a52f4ecc0000b1ce1b4b792c89291231_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a52f4ecc0000b1ce1b4b792c89291231_JaffaCakes118
Size

366KB
MD5

a52f4ecc0000b1ce1b4b792c89291231
SHA1

4db6a151df3b1df762e52f8e678c6c6fc582d604
SHA256

40732fd6478bf22c1a558b55b4f50d1d4988ae1397b2f238249812e5740b8980
SHA512

56d7487fdcd0ed100f897407c3cccc3cbd1b42bd6452e4303a46ae06a5a9905a79f135314d617092a3436666588ad03d02c5ea5e1f5e6d0c3e38753accb1b4ba
SSDEEP

6144:RefdDoDLhnowxc2NDvJQTH0jp0jQ9p6c789pWWxYOJzfD5Qf0K:QRoDLvO2NDRzpd8z7NDDufH

Score

1^/10

Malware Config

Signatures

Files

a52f4ecc0000b1ce1b4b792c89291231_JaffaCakes118
.exe windows:4 windows x86 arch:x86

56ed6084c5ecd8784553be57502cda76

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:01
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

16/11/2006, 01:54

Not After

16/11/2026, 01:54

Subject

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ae:55:a5:f8:0e:e0
Certificate

Issuer

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

21/05/2009, 18:07

Not After

21/05/2010, 16:58

Subject

CN=AnalogX\, LLC,O=AnalogX\, LLC,L=Tempe,ST=AZ,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

20:0f:3a:2d:91:38:43:41:90:d8:d2:59:36:6d:0d:2a:4a:61:6f:97
Signer

Actual PE Digest

20:0f:3a:2d:91:38:43:41:90:d8:d2:59:36:6d:0d:2a:4a:61:6f:97

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderA
ShellExecuteExA
SHGetDesktopFolder

kernel32

FindClose
GetSystemDirectoryA
GetWindowsDirectoryA
GetTempPathA
GetCurrentDirectoryA
MultiByteToWideChar
GetVersionExA
LoadLibraryExA
GetDiskFreeSpaceA
GetExitCodeProcess
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
SetEndOfFile
DeleteFileA
CreateDirectoryA
GetCommandLineA
QueryPerformanceFrequency
LCMapStringA
GetLocaleInfoA
HeapSize
GetCurrentProcessId
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
FreeEnvironmentStringsA
GetFullPathNameA
RaiseException
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
HeapCreate
HeapDestroy
HeapReAlloc
VirtualAlloc
VirtualFree
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetHandleCount
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetTimeZoneInformation
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
GetProcessHeap
ReadFile
LeaveCriticalSection
EnterCriticalSection
SetStdHandle
GetDriveTypeA
SetEnvironmentVariableA
HeapFree
HeapAlloc
CreateFileA
GetFileType
SetFilePointer
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
FlushFileBuffers
ExitProcess
GetModuleHandleA
GetSystemTimeAsFileTime
AllocConsole
GetStdHandle
SetConsoleTitleA
LocalFree
LocalAlloc
CreateEventA
GetLastError
SetEvent
InterlockedExchange
QueryPerformanceCounter
GetCurrentThreadId
WriteFile
Sleep
LoadLibraryA
GetProcAddress
GetCurrentProcess
FreeLibrary
CloseHandle
CreateMutexA
WaitForSingleObject
ReleaseMutex
LCMapStringW
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
GetEnvironmentStrings

advapi32

RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

PostQuitMessage
LoadIconA
GetSysColorBrush
DestroyIcon
CreateDialogParamA
ShowWindowAsync
DestroyWindow
DialogBoxParamA
SetWindowTextA
EndDialog
GetParent
GetSystemMetrics
GetDesktopWindow
SetWindowPos
GetWindowRect
PeekMessageA
GetMessageA
DispatchMessageA
SetForegroundWindow
EnumWindows
IsWindow
GetClassNameA
GetWindowTextA
ShowWindow
CreateWindowExA
TranslateMessage
GetDlgItemTextA
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItem
UnregisterClassA
LoadCursorA
RegisterClassExA
GetUpdateRect
BeginPaint
EndPaint
GetClientRect
SendMessageA
DefWindowProcA
InvalidateRect
UpdateWindow
GetWindowLongA
SetWindowLongA
MessageBoxA

ole32

CoInitialize
CoUninitialize
OleUninitialize
CoCreateInstance
OleInitialize

gdi32

GdiFlush
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
BitBlt
AddFontResourceA
RemoveFontResourceA
CreateDIBSection

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56ed6084c5ecd8784553be57502cda76

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

03:01Certificate

Key Usages

ae:55:a5:f8:0e:e0Certificate

Extended Key Usages

Key Usages

20:0f:3a:2d:91:38:43:41:90:d8:d2:59:36:6d:0d:2a:4a:61:6f:97Signer

Headers

File Characteristics

Imports

comctl32

shell32

kernel32

advapi32

user32

ole32

gdi32

Sections

.text Size: 119KB - Virtual size: 119KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 7KB - Virtual size: 20KB

.rsrc Size: 5KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

03:01
Certificate

ae:55:a5:f8:0e:e0
Certificate

20:0f:3a:2d:91:38:43:41:90:d8:d2:59:36:6d:0d:2a:4a:61:6f:97
Signer

.text
Size: 119KB - Virtual size: 119KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 7KB - Virtual size: 20KB

.rsrc
Size: 5KB - Virtual size: 4KB