a5e5374baed51352611501ff3f0c1a1c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a5e5374baed51352611501ff3f0c1a1c_JaffaCakes118
Size

138KB
MD5

a5e5374baed51352611501ff3f0c1a1c
SHA1

9f682a8056f5c2ccf3849b76f3bc82432c0c619b
SHA256

397c4daf3c0a10560010c1829d8ad64b916463154cd073f61e9b26d392ba242e
SHA512

d6a912731923d362bff012515d8f1afb712933c6358c1d1a5a1675fc3d822384e94a0ca7521964b036d7fd27736f96a48835960146e42b5ffe846412ad2877fd
SSDEEP

3072:KPUU/I5iLzdlAkj+2WrbS5XEy+aj6O5W3hv4VdqCH8HA21BEIY:KPUj5iLzwkj+TraFrk3NyH8HVbrY

Score

1^/10

Malware Config

Signatures

Files

a5e5374baed51352611501ff3f0c1a1c_JaffaCakes118
.exe windows:2 windows x86 arch:x86

777d1c0d64ac27848a53576890ed9a23

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

89:41:8a:c3:8c:1b:eb:e7:e3:74:57:1b:db:86:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

30/04/2010, 00:00

Not After

07/05/2011, 23:59

Subject

CN=Panda Security S.L,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Panda Security S.L,L=Bilbao,ST=Bizkaia,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:9b:bb:d6:f8:f2:bb:08:f9:3a:2a:aa:1e:c4:12:28:b1:a2:93:be
Signer

Actual PE Digest

3a:9b:bb:d6:f8:f2:bb:08:f9:3a:2a:aa:1e:c4:12:28:b1:a2:93:be

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiW
OpenMutexW
CloseHandle
BeginUpdateResourceA
GetExitCodeProcess
GetFullPathNameW
GetStartupInfoA
ReplaceFileW
GetDateFormatA
CompareFileTime
InitializeCriticalSection
GetLastError
SetErrorMode
ExpandEnvironmentStringsW
GetSystemTime
AddAtomW
IsBadWritePtr
QueryPerformanceCounter
GetFileAttributesA
LocalAlloc
GetFileAttributesW
VirtualAlloc
GetLogicalDrives
GetLocaleInfoW

user32

SendDlgItemMessageW
LoadBitmapA
GetForegroundWindow
CreateAcceleratorTableW
UpdateLayeredWindow
GetWindowTextLengthA
CallWindowProcA
InvalidateRgn
LoadIconW
IsMenu
GetKeyState
EndDialog
RegisterClassExW
GetDCEx
GetDlgItem
SendDlgItemMessageA
CharPrevA
InvalidateRect
RegisterWindowMessageW
GetMenuInfo
GetClassNameA
LoadIconA
DestroyWindow
RegisterClassA
LoadCursorA
EnumDesktopsA
SetForegroundWindow
EnumWindows
WaitMessage
GetActiveWindow
GetDlgItemTextW
PeekMessageW
DefWindowProcA
DialogBoxParamA
GetKeyboardType
SetCursor
IsRectEmpty
DefDlgProcW
SetWindowPos
DefWindowProcW
GetMenuItemRect

gdi32

DPtoLP
PolyBezierTo
CloseFigure
GetClipBox
ModifyWorldTransform
PolyPolygon
CreateHatchBrush
CreateFontA
Ellipse
ExtFloodFill
SelectPalette
SetTextJustification

ws2_32

WSAEnumProtocolsA
connect
select
WSAEventSelect
htonl

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.code_01
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.T
Size: 2KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.5J78s6
Size: 2KB - Virtual size: 21KB

IMAGE_SCN_MEM_READ

.bssH45
Size: 2KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.2cn
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Pv
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

777d1c0d64ac27848a53576890ed9a23

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

89:41:8a:c3:8c:1b:eb:e7:e3:74:57:1b:db:86:c4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

3a:9b:bb:d6:f8:f2:bb:08:f9:3a:2a:aa:1e:c4:12:28:b1:a2:93:beSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ws2_32

Sections

.text Size: 14KB - Virtual size: 14KB

.code_01 Size: 4KB - Virtual size: 5KB

.T Size: 2KB - Virtual size: 33KB

.5J78s6 Size: 2KB - Virtual size: 21KB

.bssH45 Size: 2KB - Virtual size: 34KB

.2cn Size: 3KB - Virtual size: 15KB

.rdata Size: 2KB - Virtual size: 2KB

.Pv Size: 3KB - Virtual size: 2KB

.rsrc Size: 95KB - Virtual size: 94KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

89:41:8a:c3:8c:1b:eb:e7:e3:74:57:1b:db:86:c4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

3a:9b:bb:d6:f8:f2:bb:08:f9:3a:2a:aa:1e:c4:12:28:b1:a2:93:be
Signer

.text
Size: 14KB - Virtual size: 14KB

.code_01
Size: 4KB - Virtual size: 5KB

.T
Size: 2KB - Virtual size: 33KB

.5J78s6
Size: 2KB - Virtual size: 21KB

.bssH45
Size: 2KB - Virtual size: 34KB

.2cn
Size: 3KB - Virtual size: 15KB

.rdata
Size: 2KB - Virtual size: 2KB

.Pv
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 95KB - Virtual size: 94KB