8a67923a4b152305bbdedde79db5da5d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8a67923a4b152305bbdedde79db5da5d_JaffaCakes118
Size

643KB
MD5

8a67923a4b152305bbdedde79db5da5d
SHA1

08d2b80ca425b0052935814e4b8c262f8b99ce76
SHA256

473bc48119ba2883b34c83d240085957470e473ec6047cea082be3186dd954f6
SHA512

34294f9dc0036d2f3385cd7dcbae50ca543f520e8e2d42068a2b939053d388aac69253f2cc7689027a2e5a7185209f1b2971856dd9285bd641ab70bb120578eb
SSDEEP

6144:rpDKx8gdztReYGr44UhWfDu4g8EONgZH61Kpeb5Ae2Ab5UMuxgrLAxvSNof9z4Ap:rpDArdRRelex4g8EONl9XA0eh1

Score

1^/10

Malware Config

Signatures

Files

8a67923a4b152305bbdedde79db5da5d_JaffaCakes118
.exe windows:4 windows x64 arch:x64

66af8b34fdb131f18fe61d87c96c9205

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

53:4a:be:d0:be:56:d9:84:0d:d1:2d:db:84:f8:b0:31
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31/07/2009, 00:00

Not After

01/09/2011, 23:59

Subject

CN=NVIDIA Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e4:34:94:36:4e:15:f6:4d:c2:03:87:56:34:dc:0f:92:37:01:7a:41
Signer

Actual PE Digest

e4:34:94:36:4e:15:f6:4d:c2:03:87:56:34:dc:0f:92:37:01:7a:41

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceInstallParamsA
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
SetupDiGetDeviceInstanceIdA
SetupDiClassGuidsFromNameA
SetupDiGetINFClassA
SetupDiEnumDriverInfoA
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsA
SetupDiRegisterDeviceInfo
SetupDiSetDeviceRegistryPropertyA
SetupDiCreateDeviceInfoA
SetupDiCreateDeviceInfoList
SetupDiDestroyDriverInfoList
SetupDiSetSelectedDevice
SetupDiGetDriverInfoDetailA
SetupDiRemoveDevice
SetupDiDestroyDeviceInfoList

comctl32

ord17

shlwapi

PathAppendA
PathUnquoteSpacesA
PathIsDirectoryA
PathIsRelativeA

kernel32

CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
FindClose
FindNextFileA
SetLastError
FindFirstFileA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
Sleep
GetModuleFileNameA
SetCurrentDirectoryA
GetFullPathNameA
DeleteFileA
SetFileAttributesA
GetFileAttributesA
GetVersionExA
GetComputerNameA
GetUserDefaultLangID
GetCurrentDirectoryA
GetWindowsDirectoryA
GetCurrentProcess
ReleaseMutex
CreateDirectoryA
MapViewOfFile
CreateFileMappingA
CreateMutexA
UnmapViewOfFile
GetTimeFormatA
GetLocalTime
OutputDebugStringA
lstrcpynA
MoveFileExA
LocalAlloc
GetCurrentThread
FreeLibrary
LoadLibraryA
SetEnvironmentVariableA
Module32First
CreateToolhelp32Snapshot
FormatMessageA
Process32First
TerminateProcess
OpenProcess
WinExec
DeviceIoControl
CreateFileA
GetPrivateProfileStringA
CopyFileA
GetCurrentProcessId
GetCurrentThreadId
RemoveDirectoryA
RtlVirtualUnwind
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
LeaveCriticalSection
EnterCriticalSection
RtlPcToFileHeader
RaiseException
LCMapStringW
WideCharToMultiByte
LCMapStringA
RtlCaptureContext
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FlsAlloc
FlsFree
TlsFree
FlsSetValue
FlsGetValue
IsValidCodePage
GetOEMCP
SetStdHandle
GetACP
GetCPInfo
GetStartupInfoA
GetProcessHeap
HeapAlloc
GetCommandLineA
RtlUnwindEx
LocalFree
SetFilePointer
WriteFile
InitializeCriticalSection
MultiByteToWideChar
GetLastError
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetSystemTimeAsFileTime
HeapSetInformation
HeapCreate
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
ReadFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
Process32Next
RtlLookupFunctionEntry
HeapFree
ExitProcess
CompareStringW
CompareStringA
SetEndOfFile
HeapReAlloc

user32

UpdateWindow
GetProcessWindowStation
GetDesktopWindow
MessageBoxA
LoadStringA
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetUserObjectInformationA
GetWindowRect
LoadImageA
GetClientRect
SetWindowPos
OffsetRect
CopyRect
GetParent
CheckDlgButton
SetDlgItemTextA
GetDlgItem
EnableWindow
EndDialog
LoadBitmapA
GetWindowThreadProcessId
EnumWindows
DialogBoxParamA
GetWindowInfo
ExitWindowsEx
SendMessageA
GetSystemMetrics
CreateWindowExA
ShowWindow
IsDlgButtonChecked

advapi32

OpenSCManagerA
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
CloseServiceHandle
ImpersonateSelf
OpenThreadToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
FreeSid
RegDeleteValueA
RegEnumValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
RegSetValueExA
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoSetProxyBlanket

oleaut32

SysFreeString
SysStringLen
SysAllocStringLen

Sections

.text
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

#
Size: 403KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66af8b34fdb131f18fe61d87c96c9205

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

53:4a:be:d0:be:56:d9:84:0d:d1:2d:db:84:f8:b0:31Certificate

Extended Key Usages

Key Usages

e4:34:94:36:4e:15:f6:4d:c2:03:87:56:34:dc:0f:92:37:01:7a:41Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

setupapi

comctl32

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 146KB - Virtual size: 146KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 7KB - Virtual size: 33KB

.pdata Size: 9KB - Virtual size: 8KB

# Size: 403KB - Virtual size: 403KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

53:4a:be:d0:be:56:d9:84:0d:d1:2d:db:84:f8:b0:31
Certificate

e4:34:94:36:4e:15:f6:4d:c2:03:87:56:34:dc:0f:92:37:01:7a:41
Signer

.text
Size: 146KB - Virtual size: 146KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 7KB - Virtual size: 33KB

.pdata
Size: 9KB - Virtual size: 8KB

#
Size: 403KB - Virtual size: 403KB