a31f6751938a41657681165b8c8af8fc_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a31f6751938a41657681165b8c8af8fc_JaffaCakes118
Size

241KB
MD5

a31f6751938a41657681165b8c8af8fc
SHA1

318b4756487c2c16f3e373088deaea71d2e2522a
SHA256

40fd8e703b2cd428a3a69bb801df7754ca8e05d5120c5cca03332424cb802191
SHA512

bc62dea9807a1b816b8d9f9d3a001dd5a4eb260ea0daf558558ce675882c71e6ce3d609b840cafad9cbd39dfdcd7923939003f861d8e3c5576e26c81f584d96b
SSDEEP

6144:KWUZ8wzD7dFgedIHacg0Vz2Sv9h8pYczbVv0/xrexI4aL:KdZb7dFiacFUSFEYczx0hex

Score

1^/10

Malware Config

Signatures

Files

a31f6751938a41657681165b8c8af8fc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

15d528a02b0b2fef75af7fc1be31a816

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

22:5c:8b:52:64:05:84:16:3e:c1:83:50:17:de:d7:81
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30/01/2007, 00:00

Not After

15/02/2008, 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RD,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetUserDefaultLangID
GetEnvironmentVariableW
SetCalendarInfoA
OpenWaitableTimerW
FileTimeToDosDateTime
DuplicateHandle
FindResourceA
ReplaceFileW
GetVolumeInformationA
IsBadWritePtr
GetCalendarInfoW
GetCurrentProcess
CreateMutexA
GetThreadPriority
GetProcessHeaps
FindAtomA
OpenSemaphoreA
LoadLibraryA
EnumDateFormatsA
FileTimeToSystemTime
BeginUpdateResourceA
LoadLibraryExA
lstrcpy
lstrlenW
lstrlenA
TlsAlloc
LocalFree
GetModuleHandleW
GetProcAddress
QueryPerformanceFrequency
GetModuleFileNameW
GetSystemDefaultLCID
CreateEventA
GlobalFindAtomA
GetTempFileNameA
lstrcmpiA
lstrcpynA
lstrcmp
CreateSemaphoreA
OpenMutexW
GetSystemInfo
OpenMutexA
MultiByteToWideChar
DosDateTimeToFileTime
OpenEventW
IsDebuggerPresent
CreateSemaphoreW
GetCurrentProcessId
lstrcmpW
GetLogicalDriveStringsW
QueryPerformanceCounter
GetTempPathA
CreateDirectoryW
Beep
GetCurrentThreadId
RemoveDirectoryW
GetSystemDefaultLangID
EnumTimeFormatsA
GetTimeFormatW
RemoveDirectoryA
CreatePipe
GetProcessHeap
GetWindowsDirectoryA
IsValidLocale
SetEvent

user32

WinHelpA
UnregisterClassW
SetTimer
SetDlgItemInt
InvalidateRgn
LoadCursorA
EnumWindows
SetFocus
WaitForInputIdle
IsChild
DestroyCursor
InsertMenuItemA
RemoveMenu
GetClassInfoExA
DestroyMenu
DialogBoxParamA
MessageBoxIndirectW
PostQuitMessage
SetMenu
wvsprintfW
GetTopWindow
LoadImageA
CreateDesktopW
CharNextW
SetParent
SetWindowTextW
GetScrollPos
EndDialog
wvsprintfA
LoadImageW
ActivateKeyboardLayout
LoadBitmapA
GetMenuState
AdjustWindowRect
FindWindowA
CheckMenuItem
CreateDialogIndirectParamW
LoadMenuW
TrackPopupMenuEx
CreateMenu
GetClassInfoA
ShowCaret
mouse_event
SetActiveWindow
GetIconInfo
wsprintfA
LoadMenuIndirectW
GetFocus
GetDesktopWindow
RegisterClassExA
LoadCursorW
GetMenuInfo
GetClassInfoExW
SetWindowPos
PeekMessageW
CharNextA
CharLowerW
WaitMessage
CharPrevW
LoadIconW
GetClassInfoW
MessageBoxA
EmptyClipboard
GetDlgItemTextA
CreateDialogParamW
UnregisterClassA
MonitorFromRect
CreateDialogIndirectParamA
SetWindowTextA
LoadMenuIndirectA
SendDlgItemMessageA

