a789e7b1bd205eaa7b5209cfd0d429dc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a789e7b1bd205eaa7b5209cfd0d429dc_JaffaCakes118
Size

277KB
MD5

a789e7b1bd205eaa7b5209cfd0d429dc
SHA1

d98c370ee7f8824562cdd6d372e544b2a2756665
SHA256

bf47b78aac646cab624e75a159426d3c0ec722dc5c88388d07db23162e67d532
SHA512

f4d7d5e21af7e653761dff46241c8db8d4986070fad58e9ca07439a3b5af5c239ce1a43ff2ac76f358e3320173949ac6e0009ceca80f56c6a2dcc23921947b60
SSDEEP

6144:+uNpTSlDD8MWeYjMZYm0TfiAG6HCoYT2QyKoU:Bt0tl/4fiA3Co5QyKoU

Score

1^/10

Malware Config

Signatures

Files

a789e7b1bd205eaa7b5209cfd0d429dc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

546c4f903701f3e65ce9cd7c747f588d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

45:56:b3:01:1f:44:5f:0d:d3:92:10:09:95:08:d6:05:cf:da:45:1f
Signer

Actual PE Digest

45:56:b3:01:1f:44:5f:0d:d3:92:10:09:95:08:d6:05:cf:da:45:1f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

s:\src\TGC-1.0.6.347\client\Bin\Daemon\Daemon.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

OutputDebugStringA
FindNextFileA
GetModuleHandleA
Sleep
GetCurrentDirectoryA
GetVersionExA
FindClose
GetWindowsDirectoryA
GetPrivateProfileStringA
FindFirstFileA
LoadLibraryA
VirtualQuery
GetLastError
DeleteCriticalSection
lstrlenA
LeaveCriticalSection
GetPrivateProfileIntA
Module32Next
MultiByteToWideChar
SetCurrentDirectoryA
MapViewOfFile
Module32First
UnmapViewOfFile
GetDllDirectoryA
CreateToolhelp32Snapshot
SetDllDirectoryA
CloseHandle
EnterCriticalSection
InitializeCriticalSection
CreateFileMappingA
GetCurrentProcessId
GetProcAddress
GetCommandLineW
OutputDebugStringW
GetModuleFileNameW
WriteProcessMemory
GetModuleHandleW
GetProcessHeap
TerminateProcess
VirtualAllocEx
CreateEventW
SearchPathW
SetErrorMode
CreateProcessW
HeapAlloc
GetCurrentThreadId
SetUnhandledExceptionFilter
DuplicateHandle
GetCurrentProcess
HeapFree
WaitForSingleObject
CreateThread
CreateMutexA
GetExitCodeProcess
CreateProcessA
GetModuleFileNameA
GetLongPathNameA
SetLastError
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetFileAttributesA
UnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetCPInfo
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
HeapSize
ExitProcess
WriteFile
ReadFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
CreateFileA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetEndOfFile
SleepEx

user32

SetCursor
ClipCursor
CreateWindowExA
IsWindow
SetWindowLongA
PostQuitMessage

advapi32

RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW

shell32

ShellExecuteA
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA

ws2_32

recv
select
__WSAFDIsSet
send
closesocket
connect
inet_ntoa
gethostbyname
ioctlsocket
socket
WSACleanup
WSAStartup
htons
WSAGetLastError
inet_addr

Exports

Exports

daemon_log

Sections

.text
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

546c4f903701f3e65ce9cd7c747f588d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

45:56:b3:01:1f:44:5f:0d:d3:92:10:09:95:08:d6:05:cf:da:45:1fSigner

Headers

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

shell32

ws2_32

Exports

Exports

Sections

.text Size: 164KB - Virtual size: 162KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 52KB - Virtual size: 63KB

.rsrc Size: 12KB - Virtual size: 10KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

45:56:b3:01:1f:44:5f:0d:d3:92:10:09:95:08:d6:05:cf:da:45:1f
Signer

.text
Size: 164KB - Virtual size: 162KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 52KB - Virtual size: 63KB

.rsrc
Size: 12KB - Virtual size: 10KB