a120956dd47c3453735170f2fe3eb621_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a120956dd47c3453735170f2fe3eb621_JaffaCakes118
Size

200KB
MD5

a120956dd47c3453735170f2fe3eb621
SHA1

d4e1ef1dc7f56f7ee1256877c1b12190697f8eaa
SHA256

adfbcf1d1e80fee03fd3e279d8a59d3ed816d3542199b808329a83eb1c03e458
SHA512

227b8fc550e699787d3abdb4f82e20e692c2daa5ec64ec79e293470f2eda4fa09da3f5d18732858aadef22305c93aef74c2295a436f1b41f08531f1ee9b6a88a
SSDEEP

3072:maSdR9c1/fuWL0AjMilpCOT+kICtApWFK1WHk25weLcKznxbQFFNj6QUW:m7oFuhAwM+kICeseWEEPznxbJW

Score

1^/10

Malware Config

Signatures

Files

a120956dd47c3453735170f2fe3eb621_JaffaCakes118
.exe windows:4 windows x86 arch:x86

002de085159dcce8b0cd54386af8e46d

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/09/2006, 00:00

Not After

24/11/2007, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b7:a2:f3:b0:f5:e3:a8:3f:e0:30:c1:7b:66:7b:19:ad:0a:86:bd:4e
Signer

Actual PE Digest

b7:a2:f3:b0:f5:e3:a8:3f:e0:30:c1:7b:66:7b:19:ad:0a:86:bd:4e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy
GetCurrentDirectoryW
lstrcat
GetAtomNameW
GetProcAddress
EnumCalendarInfoA
SetCurrentDirectoryA
GetThreadLocale
DuplicateHandle
GetPriorityClass
SetCurrentDirectoryW
OpenWaitableTimerA
LoadResource
GetTimeFormatA
lstrlen
CreateFileA
GetMailslotInfo
GetDateFormatW
GetModuleHandleA
GetFullPathNameW
GetStartupInfoA
GetFullPathNameA
SetEvent
lstrcmpW
FindAtomA
SetErrorMode
GetFileTime
lstrcpynW
Beep
GetCurrentThreadId
GetSystemDirectoryW

user32

RegisterClassExW
LoadIconW
IsChild
CreateDesktopA
SetCursorPos
GetClassInfoExA
ShowWindow
CreateDialogParamW
SetTimer
GetAsyncKeyState
WaitMessage
SetDlgItemTextA
EnumDesktopWindows
EnumChildWindows
CallWindowProcA
SendMessageW
LoadBitmapA
CreateDialogIndirectParamW
GetMenuItemInfoW
DefDlgProcA
GetDesktopWindow
OffsetRect
GetActiveWindow
GetDC
EmptyClipboard
RegisterClassW
InsertMenuItemW
WaitForInputIdle
GetWindowTextW

gdi32

SetGraphicsMode
GetLogColorSpaceW
GetObjectA
EnumEnhMetaFile
SetPaletteEntries
GetTextCharset
DeleteEnhMetaFile
PolyPolyline
GetMetaFileW
GetTextAlign
GetGlyphIndicesW
GetTextExtentExPointI
ExtTextOutW
GetDCBrushColor

advapi32

RegQueryValueA
RegDeleteValueA
RegCreateKeyW

shlwapi

SHRegGetUSValueW
PathIsUNCServerW
PathRelativePathToA
StrFormatKBSizeA
SHDeleteEmptyKeyW
PathCombineW
StrRChrIA
UrlCompareW
StrCatW
StrFormatKBSizeW
PathFindExtensionW
PathFindFileNameA

comctl32

ImageList_LoadImageA
ImageList_Replace
ImageList_SetImageCount
FlatSB_SetScrollInfo
CreatePropertySheetPageW

winmm

mmioAdvance
mmioInstallIOProcW
mixerGetLineControlsA
mmioSetInfo
waveInReset
midiOutLongMsg

crypt32

CryptHashCertificate
CryptSignCertificate
CertRDNValueToStrA
CryptHashPublicKeyInfo

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.c
Size: 1024B - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdTw
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MbOy
Size: 3KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hsn
Size: 1024B - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.umshMn
Size: 2KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BQPZ
Size: 512B - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

002de085159dcce8b0cd54386af8e46d

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4Certificate

Extended Key Usages

Key Usages

b7:a2:f3:b0:f5:e3:a8:3f:e0:30:c1:7b:66:7b:19:ad:0a:86:bd:4eSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

comctl32

winmm

crypt32

Sections

.text Size: 11KB - Virtual size: 10KB

.c Size: 1024B - Virtual size: 41KB

.sdTw Size: 512B - Virtual size: 4KB

.MbOy Size: 3KB - Virtual size: 21KB

.hsn Size: 1024B - Virtual size: 22KB

.data Size: 10KB - Virtual size: 10KB

.umshMn Size: 2KB - Virtual size: 35KB

.BQPZ Size: 512B - Virtual size: 215KB

.rsrc Size: 164KB - Virtual size: 163KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

b7:a2:f3:b0:f5:e3:a8:3f:e0:30:c1:7b:66:7b:19:ad:0a:86:bd:4e
Signer

.text
Size: 11KB - Virtual size: 10KB

.c
Size: 1024B - Virtual size: 41KB

.sdTw
Size: 512B - Virtual size: 4KB

.MbOy
Size: 3KB - Virtual size: 21KB

.hsn
Size: 1024B - Virtual size: 22KB

.data
Size: 10KB - Virtual size: 10KB

.umshMn
Size: 2KB - Virtual size: 35KB

.BQPZ
Size: 512B - Virtual size: 215KB

.rsrc
Size: 164KB - Virtual size: 163KB