8ef2cca3b6380c097cb81d5ede5b0d8b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8ef2cca3b6380c097cb81d5ede5b0d8b_JaffaCakes118
Size

73KB
MD5

8ef2cca3b6380c097cb81d5ede5b0d8b
SHA1

5b17dc2a3641202aef75c68e74870de2eb2f0566
SHA256

590766c37733bb55dba7ca9eb2c8d186bd18b2c8e6cff1bd49cdc6652f884162
SHA512

c57e12037391361b03dcdbd23872978ae2f23661486392636ae02f5ac8e70c17d8f9519b6e88e2b9374a023bd38df5ad5412ea812f7ab8a99e550123f8137e65
SSDEEP

1536:dsnL5RSuD9HnenqT9mQ2i4wEp/OY38DhMPisKldd:yLbVT9mQ/u/OY38DDR

Score

1^/10

Malware Config

Signatures

Files

8ef2cca3b6380c097cb81d5ede5b0d8b_JaffaCakes118
.exe windows:4 windows x64 arch:x64

98cf860a37e628d464a4ee6b4e88e196

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:8e:49:11:ea:41:4d:e5:37:bc:ee:2a:aa:b7:4f:c7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/02/2009, 00:00

Not After

20/04/2012, 23:59

Subject

CN=Broadcom Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Enterprise Computing,O=Broadcom Corporation,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c8:ab:5d:95:c1:a7:ae:f2:45:7a:1c:8a:2a:23:3a:ff:1d:8b:91:ba
Signer

Actual PE Digest

c8:ab:5d:95:c1:a7:ae:f2:45:7a:1c:8a:2a:23:3a:ff:1d:8b:91:ba

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

x:\BTW\btw1.2\bin\amd64\BtITunesPlugIn.pdb

Imports

bthprops.cpl

BluetoothFindRadioClose
BluetoothFindFirstRadio

kernel32

GetLastError
EnterCriticalSection
DeviceIoControl
DeleteCriticalSection
OutputDebugStringA
CloseHandle
GetTickCount
OpenEventA
WideCharToMultiByte
FindResourceA
lstrlenA
FreeLibrary
LoadResource
SizeofResource
IsDBCSLeadByte
MultiByteToWideChar
RaiseException
lstrcmpiA
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep
LeaveCriticalSection
CreateEventA
InitializeCriticalSection
SetEvent
WaitForSingleObject
CreateFileA
GetACP
GetLocaleInfoA
lstrlenW
GetThreadLocale
GetVersionExA

user32

UnregisterClassA
CharNextA
DefWindowProcA
SetTimer
PostQuitMessage
KillTimer
RegisterDeviceNotificationA
MsgWaitForMultipleObjects
RegisterClassA
UnregisterDeviceNotification
PostMessageA
EnumWindows
GetClassNameA
DispatchMessageA
TranslateMessage
PeekMessageA
CreateWindowExA

advapi32

RegEnumKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegQueryInfoKeyA
RegDeleteValueA
RegDeleteKeyA

ole32

CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemAlloc

oleaut32

VarUI4FromStr
SysFreeString

msvcr80

__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__CxxFrameHandler3
memcpy
memset
_fmode
__set_app_type
_commode
__setusermatherr
_configthreadlocale
_initterm_e
vsprintf
free
malloc
??3@YAXPEAX@Z
_mbsnbicmp
??2@YAPEAX_K@Z
_vsnprintf
sprintf
_mbsicmp
??_U@YAPEAX_K@Z
_resetstkoflw
_mbsnbcpy_s
_recalloc
??_V@YAXPEAX@Z
memcpy_s
?terminate@@YAXXZ
__C_specific_handler
_unlock
_encode_pointer
__dllonexit
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_XcptFilter
_exit
_cexit
exit
__initenv
_initterm
_CxxThrowException

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�&
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98cf860a37e628d464a4ee6b4e88e196

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

3a:8e:49:11:ea:41:4d:e5:37:bc:ee:2a:aa:b7:4f:c7Certificate

Extended Key Usages

Key Usages

c8:ab:5d:95:c1:a7:ae:f2:45:7a:1c:8a:2a:23:3a:ff:1d:8b:91:baSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bthprops.cpl

kernel32

user32

advapi32

ole32

oleaut32

msvcr80

Sections

.text Size: 37KB - Virtual size: 37KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 1024B - Virtual size: 7KB

.pdata Size: 2KB - Virtual size: 2KB

�& Size: 2KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

3a:8e:49:11:ea:41:4d:e5:37:bc:ee:2a:aa:b7:4f:c7
Certificate

c8:ab:5d:95:c1:a7:ae:f2:45:7a:1c:8a:2a:23:3a:ff:1d:8b:91:ba
Signer

.text
Size: 37KB - Virtual size: 37KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 1024B - Virtual size: 7KB

.pdata
Size: 2KB - Virtual size: 2KB

�&
Size: 2KB - Virtual size: 1KB