85e906dc0379911cbb8420ff2ef7cc7f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

85e906dc0379911cbb8420ff2ef7cc7f_JaffaCakes118
Size

442KB
MD5

85e906dc0379911cbb8420ff2ef7cc7f
SHA1

0f74f2aa6d3e5e727904585afbea0798c95e6b4f
SHA256

1ca55b07e7955fdc3a5b59a6e661a8061e65c0fe68328fcb9f0784c39e2862f3
SHA512

558803c37854eac481f0620a276a83c800ff6cfd0c5de79b8e2eb96631f50035951aa7ad1f10a1c59e130f4be35d4268e7e5453710d790f93f97f03f712e2370
SSDEEP

6144:Sp4JISVCvkUXc2ljemLCxGLhwpuhWEsP4jk64IAz18OER0:C4JhVCvksc2ljeaC9IWE6luAzTP

Score

1^/10

Malware Config

Signatures

Files

85e906dc0379911cbb8420ff2ef7cc7f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ddfb4b8dbd3755813133ee87f77553a3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

09:ef:fa:25:46:c5:b2:e7:64:84:ec:2b:88:2e:01:38
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

03/03/2008, 00:00

Not After

03/03/2011, 23:59

Subject

CN=WHENU.COM,O=WHENU.COM,POSTALCODE=H4R2B7,STREET=3300 Cote Vertu Suite 406,L=Montreal,ST=Qc,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\code_source_uinst_de_cvs\tempo_pour_duy\memedia\win32\MeMedia\MeMediaCore\Release\AdvUninst.pdb

Imports

setupapi

SetupGetIntField
SetupTermDefaultQueueCallback
SetupInstallFromInfSectionA
SetupInitDefaultQueueCallbackEx
SetupDefaultQueueCallbackA
SetupFindNextLine
SetupGetStringFieldA
SetupFindFirstLineA
SetupSetDirectoryIdA
SetupOpenInfFileA
SetupCloseFileQueue
SetupCloseInfFile

kernel32

FormatMessageA
GetLastError
LocalFree
lstrcmpA
lstrlenA
lstrcpyA
lstrcatA
FindResourceExA
Sleep
GetCommandLineA
GetTempPathA
FindFirstFileA
FindClose
GetWindowsDirectoryA
CreateDirectoryA
GetModuleFileNameA
GetShortPathNameA
SetLastError
lstrcmpiA
FindResourceA
LoadResource
LockResource
SizeofResource
CreateFileA
WriteFile
CloseHandle
GetFileAttributesA
GetTickCount
OpenProcess
WaitForSingleObject
TerminateProcess
lstrlenW
WideCharToMultiByte
RemoveDirectoryA
GetTempFileNameA
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
ResumeThread
LoadLibraryA
GetProcAddress
FreeLibrary
GetEnvironmentVariableW
GetStringTypeExW
GetEnvironmentVariableA
CompareStringW
MultiByteToWideChar
GetStringTypeExA
InterlockedExchange
lstrcmpiW
CompareStringA
DeleteFileA
InitializeCriticalSection
IsDBCSLeadByte
LoadLibraryExA
GetModuleHandleA
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
RaiseException
FlushInstructionCache
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsA
VirtualProtect
GetSystemInfo
VirtualQuery
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedCompareExchange
GetLocaleInfoA
HeapFree
GetProcessHeap
SetEnvironmentVariableA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
SetFilePointer
SetConsoleCtrlHandler
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
ExitProcess
FatalAppExitA
HeapCreate
GetFileSize
TlsFree
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetACP
GetThreadLocale
HeapDestroy
HeapReAlloc
GetVersion
HeapSize
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetDateFormatA
IsDebuggerPresent
GetSystemTimeAsFileTime
GetTimeFormatA
OutputDebugStringA

user32

SetForegroundWindow
FindWindowA
GetMessageA
DispatchMessageA
PostMessageA
GetDlgItem
ShowWindow
wsprintfA
MessageBoxA
PostQuitMessage
SendMessageA
PeekMessageA
LoadCursorA
GetClassInfoExA
RegisterClassExA
GetSystemMetrics
CharNextA
CharUpperA
CharLowerW
CharLowerA
CharUpperW
CallWindowProcA
DefWindowProcA
GetWindowLongA
SetWindowLongA
DestroyWindow
CreateWindowExA
SendMessageTimeoutA
GetWindowThreadProcessId
IsWindow
UpdateWindow
GetWindow
SystemParametersInfoA
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
SetWindowPos
CreateDialogParamA
SetWindowTextA
EnumWindows
UnregisterClassA
GetWindowTextA
GetWindowTextLengthA

advapi32

RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegisterEventSourceA
DeregisterEventSource
ReportEventA
RegDeleteValueA

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA
SHGetSpecialFolderLocation

ole32

CoTaskMemAlloc
OleRun
CLSIDFromProgID
CoCreateGuid
StringFromGUID2
CLSIDFromString
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree

oleaut32

VarUI4FromStr
SysFreeString
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
SysAllocString
VariantInit
VariantClear
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo

shlwapi

PathRemoveFileSpecA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

wininet

InternetGetConnectedState
InternetQueryOptionA

Sections

.text
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ddfb4b8dbd3755813133ee87f77553a3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

09:ef:fa:25:46:c5:b2:e7:64:84:ec:2b:88:2e:01:38Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

setupapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

wininet

Sections

.text Size: 324KB - Virtual size: 324KB

.rdata Size: 59KB - Virtual size: 58KB

.data Size: 10KB - Virtual size: 18KB

.rsrc Size: 43KB - Virtual size: 42KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

09:ef:fa:25:46:c5:b2:e7:64:84:ec:2b:88:2e:01:38
Certificate

.text
Size: 324KB - Virtual size: 324KB

.rdata
Size: 59KB - Virtual size: 58KB

.data
Size: 10KB - Virtual size: 18KB

.rsrc
Size: 43KB - Virtual size: 42KB