a5674fa46ed7f0abd924bf27133af777_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a5674fa46ed7f0abd924bf27133af777_JaffaCakes118
Size

721KB
MD5

a5674fa46ed7f0abd924bf27133af777
SHA1

8f94edf045cddabf77040dedf91caa0c8b5a0867
SHA256

d1164187d93345afaf2661fd509a9d7eb9a1c4e7dd5a94e5b0d582dc1aef504b
SHA512

9e92c6aa25eda752bcbc67745f6d790a797369cdf1855029744675c53f097569e1fed9008399d90237930805c25f198bdbaca8e00876acd29b7d187139fb5962
SSDEEP

12288:m7UjrNdQ6nC/9h9W67mxhGxYSH47jetNabV8gae9ocOAGuK91fgh:F3NdQ6nyiqxYSQqabV8gahcOAGuK91fQ

Score

1^/10

Malware Config

Signatures

Files

a5674fa46ed7f0abd924bf27133af777_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4f056efa0fe4a6261106c884e1f97dcb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

89:41:8a:c3:8c:1b:eb:e7:e3:74:57:1b:db:86:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

30-04-2010 00:00

Not After

07-05-2011 23:59

Subject

CN=Panda Security S.L,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Panda Security S.L,L=Bilbao,ST=Bizkaia,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9a:96:f3:83:72:0f:d5:0a:89:2f:ea:23:fd:73:e7:4c:e7:37:8b:f7
Signer

Actual PE Digest

9a:96:f3:83:72:0f:d5:0a:89:2f:ea:23:fd:73:e7:4c:e7:37:8b:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\Desarrollo\TFS\Installers\Products\CloudAv\Release\Version 3.02.00.xxxx\Source\Code\Projects\Setup.exe\ProjectWin\bin\Release\Setup.pdb

Imports

kernel32

GetPrivateProfileIntW
FindResourceW
LoadResource
GetPrivateProfileStringW
Sleep
SizeofResource
WritePrivateProfileStringW
LockResource
SetEvent
WaitForMultipleObjectsEx
TerminateProcess
CreateEventW
LoadLibraryW
LoadLibraryA
LoadLibraryExA
FormatMessageA
LocalFree
MoveFileExW
WideCharToMultiByte
MultiByteToWideChar
GetDriveTypeW
GetFileAttributesW
SetLastError
GetModuleFileNameW
GetVersionExW
lstrcmpiW
GetVersionExA
CreateProcessW
OpenProcess
GlobalMemoryStatus
GetDiskFreeSpaceW
GetTickCount
CreateFileW
LocalAlloc
GetUserDefaultLangID
GetDateFormatW
OutputDebugStringW
GetTimeFormatW
GetLocalTime
GetCurrentThreadId
SetEndOfFile
WriteConsoleW
SetEnvironmentVariableW
CompareStringW
SetStdHandle
CopyFileW
CreateDirectoryW
GetCurrentProcess
FileTimeToLocalFileTime
FreeLibrary
FindNextFileW
FindClose
FileTimeToSystemTime
FindFirstFileW
CreateMutexW
GetCommandLineW
DeleteFileW
GetTempPathW
GetTempFileNameW
GetExitCodeProcess
GetModuleHandleW
CompareFileTime
ExpandEnvironmentStringsW
GetLastError
CloseHandle
ReleaseMutex
OpenMutexW
WaitForSingleObject
GetWindowsDirectoryW
GetCurrentDirectoryW
GetCurrentProcessId
DeleteCriticalSection
EnterCriticalSection
GetProcAddress
LeaveCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
EncodePointer
DecodePointer
InterlockedExchange
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
HeapSetInformation
GetStartupInfoW
HeapReAlloc
RaiseException
RtlUnwind
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetLocaleInfoW
HeapCreate
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
ReadFile
SetFilePointer
GetConsoleCP
GetConsoleMode
QueryPerformanceCounter
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
GetProcessHeap

user32

GetSystemMetrics
wsprintfW
MessageBoxA
ExitWindowsEx
MessageBoxW

advapi32

LookupPrivilegeValueW
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptGetHashParam
FreeSid
ControlService
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
RevertToSelf
ImpersonateLoggedOnUser
SetTokenInformation
CreateProcessAsUserW
GetTokenInformation
RegSetValueExW
RegEnumKeyExW
RegFlushKey
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

Sections

.text
Size: 555KB - Virtual size: 554KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f056efa0fe4a6261106c884e1f97dcb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

89:41:8a:c3:8c:1b:eb:e7:e3:74:57:1b:db:86:c4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

9a:96:f3:83:72:0f:d5:0a:89:2f:ea:23:fd:73:e7:4c:e7:37:8b:f7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Sections

.text Size: 555KB - Virtual size: 554KB

.rdata Size: 109KB - Virtual size: 109KB

.data Size: 11KB - Virtual size: 19KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 35KB - Virtual size: 34KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

89:41:8a:c3:8c:1b:eb:e7:e3:74:57:1b:db:86:c4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

9a:96:f3:83:72:0f:d5:0a:89:2f:ea:23:fd:73:e7:4c:e7:37:8b:f7
Signer

.text
Size: 555KB - Virtual size: 554KB

.rdata
Size: 109KB - Virtual size: 109KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 35KB - Virtual size: 34KB