advapi32

AddAuditAccessAce
CryptGetProvParam

shell32

SHBrowseForFolder
ShellExecuteA
StrChrA
SHGetFolderPathW
ExtractAssociatedIconW
StrRChrA
StrNCmpIA
StrCmpNA
ExtractIconEx
SHGetDesktopFolder
StrRStrW
ExtractAssociatedIconA
StrCmpNIW

comctl32

ImageList_LoadImageA
ImageList_GetFlags
CreatePropertySheetPageA
CreatePropertySheetPageW
ImageList_SetFilter
GetMUILanguage

oleaut32

SafeArrayGetUBound
SetVarConversionLocaleSetting
VarI1FromUI2
VarI4FromUI4
VarNeg
SysReAllocStringLen
VarDecSub
VarUI1FromBool
VarR4FromBool

ws2_32

closesocket
getsockopt
htonl
accept
WSAEventSelect
recv
select
gethostname
WSAConnect

urlmon

FindMediaType
DllGetClassObject
URLOpenPullStreamA
MkParseDisplayNameEx
DllRegisterServer
CreateURLMoniker
RevokeFormatEnumerator
GetMarkOfTheWeb
CompareSecurityIds
DllUnregisterServer
FindMediaTypeClass
IsAsyncMoniker
HlinkGoForward
CoInternetCreateZoneManager
BindAsyncMoniker

winmm

waveInGetDevCapsW
mciGetErrorStringW
midiInGetNumDevs

imm32

ImmReleaseContext
ImmRegisterWordA

crypt32

CryptMsgVerifyCountersignatureEncodedEx
CryptExportPublicKeyInfo
CertSetStoreProperty
CertGetCRLFromStore
CertAddEncodedCertificateToSystemStoreW
CertGetIntendedKeyUsage
CryptMsgCalculateEncodedLength
CertGetIssuerCertificateFromStore
RegCreateKeyExU
CryptBinaryToStringW
CertOpenStore

Sections

.FiIN
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TP
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.t
Size: 2KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bh
Size: 1024B - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eSx
Size: 3KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eWH
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rgDN
Size: 6KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qyTND
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.B
Size: 13KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JkKsC
Size: 512B - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15d528a02b0b2fef75af7fc1be31a816

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

22:5c:8b:52:64:05:84:16:3e:c1:83:50:17:de:d7:81Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

comctl32

oleaut32

ws2_32

urlmon

winmm

imm32

crypt32

Sections

.FiIN Size: 7KB - Virtual size: 6KB

.TP Size: 92KB - Virtual size: 92KB

.t Size: 2KB - Virtual size: 480KB

.bh Size: 1024B - Virtual size: 318KB

.eSx Size: 3KB - Virtual size: 342KB

.eWH Size: 10KB - Virtual size: 10KB

.rgDN Size: 6KB - Virtual size: 48KB

.qyTND Size: 91KB - Virtual size: 91KB

.B Size: 13KB - Virtual size: 236KB

.JkKsC Size: 512B - Virtual size: 18KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 1KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

22:5c:8b:52:64:05:84:16:3e:c1:83:50:17:de:d7:81
Certificate

.FiIN
Size: 7KB - Virtual size: 6KB

.TP
Size: 92KB - Virtual size: 92KB

.t
Size: 2KB - Virtual size: 480KB

.bh
Size: 1024B - Virtual size: 318KB

.eSx
Size: 3KB - Virtual size: 342KB

.eWH
Size: 10KB - Virtual size: 10KB

.rgDN
Size: 6KB - Virtual size: 48KB

.qyTND
Size: 91KB - Virtual size: 91KB

.B
Size: 13KB - Virtual size: 236KB

.JkKsC
Size: 512B - Virtual size: 18KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 1KB - Virtual size: 1KB