958f4e6adadf5c44300f1dae723f3e7c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

958f4e6adadf5c44300f1dae723f3e7c_JaffaCakes118
Size

248KB
MD5

958f4e6adadf5c44300f1dae723f3e7c
SHA1

6719ba680012163eef0f277e5387066e695186c0
SHA256

7a620b4244b9eb7738665c88aea1c2a7fbb180dd1d0746058c0f8d7dd895c56b
SHA512

0efe4b2bb6732d6a6f663ec158c94ee054e6e67531446e230b5f1a22a56d730f437e797a5dab4ba9c5d6f69f1d162fe27418980926ddfc3ff3d0c64628675e3a
SSDEEP

6144:cJ5eajU7ChVS8nx2cTIHmMRQnzIIGZTusc7S44JAu3yZjzzT/:k5EisBj6eMZ7sAu3y9/

Score

1^/10

Malware Config

Signatures

Files

958f4e6adadf5c44300f1dae723f3e7c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c30515aafb4f6e684a7d1888324424e2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:b2:d3:c2:21:07:bc:a3:05:4c:66:a7:95:9f:1b:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/09/2009, 00:00

Not After

25/10/2012, 23:59

Subject

CN=Norman ASA,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarter,O=Norman ASA,L=Lysaker,ST=Oslo,C=NO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:db:c3:62:69:88:35:62:e6:bf:09:00:11:85:ae:96:5b:64:58:6b
Signer

Actual PE Digest

8c:db:c3:62:69:88:35:62:e6:bf:09:00:11:85:ae:96:5b:64:58:6b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenMutexW
GetDiskFreeSpaceA
CreateMutexA
GetShortPathNameA
FindResourceA
SystemTimeToFileTime
GetCurrentThread
MoveFileA
FatalAppExitA
ExpandEnvironmentStringsW
SetCurrentDirectoryW
GetSystemDefaultLCID
lstrcmpiA
LoadLibraryExA
GetProcAddress
GlobalFindAtomW
CompareFileTime
BeginUpdateResourceA

user32

GetDesktopWindow
GetForegroundWindow
GetClassInfoA
OffsetRect
GetDCEx
EnableMenuItem
UnregisterClassW
InvalidateRgn
EndMenu
wvsprintfW
MonitorFromWindow
GetMenuItemInfoW
SetFocus
LoadMenuW
CharLowerA
CharNextW
wsprintfW
IsMenu
keybd_event
CreatePopupMenu
IsChild
DialogBoxIndirectParamA
GetMenuStringA
GetMessageW
MessageBeep
SetWindowTextA
SetWindowPos
CreateAcceleratorTableW
WaitForInputIdle
GetDlgItemTextW
IsIconic
CreateDialogParamW
EmptyClipboard
RegisterClassW
MoveWindow
UnregisterClassA
WaitMessage
GetKeyboardType
GetClassInfoExA
DialogBoxParamW
CreateDesktopA
InsertMenuItemW
LoadBitmapW
PostQuitMessage
LoadMenuIndirectW
IsDlgButtonChecked
GetWindowRgn
SetActiveWindow
SetDlgItemTextA
RegisterWindowMessageW
GetMenuStringW
RegisterClassA
CharPrevA
PostMessageA
CreateDialogIndirectParamA
MessageBoxIndirectW
GetTopWindow
MessageBoxA
GetMenuState
SendDlgItemMessageA
mouse_event
SetForegroundWindow
GetSysColor
wvsprintfA
DestroyIcon
GetMenuInfo
IsWindow

gdi32

CreateMetaFileW
GetEnhMetaFileA
GetEnhMetaFilePixelFormat
CreateICW
SetWinMetaFileBits
RemoveFontResourceW
CreatePalette
SetEnhMetaFileBits
CreateScalableFontResourceA
GetTextExtentPointW
CreateSolidBrush
CreateColorSpaceA
GetTextExtentPointA
RemoveFontResourceA
CreateCompatibleDC
CreateBrushIndirect

advapi32

CloseEventLog
RegCreateKeyExW
A_SHAUpdate
SetNamedSecurityInfoExW
RegEnumKeyA
CryptGenKey
LsaQueryTrustedDomainInfo
GetEffectiveRightsFromAclA
OpenEncryptedFileRawW
EncryptionDisable
CryptAcquireContextA
OpenProcessToken
ClearEventLogW
AddAccessAllowedObjectAce
FreeEncryptedFileKeyInfo

