a630ef34f6916e5b38d046bc9a4cf9e5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a630ef34f6916e5b38d046bc9a4cf9e5_JaffaCakes118
Size

124KB
MD5

a630ef34f6916e5b38d046bc9a4cf9e5
SHA1

6aa85dab9271a11eeb35aaf43ceba2c9ea55add4
SHA256

96b86b20bf70316622d7a17ba4aea0b89d32299e37fabd8c7a545267d2d51fb1
SHA512

74fd8fde9c7be3e8e96fa554e94348247464c6025aa0caf7d63ddd26d195a42be5ec4cf4eb52c465f607cb3b59df94e026a923e5aa2a3abf31efd2b7207d0134
SSDEEP

1536:7yZC0s4HOat+JjhM8TkoxgpiB+vewUg76B31z3k4Q5DObH3+qPZYygN:2w0spakJa8IoiBW2DObH3+iZY

Score

1^/10

Malware Config

Signatures

Files

a630ef34f6916e5b38d046bc9a4cf9e5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d756ccbc37d8f9f0d90a44276a253d22

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

73:3a:40:45:4c:36:0f:36:fe:7b:52:c3:df:a6:4a:a7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

22/02/2011, 00:00

Not After

22/04/2012, 23:59

Subject

CN=SPACE INTERNATIONAL,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SPACE INTERNATIONAL,L=Guro-Gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e6:46:36:99:27:13:6d:87:da:fa:61:d6:15:4e:ef:ef:1e:ba:cf:e7
Signer

Actual PE Digest

e6:46:36:99:27:13:6d:87:da:fa:61:d6:15:4e:ef:ef:1e:ba:cf:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\build\easykeytec_unified\win32\bin\UninstallEasyKeytec.pdb

Imports

kernel32

OpenProcess
ReadProcessMemory
Process32First
CreateToolhelp32Snapshot
FreeLibrary
GetProcAddress
LoadLibraryA
WriteProcessMemory
VirtualAllocEx
GetExitCodeThread
WaitForSingleObject
CreateRemoteThread
VirtualFreeEx
GetModuleFileNameA
GetModuleHandleA
CreateProcessA
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
CreateMutexA
OpenMutexA
GetVersionExA
SetFileAttributesA
GetShortPathNameA
WriteFile
CreateFileA
OutputDebugStringA
Module32Next
GetCurrentProcessId
Module32First
Process32Next
GetSystemDirectoryA
lstrcmpA
Sleep
SetLastError
GetLongPathNameA
GetExitCodeProcess
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetTickCount
TerminateProcess
GetCurrentProcess
CloseHandle
RemoveDirectoryA
lstrlenA
GetFileAttributesA
CreateDirectoryA
FindFirstFileA
DeleteFileA
FindNextFileA
FindClose
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
GetWindowsDirectoryA
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetStdHandle
HeapCreate
VirtualFree
GetStartupInfoA
GetCommandLineA
ExitProcess
IsDebuggerPresent
GetACP
GetLocaleInfoA
GetThreadLocale
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualAlloc
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter

user32

MessageBoxA
ExitWindowsEx
UnregisterClassA
FindWindowA
PostMessageA

advapi32

ControlService
OpenServiceA
DeleteService
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
OpenSCManagerA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

ole32

CoTaskMemFree

shlwapi

SHDeleteEmptyKeyA
PathFileExistsA
StrStrW
SHDeleteKeyA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsA
SetupDiSetDeviceRegistryPropertyA

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d756ccbc37d8f9f0d90a44276a253d22

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

73:3a:40:45:4c:36:0f:36:fe:7b:52:c3:df:a6:4a:a7Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

e6:46:36:99:27:13:6d:87:da:fa:61:d6:15:4e:ef:ef:1e:ba:cf:e7Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

version

setupapi

Sections

.text Size: 76KB - Virtual size: 75KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 8KB - Virtual size: 7KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

73:3a:40:45:4c:36:0f:36:fe:7b:52:c3:df:a6:4a:a7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

e6:46:36:99:27:13:6d:87:da:fa:61:d6:15:4e:ef:ef:1e:ba:cf:e7
Signer

.text
Size: 76KB - Virtual size: 75KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 8KB - Virtual size: 7KB