a866207abf57f612efe4235825b4087e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a866207abf57f612efe4235825b4087e_JaffaCakes118
Size

271KB
MD5

a866207abf57f612efe4235825b4087e
SHA1

35d6d76d0b6730beba318e098a9f4bbff49a0c27
SHA256

4b21cad07604a791e50324c200b521788390048d3ce9f073f2d6cc7945c62f0b
SHA512

467efa0163271d8052a8d6ab83f750fac55d6bef1da24b82eb89b72af7271c0fe2e26448ab3e775effbc398f6576ad7baeab5c4a54968483a7ac77e5d0d0b765
SSDEEP

6144:SG6BE7RCU6CstEk6vwWd+EgIrrDvEtXgcGD4XvNutgP+bi4I:ShBDpCdf+EtrktXgc28NutgP+2

Score

1^/10

Malware Config

Signatures

Files

a866207abf57f612efe4235825b4087e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5d24ad726e6f6a976ac831becad57de8

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20/01/2010, 00:00

Not After

24/01/2012, 23:59

Subject

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:94:c4:1b:f1:a2:55:c2:20:c3:77:40:e6:b9:be:b8:7a:de:bd:f9
Signer

Actual PE Digest

5d:94:c4:1b:f1:a2:55:c2:20:c3:77:40:e6:b9:be:b8:7a:de:bd:f9

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFindAtomW
FindAtomA
InitializeCriticalSection
CreateEventW
CreateMailslotA
SetComputerNameW
FileTimeToSystemTime
GetWindowsDirectoryW
MulDiv
OpenProcess
Sleep
lstrcatA
GetProcAddress
ExitProcess
EnumCalendarInfoA
GetTimeFormatW
GetFileAttributesA
CompareFileTime
GetProcessHeaps
ReplaceFileA
DosDateTimeToFileTime
SetCalendarInfoW
GetEnvironmentVariableA
lstrcmpi
DeleteAtom
WaitForSingleObject

user32

IsWindowEnabled
CheckMenuRadioItem
CheckDlgButton
GetCapture
CopyImage
CascadeWindows
OpenClipboard
GetCapture
CheckRadioButton
GetClassLongW
SetWindowLongA
SendDlgItemMessageA
CharLowerW
DialogBoxParamW
CheckMenuItem
CreateWindowExW
GetMenuItemID
GetKeyboardType
SetDlgItemInt
DefFrameProcW
CreateWindowExA
GetDC
ClientToScreen
CreateDesktopA
GetMenu
wvsprintfA
UpdateLayeredWindow
CharPrevA
MonitorFromRect
GetWindowTextA
CharLowerA
EnumDesktopsA
LoadImageW
FindWindowW
MonitorFromPoint
GetDC
LoadCursorA
MessageBeep
InsertMenuItemW
WinHelpW
ArrangeIconicWindows
IsIconic
AppendMenuW
PostMessageA
ChildWindowFromPoint
CharPrevW

gdi32

GetGlyphIndicesA
GetTextCharacterExtra
GetArcDirection
Polyline
GetColorAdjustment
SetWindowExtEx
CreateBitmapIndirect
GetTextExtentPointA
StartFormPage
CreateBitmap
DeleteMetaFile
DPtoLP
GetTextCharset
CreatePalette

advapi32

RegSaveKeyA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey
RegQueryInfoKeyW
RegEnumValueA

shell32

SHGetDataFromIDListA
ExtractIconW
ShellExecuteExW
StrCmpNA
StrStrIA

comctl32

ImageList_DragShowNolock

comdlg32

PrintDlgExA
ReplaceTextA
GetSaveFileNameA
GetFileTitleA
GetSaveFileNameW
PageSetupDlgW

opengl32

glRasterPos3sv
glEvalCoord2fv
glIndexub
glGetTexParameteriv
glRectfv
glCopyTexSubImage1D
glColor4i
glSelectBuffer
glVertex3i
glEvalCoord1d
glTexGenfv

ws2_32

getservbyname

winspool.drv

OpenPrinterA
DeletePrinter

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.LyfAJF
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.s
Size: 2KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RpJNH
Size: 1KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.OzQer
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vL
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.x
Size: 1KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.PAyCx
Size: 2KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dBt
Size: 1024B - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ApS
Size: 1KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d24ad726e6f6a976ac831becad57de8

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:94:c4:1b:f1:a2:55:c2:20:c3:77:40:e6:b9:be:b8:7a:de:bd:f9Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comctl32

comdlg32

opengl32

ws2_32

winspool.drv

Sections

.text Size: 11KB - Virtual size: 11KB

.LyfAJF Size: 512B - Virtual size: 4KB

.s Size: 2KB - Virtual size: 17KB

.RpJNH Size: 1KB - Virtual size: 46KB

.OzQer Size: 1KB - Virtual size: 2KB

.vL Size: 3KB - Virtual size: 4KB

.x Size: 1KB - Virtual size: 39KB

.PAyCx Size: 2KB - Virtual size: 47KB

.data Size: 8KB - Virtual size: 8KB

.dBt Size: 1024B - Virtual size: 15KB

.ApS Size: 1KB - Virtual size: 268KB

.rsrc Size: 228KB - Virtual size: 228KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:94:c4:1b:f1:a2:55:c2:20:c3:77:40:e6:b9:be:b8:7a:de:bd:f9
Signer

.text
Size: 11KB - Virtual size: 11KB

.LyfAJF
Size: 512B - Virtual size: 4KB

.s
Size: 2KB - Virtual size: 17KB

.RpJNH
Size: 1KB - Virtual size: 46KB

.OzQer
Size: 1KB - Virtual size: 2KB

.vL
Size: 3KB - Virtual size: 4KB

.x
Size: 1KB - Virtual size: 39KB

.PAyCx
Size: 2KB - Virtual size: 47KB

.data
Size: 8KB - Virtual size: 8KB

.dBt
Size: 1024B - Virtual size: 15KB

.ApS
Size: 1KB - Virtual size: 268KB

.rsrc
Size: 228KB - Virtual size: 228KB