a533f1a280d9aacce4b9c23616248a69_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a533f1a280d9aacce4b9c23616248a69_JaffaCakes118
Size

14.0MB
MD5

a533f1a280d9aacce4b9c23616248a69
SHA1

ecec3f20592aa1d6094210d7d9c6c756b5d60338
SHA256

5b8ab36469a9213f7a5f8ac802b3b93be459f99df5a3b06125a96cc00823615a
SHA512

a1cde985914b96ee66d0b0972bf0484b7ea9f0affb32593318b88cc42595cf02d104219bf13c2687aafbef6b73e48351183610a0b23b75d8df5e130437a06590
SSDEEP

393216:AmE7nfX3EmLA3WvW/ki5qqr82EHXJNacpJy2Uc:bInfXLLGcijek5c

Score

1^/10

Malware Config

Signatures

Files

a533f1a280d9aacce4b9c23616248a69_JaffaCakes118
.rar
SetupRecallPlusV3.exe
.exe windows:4 windows x86 arch:x86

4c59c0b3420ca0877a0e6c8146bdb593

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d3:0e
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-09-2005 04:57

Not After

22-09-2006 04:57

Subject

CN=EvolutionCode Pty Ltd,OU=Secure Application Development,O=EvolutionCode Pty Ltd,L=Brisbane,ST=QLD,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

f0:53:c9:6b:a3:e5:65:23:7b:a7:1f:49:c9:00:36:c0:14:1e:1d:77
Signer

Actual PE Digest

f0:53:c9:6b:a3:e5:65:23:7b:a7:1f:49:c9:00:36:c0:14:1e:1d:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowRect
SetCursor
EndDialog
DefWindowProcA
GetWindowWord
SetWindowWord
BeginPaint
GetSysColor
GetClientRect
SetRect
EndPaint
RegisterClassA
LoadIconA
OemToCharBuffA
LoadCursorA
GetLastActivePopup
ShowWindow
PostMessageA
EnableWindow
GetTopWindow
DestroyWindow
GetWindowLongA
SetWindowLongA
SetWindowTextA
SetForegroundWindow
SetActiveWindow
CharNextA
SetTimer
GetMessageA
PostQuitMessage
KillTimer
DialogBoxIndirectParamA
GetDlgItemTextA
SendMessageA
GetSystemMetrics
SetWindowPos
PeekMessageA
TranslateMessage
DispatchMessageA
GetParent
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItem
InvalidateRect
UpdateWindow
wsprintfA
MessageBoxA

kernel32

_lopen
WinExec
CreateProcessA
_lclose
GetVolumeInformationA
RtlUnwind
GetCommandLineA
GetModuleHandleA
ExitProcess
FindNextFileA
MoveFileExA
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
SetFilePointer
SetEndOfFile
RemoveDirectoryA
SetFileAttributesA
DeleteFileA
GetACP
GetModuleFileNameA
SetErrorMode
GetVersion
LoadLibraryA
GetProcAddress
GetLastError
FormatMessageA
FreeLibrary
WaitForSingleObject
GetTickCount
GetWindowsDirectoryA
FindClose
FindFirstFileA
SetCurrentDirectoryA
lstrlenA
CreateDirectoryA
lstrcatA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
_lcreat
lstrcpyA
LocalAlloc
GetEnvironmentVariableA
OpenFile
_lwrite
_lread
GetDriveTypeA
_llseek
LocalFree
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
GlobalHandle

gdi32

GetTextExtentPoint32A
SetBkColor
SetTextColor
SetTextAlign
GetBkColor
DeleteObject
ExtTextOutA
CreateDCA
GetDeviceCaps
CreateFontIndirectA
DeleteDC
SelectObject

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_winzip_
Size: 14.0MB - Virtual size: 14.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

4c59c0b3420ca0877a0e6c8146bdb593

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

21:d3:0eCertificate

Extended Key Usages

f0:53:c9:6b:a3:e5:65:23:7b:a7:1f:49:c9:00:36:c0:14:1e:1d:77Signer

Headers

File Characteristics

Imports

user32

kernel32

gdi32

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

_winzip_ Size: 14.0MB - Virtual size: 14.0MB

01
Certificate

0a
Certificate

21:d3:0e
Certificate

f0:53:c9:6b:a3:e5:65:23:7b:a7:1f:49:c9:00:36:c0:14:1e:1d:77
Signer

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

_winzip_
Size: 14.0MB - Virtual size: 14.0MB