8b93e1469e372ff7f45014cfa99ec302_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8b93e1469e372ff7f45014cfa99ec302_JaffaCakes118
Size

35KB
MD5

8b93e1469e372ff7f45014cfa99ec302
SHA1

46e74a079fcc42ee02f9aba0128e4f1f8a212587
SHA256

c9584cdddcc9918d3ced52168730adabf7b9d1f9212a91aa0ad42cdffdb76644
SHA512

e67b54a815e75c1a211f9eb0f62b10665e46c2e58d7734868f4417a272a3a98717bbacaf6025b35541e5629997345c8e6ccab24a262b42d77647e001a1898994
SSDEEP

768:7vfPDZBtUv7RqYiaBEfksKIkXhC+ghbCNYyP:DfL1Uv7R4mXhC+gxCNYyP

Score

1^/10

Malware Config

Signatures

Files

8b93e1469e372ff7f45014cfa99ec302_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b13a5b30ef4389bb6c51d81c7cd0af4e

Code Sign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31/07/2009, 00:00

Not After

30/07/2012, 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileW
lstrcatW
FindFirstFileW
lstrcpyW
RemoveDirectoryW
CreateProcessW
SetCurrentDirectoryW
CopyFileW
GetTempPathW
GetModuleFileNameW
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentDirectoryW
lstrlenW
CreateFileW
CloseHandle
WaitForSingleObject
Sleep
FindNextFileW
CreateEventW
TerminateProcess
InterlockedDecrement
InterlockedIncrement
VirtualFree
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
VirtualAlloc
GetSystemInfo
TerminateThread
WaitForMultipleObjects
CreateThread
GetModuleHandleW
FindClose
MoveFileExW
GetThreadLocale
GetLastError
LCMapStringW
GetStartupInfoW

user32

RegisterWindowMessageW
wsprintfW
DestroyIcon
DialogBoxParamW
SetWindowLongW
GetActiveWindow
SendMessageW
GetWindowLongW
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
MessageBoxW
GetDlgItem
DefWindowProcW
LoadIconW
SetClassLongW
CheckDlgButton
SetDlgItemTextW
SetWindowTextW
IsDlgButtonChecked
EndDialog
FindWindowExW
IsWindow

advapi32

RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitialize

wininet

InternetReadFile
HttpSendRequestW
InternetConnectW
HttpOpenRequestW
HttpQueryInfoW
InternetSetOptionW
InternetCloseHandle
InternetOpenW
InternetCrackUrlW

msvcrt

_exit
_onexit
__dllonexit
wcschr
wcscpy
memset
__CxxFrameHandler
strlen
_except_handler3
vswprintf
??3@YAXPAX@Z
malloc
realloc
memcpy
free
wcslen
wcsncpy
wcscat
wcsrchr
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_XcptFilter

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b13a5b30ef4389bb6c51d81c7cd0af4e

Code Sign

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8dCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

wininet

msvcrt

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 8KB

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 8KB