8ecdf9667e2bda7a3671c2c0ba9ab4db_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8ecdf9667e2bda7a3671c2c0ba9ab4db_JaffaCakes118
Size

421KB
MD5

8ecdf9667e2bda7a3671c2c0ba9ab4db
SHA1

941b83cc0b8131d5a604ceb364df04572f676cbd
SHA256

1e98b2dc7e10dff7cc6dbc4472fd24268359e59770b6dc6f8792099630f841f6
SHA512

770de05c0b71c48b79bad3341f33446de5183e08d8d1a0837e757dddfdb8e503dec7d90c656b9f917ee6433498c7f0af82d059b8c3d14f2965e2375d32db727f
SSDEEP

6144:CRtw6ID9IYk8HqED7Bg/MBWSwvu5/TzpiMk:CRtAI18mva/fp4

Score

1^/10

Malware Config

Signatures

Files

8ecdf9667e2bda7a3671c2c0ba9ab4db_JaffaCakes118
.exe windows:4 windows x86 arch:x86

849d0fefc75cae138cc4a6606b08146f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:66:2a:26:09:bd:43:1d:09:6e:e5:c3:96:de:9c:a2
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18/03/2008, 00:00

Not After

18/03/2011, 23:59

Subject

CN=Acresso Software Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Acresso Software Inc.,L=Schaumburg,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:c4:fb:84:94:95:5a:58:f2:33:e0:34:59:23:af:33:77:ee:c3:55
Signer

Actual PE Digest

19:c4:fb:84:94:95:5a:58:f2:33:e0:34:59:23:af:33:77:ee:c3:55

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
GetFileSize
lstrlenA
RemoveDirectoryA
FindResourceExA
CreateDirectoryA
SizeofResource
FreeResource
LockResource
LoadResource
FindResourceA
GlobalFree
GlobalHandle
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GlobalAlloc
GlobalUnlock
GlobalLock
lstrcmpA
FlushInstructionCache
GetCurrentProcess
GetTickCount
GetUserDefaultLangID
GetSystemDefaultLangID
SetCurrentDirectoryA
GetCurrentDirectoryA
SetFileAttributesA
SetErrorMode
FindClose
FindFirstFileA
OpenFile
GetExitCodeProcess
CreateProcessA
lstrcpyA
GetFileAttributesA
GetLocaleInfoA
GetModuleHandleA
HeapAlloc
HeapFree
RtlUnwind
WriteFile
lstrlenW
DeleteFileA
WideCharToMultiByte
CreateThread
GetExitCodeThread
CloseHandle
GetLastError
SetLastError
InitializeCriticalSection
GetSystemInfo
GetVersionExA
SystemTimeToFileTime
lstrcmpiA
QueryPerformanceCounter
lstrcpynA
SetEvent
ResetEvent
SearchPathA
VirtualProtect
VirtualQuery
FlushFileBuffers
SetStdHandle
LCMapStringW
LCMapStringA
SetFilePointer
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
LoadLibraryA
GetProcAddress
FreeLibrary
DeleteCriticalSection
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
VirtualFree
InterlockedExchange
HeapCreate
GetEnvironmentVariableA
GetModuleFileNameA
GetCommandLineA
GetVersion
ExitProcess
RaiseException
TerminateProcess
HeapReAlloc
HeapSize
TlsSetValue
TlsAlloc
CompareStringW
CompareStringA
MultiByteToWideChar
GetTempPathA
GetTempFileNameA
lstrcatA
CreateFileA
Sleep
CreateEventA
QueryPerformanceFrequency
InterlockedDecrement
InterlockedIncrement
HeapDestroy
TlsGetValue
GetStartupInfoA

user32

IsDialogMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
MsgWaitForMultipleObjects
wsprintfA
GetDesktopWindow
SendDlgItemMessageA
SendMessageA
UpdateWindow
ShowWindow
MoveWindow
GetSystemMetrics
CharLowerA
CreateWindowExA
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
CreateAcceleratorTableA
RedrawWindow
DestroyWindow
GetClassNameA
GetFocus
IsChild
SetFocus
GetDC
ReleaseDC
BeginPaint
FillRect
EndPaint
CallWindowProcA
GetSysColor
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
DefWindowProcA
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA
CreateDialogIndirectParamA
EnableWindow
IsWindow
SetDlgItemTextA
LoadStringA
MessageBoxA
FindWindowA
GetDlgItemTextA
GetDlgItem
GetWindowLongA
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
SetWindowLongA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA

ole32

OleUninitialize
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
StringFromCLSID
OleInitialize
OleLockRunning
CreateStreamOnHGlobal
CoInitialize
CoTaskMemAlloc
CoUninitialize
CoTaskMemFree

oleaut32

VariantChangeType
OleCreateFontIndirect
VariantClear
LoadRegTypeLi
SysAllocStringLen
SysStringLen
SysReAllocStringLen
SysAllocString
SysFreeString

gdi32

TranslateCharsetInfo
GetStockObject
GetObjectA
GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
CreateFontIndirectA

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

PathFileExistsA

Sections

.text
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

849d0fefc75cae138cc4a6606b08146f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

78:66:2a:26:09:bd:43:1d:09:6e:e5:c3:96:de:9c:a2Certificate

Extended Key Usages

Key Usages

19:c4:fb:84:94:95:5a:58:f2:33:e0:34:59:23:af:33:77:ee:c3:55Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

gdi32

comctl32

version

shlwapi

Sections

.text Size: 204KB - Virtual size: 201KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 24KB - Virtual size: 27KB

.rsrc Size: 160KB - Virtual size: 157KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

78:66:2a:26:09:bd:43:1d:09:6e:e5:c3:96:de:9c:a2
Certificate

19:c4:fb:84:94:95:5a:58:f2:33:e0:34:59:23:af:33:77:ee:c3:55
Signer

.text
Size: 204KB - Virtual size: 201KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 24KB - Virtual size: 27KB

.rsrc
Size: 160KB - Virtual size: 157KB