shell32

SHBrowseForFolderW
StrCmpNIW
ExtractAssociatedIconW
StrCmpNW
StrChrW
SHGetFolderPathA
ExtractIconExA
ExtractIconW
ExtractIconA
StrChrIA
StrNCmpA
ShellExecuteExA
StrNCmpW

shlwapi

wnsprintfW
SHOpenRegStream2A
PathUndecorateA

oleaut32

VarDecFromDisp
VarBoolFromI1
VarUI8FromDate
VarR4FromBool

setupapi

SetupVerifyInfFileA
CM_Unregister_Device_Interface_ExA
SetupCreateDiskSpaceListA
pSetupMakeSurePathExists
SetupRemoveSectionFromDiskSpaceListA

wininet

InternetOpenUrlW
DetectAutoProxyUrl
InternetUnlockRequestFile
UnlockUrlCacheEntryStream
FtpGetCurrentDirectoryW
ShowX509EncodedCertificate
InternetOpenW
RetrieveUrlCacheEntryFileA
HttpSendRequestExW
InternetSetCookieA
InternetCombineUrlW

winmm

midiStreamRestart

printui

RegisterPrintNotify
bFolderEnumPrinters

sqlunirl

AbortSystemShutdown_
_GlobalFindAtom_@4
_LookupAccountSid_@28
_CreateEnhMetaFile_@16
_GetFileTitle@12
_NDdeShareSetInfo_@24

wsock32

GetServiceW
htons
WSAStartup
getsockopt
getservbyport
connect
WSAAsyncGetHostByAddr

crypt32

RegQueryValueExU
CertFreeCRLContext
CertUnregisterPhysicalStore
RegSetValueExU
CertVerifyCertificateChainPolicy
CertAddStoreToCollection
CryptSignAndEncodeCertificate
I_CryptGetOssGlobal
CertIsRDNAttrsInCertificateName
CryptFreeOIDFunctionAddress
CryptHashToBeSigned
CertVerifyValidityNesting
CryptStringToBinaryA
CertFreeCertificateContext
CertFindChainInStore
CertDuplicateCTLContext
CryptBinaryToStringW

Sections

.Nk
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zNLvl
Size: 4KB - Virtual size: 481KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.EC
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.g
Size: 1KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qyRgL
Size: 4KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dHzln
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.hU
Size: 6KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zTQ
Size: 3KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.m
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lznt
Size: 13KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cQV
Size: 2KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c30515aafb4f6e684a7d1888324424e2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

5c:b2:d3:c2:21:07:bc:a3:05:4c:66:a7:95:9f:1b:5fCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

8c:db:c3:62:69:88:35:62:e6:bf:09:00:11:85:ae:96:5b:64:58:6bSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

oleaut32

setupapi

wininet

winmm

printui

sqlunirl

wsock32

crypt32

Sections

.Nk Size: 9KB - Virtual size: 8KB

.zNLvl Size: 4KB - Virtual size: 481KB

.EC Size: 88KB - Virtual size: 88KB

.g Size: 1KB - Virtual size: 90KB

.qyRgL Size: 4KB - Virtual size: 377KB

.dHzln Size: 11KB - Virtual size: 11KB

.hU Size: 6KB - Virtual size: 19KB

.zTQ Size: 3KB - Virtual size: 377KB

.m Size: 92KB - Virtual size: 91KB

.lznt Size: 13KB - Virtual size: 96KB

.cQV Size: 2KB - Virtual size: 241KB

.rsrc Size: 6KB - Virtual size: 6KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

5c:b2:d3:c2:21:07:bc:a3:05:4c:66:a7:95:9f:1b:5f
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

8c:db:c3:62:69:88:35:62:e6:bf:09:00:11:85:ae:96:5b:64:58:6b
Signer

.Nk
Size: 9KB - Virtual size: 8KB

.zNLvl
Size: 4KB - Virtual size: 481KB

.EC
Size: 88KB - Virtual size: 88KB

.g
Size: 1KB - Virtual size: 90KB

.qyRgL
Size: 4KB - Virtual size: 377KB

.dHzln
Size: 11KB - Virtual size: 11KB

.hU
Size: 6KB - Virtual size: 19KB

.zTQ
Size: 3KB - Virtual size: 377KB

.m
Size: 92KB - Virtual size: 91KB

.lznt
Size: 13KB - Virtual size: 96KB

.cQV
Size: 2KB - Virtual size: 241KB

.rsrc
Size: 6KB - Virtual size: 6KB