW
WaitForSingleObject
SetEvent
CreateEventW
CreateFileA
CloseHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
CompareStringW
HeapSize
FlushFileBuffers
ReadFile
SetFilePointer
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
GetStringTypeA
IsValidLocale
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitThread
GetCurrentThreadId
CreateThread
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetCPInfo
GetStartupInfoW
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeW
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
GetTimeZoneInformation
HeapAlloc
WriteFile
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
SetEnvironmentVariableA

user32

LoadIconW
LoadCursorW
LoadStringW
RegisterClassExW
PostQuitMessage
EndPaint
BeginPaint
DefWindowProcW
DestroyWindow

advapi32

RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

SHCreateDirectoryExW

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
VarUdateFromDate

wininet

InternetCrackUrlW
HttpQueryInfoW
InternetSetStatusCallbackW
InternetCloseHandle
InternetGetConnectedState
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetReadFile

Sections

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b7ff9f7fe575a6d22142d59ef09ac40

Code Sign

53:8f:5a:c1:92:19:a7:38:ef:bf:60:94:99:ad:c7:e3Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

c2:cc:06:bf:60:49:07:ae:32:c9:12:bc:ff:43:07:c1:47:a5:a8:78Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

oleaut32

wininet

Sections

.text Size: 204KB - Virtual size: 204KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 13KB - Virtual size: 13KB

53:8f:5a:c1:92:19:a7:38:ef:bf:60:94:99:ad:c7:e3
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

c2:cc:06:bf:60:49:07:ae:32:c9:12:bc:ff:43:07:c1:47:a5:a8:78
Signer

.text
Size: 204KB - Virtual size: 204KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 13KB - Virtual size: 13KB