a2a217267e9ace4a98cf20839b41f082_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a2a217267e9ace4a98cf20839b41f082_JaffaCakes118
Size

240KB
MD5

a2a217267e9ace4a98cf20839b41f082
SHA1

162bafead01e32486b9cff6d23e449d34b78d4bb
SHA256

dcbd33bad5c7746d26cdf9483ec7ade2a021cf1764688c852341ec30e64cb944
SHA512

0c0ac0f1a4a9dd14b98bfcf5287046252dbd057a081d940d0cdff5baf6af67d7f1c2ddcef6a297d501de6b2a7adf8ffafb1d5608c61002eb77c1546139ce214a
SSDEEP

6144:ccWoSj5KR5U6fusRfTm1SDI32tpdjS8Iy3Tuoa:c9545U6fAn38336

Score

1^/10

Malware Config

Signatures

Files

a2a217267e9ace4a98cf20839b41f082_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1e796873b675e71178720aa6a7e7b4a9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/02/2009, 00:00

Not After

11/02/2012, 23:59

Subject

CN=Avira GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development 2009,O=Avira GmbH,L=Tettnang,ST=Baden-Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateSemaphoreW
RemoveDirectoryW
GetSystemDefaultLCID
VirtualAlloc
AddAtomW
SetEvent
WaitForMultipleObjects
SearchPathW
CreatePipe
GetLongPathNameW
FileTimeToDosDateTime
GetCPInfo
GetSystemDefaultLangID
EnumTimeFormatsA
CreateDirectoryW
WaitForSingleObject
SuspendThread
GetEnvironmentStringsW
GetWindowsDirectoryW
GetHandleInformation
GetModuleHandleW
SystemTimeToFileTime
GetACP
lstrcpynW
ReplaceFileA
CreateThread
GetFullPathNameA
FlushFileBuffers
CreateSemaphoreA
EndUpdateResourceA
GetFileTime
SetCalendarInfoW
ConnectNamedPipe
GetSystemTime
GetLongPathNameA
CompareStringA
GetTimeFormatA
CreateMailslotA
GetExpandedNameA
OpenMutexW
GetTimeFormatW
FileTimeToSystemTime
lstrcpy
AddAtomA

user32

CreateDesktopA
DrawTextW
UnregisterClassA
OffsetRect
ShowWindow
LoadBitmapW
CharPrevA
LoadIconW
BringWindowToTop
PostMessageA
ShowCaret
InsertMenuA
WaitMessage
GetClassInfoExA
SendDlgItemMessageA
CheckMenuRadioItem
GetCursorPos
GetActiveWindow
GetIconInfo
AdjustWindowRect
EnableMenuItem
SetDlgItemTextW
GetDC
OpenWindowStationA
CharLowerW
CheckMenuItem
RegisterWindowMessageW
GetMenuItemRect
GetClassInfoExW
IsDlgButtonChecked
CascadeWindows
GetKeyState
GetClassInfoA
ClientToScreen
MoveWindow
GetClassInfoW

gdi32

SwapBuffers
RemoveFontResourceW
SetTextAlign
DescribePixelFormat
GetTextFaceA
LineTo
GetEnhMetaFileW
PolyPolyline
SetWindowOrgEx
CreateCompatibleDC
GetBkMode
CreateBitmapIndirect
GetDCBrushColor
GetEnhMetaFilePixelFormat
GetEnhMetaFileHeader
PlayMetaFile
CombineRgn

advapi32

RegOpenKeyW
IsValidAcl
RegOpenKeyW
RegQueryValueW
RegDeleteValueA

shell32

ShellExecuteExA
StrCmpNIA

comdlg32

PrintDlgExA
GetSaveFileNameA
GetOpenFileNameW
GetFileTitleW

setupapi

pSetupAccessRunOnceNodeList
CM_Get_DevNode_Registry_Property_ExW

wsock32

WSASetLastError
sethostname

Sections

.c9rxny
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.%bY
Size: 1024B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.;,bpn
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.<
Size: 1KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.#i!YS
Size: 3KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.x960
Size: 1KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 212KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e796873b675e71178720aa6a7e7b4a9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comdlg32

setupapi

wsock32

Sections

.c9rxny Size: 10KB - Virtual size: 11KB

.%bY Size: 1024B - Virtual size: 12KB

.;,bpn Size: 3KB - Virtual size: 3KB

.< Size: 1KB - Virtual size: 20KB

.#i!YS Size: 3KB - Virtual size: 44KB

.x960 Size: 1KB - Virtual size: 31KB

.rsrc Size: 212KB - Virtual size: 280KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

.c9rxny
Size: 10KB - Virtual size: 11KB

.%bY
Size: 1024B - Virtual size: 12KB

.;,bpn
Size: 3KB - Virtual size: 3KB

.<
Size: 1KB - Virtual size: 20KB

.#i!YS
Size: 3KB - Virtual size: 44KB

.x960
Size: 1KB - Virtual size: 31KB

.rsrc
Size: 212KB - Virtual size: 280KB