889351c9ce5808a243c123fe09dab8c1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

889351c9ce5808a243c123fe09dab8c1_JaffaCakes118
Size

7.0MB
MD5

889351c9ce5808a243c123fe09dab8c1
SHA1

2117e3dc1eba677b86bd3d9cce8d24a3549ea1cd
SHA256

150f4313dd828c6fe905e3de827646b647ea7f1f21c6460b8b772196d4135a93
SHA512

12001d72b6529eb5980bf1fa3cb9ae2922ce73b071aa5388b52864911e92c73dad12f2bff89e02b9b87db0611c98617182b7b581138825a63b2930325f2296db
SSDEEP

98304:7lamLRZ2sIP33ejEWouX/iqPixich5tKLtr1BTbJfz9oT6XXzrF4g2Sv3oycNUrW:A93Py3ioch5SbJfq6XXzrn3oaX5FfBP4

Score

1^/10

Malware Config

Signatures

Files

889351c9ce5808a243c123fe09dab8c1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

35373b8121c72f71bd9d8e40fd95cd01

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:9f:36:55:c3:35:36:1e:3f:f0:38:65:e9:98:86:45
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

23/04/2010, 00:00

Not After

24/06/2011, 23:59

Subject

CN=E-Mice Solutions (HK) Limited,OU=INFORMATION TECHNOLOGY DEPARTMENT,O=E-Mice Solutions (HK) Limited,L=Hong Kong,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

e1:31:17:eb:44:18:bb:2d:e6:9a:ce:c2:74:c1:1d:15:79:62:04:35
Signer

Actual PE Digest

e1:31:17:eb:44:18:bb:2d:e6:9a:ce:c2:74:c1:1d:15:79:62:04:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
TerminateProcess
CreateProcessA
GetProcAddress
GetModuleHandleA
GetSystemDefaultLangID
CompareStringW
CompareStringA
ReadFile
CloseHandle
WaitForSingleObject
GetExitCodeProcess
FindFirstFileA
Sleep
DeleteFileA
FindResourceA
LoadResource
SizeofResource
LockResource
GetTempPathA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapAlloc
HeapFree
FlushFileBuffers
WriteFile
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
VirtualAlloc
HeapReAlloc
SetStdHandle
SetFilePointer
CreateFileA
GetStringTypeA
GetStringTypeW
LoadLibraryA
SetEndOfFile
SetEnvironmentVariableA

user32

LoadStringA
MessageBoxA

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35373b8121c72f71bd9d8e40fd95cd01

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

2d:9f:36:55:c3:35:36:1e:3f:f0:38:65:e9:98:86:45Certificate

Extended Key Usages

e1:31:17:eb:44:18:bb:2d:e6:9a:ce:c2:74:c1:1d:15:79:62:04:35Signer

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 7.0MB - Virtual size: 7.0MB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

2d:9f:36:55:c3:35:36:1e:3f:f0:38:65:e9:98:86:45
Certificate

e1:31:17:eb:44:18:bb:2d:e6:9a:ce:c2:74:c1:1d:15:79:62:04:35
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 7.0MB - Virtual size: 7.0MB