93c6bfb04ee138fb84dc3bd79a755cdd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

93c6bfb04ee138fb84dc3bd79a755cdd_JaffaCakes118
Size

4.0MB
MD5

93c6bfb04ee138fb84dc3bd79a755cdd
SHA1

5d685a86b75479a19eb017514790a368ec38be64
SHA256

aae789db602ad4e6bce8fc4af40fd15dbb14de6fd299e2c1ce3794cf7c947b67
SHA512

c0b688116625e5b1f32f4d23ad37665747025ab8e4ce4ff13e03a4ee5a94ab11722942151ed50d367534d4ec8ffbbf6bd7df19cddb764dc6361122e1d7257969
SSDEEP

98304:Q6hgXI3YIKcFs0r8ZUpFvolSDkkUFvWNzsySaY:E0YIRi0r8ZejDBHnST

Score

1^/10

Malware Config

Signatures

Files

93c6bfb04ee138fb84dc3bd79a755cdd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

665bf973c2bc1c6a50f85819a923ef21

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dd:2a:4b:bb:66:26:2a:8f:b4:e0:84:56:05:73:e9:08
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

16/12/2011, 00:00

Not After

15/12/2012, 23:59

Subject

CN=Faglaro Enterprises Limited,O=Faglaro Enterprises Limited,POSTALCODE=2107,STREET=Konstantinoupoleos\, 22,L=Nicosia,ST=Aglantzia/Cyprus,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:cd:07:69:c0:83:f2:7c:07:86:f3:18:f2:a3:08:25:3e:04:5e:08
Signer

Actual PE Digest

52:cd:07:69:c0:83:f2:7c:07:86:f3:18:f2:a3:08:25:3e:04:5e:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidToStringW
RpcStringFreeW

shlwapi

PathFindFileNameW
StrCmpIW
SHDeleteKeyW
SHDeleteValueW
PathRemoveFileSpecW
PathRemoveExtensionW
SHGetValueW
StrStrIW
SHSetValueW

user32

GetSystemMetrics
CreateWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
GetWindowRect
PostQuitMessage
FindWindowExA
SendMessageW
DefWindowProcW
ShowWindow
MessageBoxW
MessageBoxIndirectW
GetWindowThreadProcessId
GetShellWindow
LoadIconW
RegisterClassExW
LoadCursorW
PostMessageW
SendMessageA
MessageBoxW
CharUpperBuffW

kernel32

QueryPerformanceCounter
HeapCreate
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
IsProcessorFeaturePresent
HeapSize
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedIncrement
GetCPInfo
GetTimeZoneInformation
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
VirtualFree
VirtualAlloc
GetFileSize
FindFirstFileW
SetFilePointer
VirtualQuery
GetCurrentProcess
GetCurrentThread
WriteFile
OpenProcess
WideCharToMultiByte
GetVersionExW
TerminateProcess
ReadFile
CreateFileW
MultiByteToWideChar
GetLastError
GetConsoleCP
FindClose
Process32FirstW
RemoveDirectoryW
Process32NextW
FindNextFileW
CreateToolhelp32Snapshot
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTickCount
GetTempPathW
CreateProcessW
HeapAlloc
HeapFree
GetProcessHeap
GetProcAddress
GetModuleHandleA
FindResourceA
FreeResource
LoadResource
LoadLibraryW
SizeofResource
LockResource
ExitProcess
CreateMutexW
CreateDirectoryW
GetModuleHandleW
Sleep
CopyFileW
GetModuleFileNameW
FindResourceW
GetUserDefaultLCID
GetLocaleInfoW
InitializeCriticalSection
LeaveCriticalSection
RaiseException
DeleteCriticalSection
MapViewOfFile
SetEvent
OpenEventA
OpenFileMappingA
LocalFree
InterlockedDecrement
GetVersion
MoveFileExW
GetCurrentThreadId
GetConsoleMode
GetStringTypeW
RtlUnwind
HeapReAlloc
SetStdHandle
WriteConsoleW
FlushFileBuffers
CompareStringW
SetEnvironmentVariableA
LoadLibraryA
InterlockedExchange
FreeLibrary
SetLastError
EnterCriticalSection
HeapSetInformation
GetCommandLineA
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
LocalAlloc
LoadLibraryW
FreeLibrary
InitializeCriticalSection
GetModuleFileNameW
GetModuleHandleW
TerminateProcess
GetCurrentProcess
DeleteCriticalSection
CreateEventW
CompareStringW
SetLastError
GetModuleHandleA
VirtualProtect
GetTickCount
EnterCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
WriteProcessMemory
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
GetSystemInfo
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceExW
FindResourceExA
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GetSystemTime
GetLocalTime
SystemTimeToFileTime
CompareFileTime
GetCommandLineA
GetLastError
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
RtlUnwind
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

advapi32

SetEntriesInAclW
SetSecurityInfo
AllocateAndInitializeSid
GetSecurityInfo
DuplicateTokenEx
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenThreadToken
OpenProcessToken
FreeSid

shell32

SHGetSpecialFolderPathW
SHBrowseForFolderW
SHChangeNotify
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW

ole32

CoCreateGuid
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantInit
SysAllocString
SysFreeString
VariantClear

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.A0
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.A1
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

665bf973c2bc1c6a50f85819a923ef21

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

dd:2a:4b:bb:66:26:2a:8f:b4:e0:84:56:05:73:e9:08Certificate

Extended Key Usages

Key Usages

52:cd:07:69:c0:83:f2:7c:07:86:f3:18:f2:a3:08:25:3e:04:5e:08Signer

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

shlwapi

user32

kernel32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 94KB - Virtual size: 94KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 5KB - Virtual size: 13KB

.A0 Size: 3.6MB - Virtual size: 3.6MB

.A1 Size: 41KB - Virtual size: 40KB

.rsrc Size: 249KB - Virtual size: 248KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

dd:2a:4b:bb:66:26:2a:8f:b4:e0:84:56:05:73:e9:08
Certificate

52:cd:07:69:c0:83:f2:7c:07:86:f3:18:f2:a3:08:25:3e:04:5e:08
Signer

.text
Size: 94KB - Virtual size: 94KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 5KB - Virtual size: 13KB

.A0
Size: 3.6MB - Virtual size: 3.6MB

.A1
Size: 41KB - Virtual size: 40KB

.rsrc
Size: 249KB - Virtual size: 248KB