89d9be667aee595685bedb9d5d5f20e2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

89d9be667aee595685bedb9d5d5f20e2_JaffaCakes118
Size

3.1MB
MD5

89d9be667aee595685bedb9d5d5f20e2
SHA1

184da360cdbde4497ec2c75c4d12e726806fa699
SHA256

46ecb6ffd02997d9f9a98d32953f681b771f89f6e32c140f4cfec840b011a368
SHA512

d706e4ea9c6496e88863a9f5385269e8ec2a0b6046dcf9856bf97f34ffab283999cf6ba653530109d9d366b9a244cbecb380da5f394e901168f5b0e49978a54b
SSDEEP

98304:s1CFLqvqc0A+ZbSZinjQY+5fvoq1J7b4gcSP6qP:s4FGqc0AOSgnp4t1JZi2

Score

1^/10

Malware Config

Signatures

Files

89d9be667aee595685bedb9d5d5f20e2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4c483f73d416893c74dfcd711adb9477

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:73:0e:b0:e6:d9:2a:47:6e:16:62:8a:0d:be:fb:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31-05-2010 00:00

Not After

06-05-2012 23:59

Subject

CN=Mindspark Interactive Network,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mindspark Interactive Network,L=White Plains,ST=NewYork,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateProcessA
GetPriorityClass
GetCurrentProcess
DeleteFileA
SetFileAttributesA
ResumeThread
GetCurrentThreadId
CreateEventA
SetEvent
GetExitCodeThread
GetStartupInfoA
ExitProcess
GetCommandLineA
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
GetProcessHeap
HeapReAlloc
HeapFree
CreateThread
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
WaitForMultipleObjects
ReadFile
GetFileSize
MoveFileA
GetShortPathNameA
GetWindowsDirectoryA
SetLastError
GetExitCodeProcess
CreateFileA
WriteFile
LocalFree
GetProcAddress
GetTempPathA
EnumResourceNamesA
FindResourceA
LoadResource
LockResource
SizeofResource
lstrcmpiA
GetModuleFileNameA
FreeLibrary
LoadLibraryA
lstrcpyA
lstrlenA
lstrcatA
lstrlenW
WideCharToMultiByte
HeapAlloc
GetModuleHandleA

user32

SetWindowTextA
GetSystemMetrics
EndDeferWindowPos
DeferWindowPos
ScreenToClient
BeginDeferWindowPos
PostMessageA
CharNextA
DispatchMessageA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects
GetSysColor
LoadStringA
GetClientRect
GetDC
LoadCursorA
SetCursor
SetWindowLongA
GetWindowTextA
EndDialog
SetTimer
InvalidateRect
UpdateWindow
DefWindowProcA
RedrawWindow
GetDlgItem
EnableWindow
SetForegroundWindow
SendMessageA
SendDlgItemMessageA
GetWindowRect
MapWindowPoints
SetWindowPos
KillTimer
ReleaseDC
DialogBoxParamA
LoadImageA
wsprintfA

gdi32

GetDeviceCaps
CreateHalftonePalette
DeleteObject
UpdateColors
SetTextColor
SelectPalette
CreateFontIndirectA
CreateCompatibleDC
GetObjectA
DeleteDC
RealizePalette
BitBlt
SelectObject

advapi32

RegCreateKeyExA
RegSetValueExA
RegFlushKey
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegDeleteValueA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantInit
VariantClear

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c483f73d416893c74dfcd711adb9477

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

41:73:0e:b0:e6:d9:2a:47:6e:16:62:8a:0d:be:fb:36Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 3.1MB - Virtual size: 3.1MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

41:73:0e:b0:e6:d9:2a:47:6e:16:62:8a:0d:be:fb:36
Certificate

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 3.1MB - Virtual size: 3.1MB