8d19f3dd50776ce064e2a665287682f6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8d19f3dd50776ce064e2a665287682f6_JaffaCakes118
Size

163KB
MD5

8d19f3dd50776ce064e2a665287682f6
SHA1

599fe3a97d9c3290a6d4f202fd251f605f5c1127
SHA256

7157e1469a315f2cfc8c38ee03a5c4d025428fba40a5cecc4859a9c3616265f8
SHA512

3497b1bd37ee46ad13a22e0fbf3a5737ffbd5ba94457a50c24bbd33728275001f7e2df3829b60af34b886ab70fc55fb697b60ce9fad74a261739cfa2c8b08164
SSDEEP

3072:3y+kOL/10H3UnADB/h/OwHdGBjIWVCbGHTYJWfl1iX3cO4e/P86rWiIaLHp066gV:3f+HHewAMWV1HTtrIcg

Score

1^/10

Malware Config

Signatures

Files

8d19f3dd50776ce064e2a665287682f6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

636be159eb791ea27a61868acea071d4

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:63:44:4d:c5:88:73:e5:fd:e4:b1:cb:fe:2d:81:e3
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

12-06-2006 00:00

Not After

12-06-2007 23:59

Subject

CN=888 Holdings Plc,OU=888,O=888 Holdings Plc,L=Gibraltar,ST=Gibraltar,C=GI

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

12:d5:bd:65:d7:55:e8:47:8c:92:07:46:d7:6d:36:df:64:c7:54:f5
Signer

Actual PE Digest

12:d5:bd:65:d7:55:e8:47:8c:92:07:46:d7:6d:36:df:64:c7:54:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

send
htons
setsockopt
recv
socket
select
WSAGetLastError
shutdown
ioctlsocket
closesocket
WSACleanup
gethostbyname
connect
WSAStartup
gethostname
inet_addr

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

ReleaseMutex
GetPrivateProfileIntA
CreateThread
LeaveCriticalSection
EnterCriticalSection
TerminateThread
GetModuleFileNameA
GetTempPathA
GetModuleHandleA
GetCurrentDirectoryA
lstrlenA
GetLastError
WaitForMultipleObjects
DeleteFileA
InitializeCriticalSection
DeleteCriticalSection
WriteFile
CopyFileA
GetUserDefaultLangID
GlobalFree
GlobalSize
GlobalUnlock
GlobalLock
GlobalAlloc
LocalFree
LocalAlloc
SetConsoleCtrlHandler
SetStdHandle
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalMemoryStatus
GetVersion
GetVersionExA
CreateMutexA
CloseHandle
CreateEventA
WinExec
GetTickCount
GetPrivateProfileStringA
WaitForSingleObject
SetEvent
MulDiv
CreateFileA
LoadLibraryA
ReadFile
SetFilePointer
GetFileSize
IsBadWritePtr
HeapCreate
HeapDestroy
VirtualFree
GetProcAddress
HeapSize
GetEnvironmentVariableA
TerminateProcess
VirtualAlloc
UnhandledExceptionFilter
GetCurrentProcess
GetOEMCP
GetACP
GetCPInfo
RemoveDirectoryA
CreateDirectoryA
ExitProcess
GetCommandLineA
GetStartupInfoA
HeapFree
HeapAlloc
GetStringTypeW
GetSystemTime
GetTimeZoneInformation
GetLocalTime
FreeEnvironmentStringsA
FreeEnvironmentStringsW
RtlUnwind
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
GetStdHandle
GetFileType
SetHandleCount
IsBadReadPtr
IsBadCodePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
MultiByteToWideChar
GetStringTypeA
HeapReAlloc

user32

LoadIconA
DialogBoxParamA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
LoadCursorA
MessageBoxA
GetClassInfoExA
SetForegroundWindow
EndPaint
FindWindowA
SetFocus
ReleaseDC
FillRect
GetClientRect
ScreenToClient
GetDC
CreateWindowExA
ShowWindow
GetWindowRect
SetWindowTextA
IntersectRect
IsRectEmpty
PtInRect
UnionRect
SendDlgItemMessageA
DrawTextA
InvalidateRect
UpdateWindow
SetDlgItemTextA
KillTimer
SetTimer
EnumDisplaySettingsA
ChangeDisplaySettingsA
GetSystemMetrics
GetMessageA
MessageBoxIndirectA
EndDialog
DestroyWindow
PostQuitMessage
GetDlgItem
EnableWindow
RegisterClassExA
DefWindowProcA
LoadAcceleratorsA
PostMessageA
SendMessageA
IsWindow

gdi32

CreateSolidBrush
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
GetObjectA
CreateFontIndirectA
SetMapMode
SetTextColor
SetBkColor
GetBkColor
DeleteDC
SetBkMode
CreateBitmap
CreateDIBitmap
DeleteObject
BitBlt

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteExA

ole32

CoCreateGuid

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

636be159eb791ea27a61868acea071d4

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

1f:63:44:4d:c5:88:73:e5:fd:e4:b1:cb:fe:2d:81:e3Certificate

Extended Key Usages

12:d5:bd:65:d7:55:e8:47:8c:92:07:46:d7:6d:36:df:64:c7:54:f5Signer

Headers

File Characteristics

Imports

wsock32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 112KB - Virtual size: 110KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 20KB - Virtual size: 196KB

.rsrc Size: 4KB - Virtual size: 3KB

01
Certificate

0a
Certificate

1f:63:44:4d:c5:88:73:e5:fd:e4:b1:cb:fe:2d:81:e3
Certificate

12:d5:bd:65:d7:55:e8:47:8c:92:07:46:d7:6d:36:df:64:c7:54:f5
Signer

.text
Size: 112KB - Virtual size: 110KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 20KB - Virtual size: 196KB

.rsrc
Size: 4KB - Virtual size: 3KB