a7ab9ad6e7545003974b1efc7a855c7a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a7ab9ad6e7545003974b1efc7a855c7a_JaffaCakes118
Size

243KB
MD5

a7ab9ad6e7545003974b1efc7a855c7a
SHA1

f442f29e0ffb461cf9552310e4864b3730945ae1
SHA256

fbb61c6ad8d47eb1dfbc16f5c868e4a9e4f3f160ce05203a5a865c1155436c03
SHA512

4cf5783a2e50d4b3b6b434dceb879ccbc4af673278fdce9958541a91f10e8867d33c9a8989616871a54485052c9d132eb7190f8d8d7825da03958d177423b1e2
SSDEEP

6144:KrYW9KpUIJZokn+VkffmDipECzuUwDJFtqh9LBl+:QYeK2qZJn+qedC677qh9Nl+

Score

1^/10

Malware Config

Signatures

Files

a7ab9ad6e7545003974b1efc7a855c7a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9b771951269eb9c40a4867ea7bc844f0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/09/2009, 00:00

Not After

01/10/2012, 23:59

Subject

CN=ArcaBit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ArcaBit,O=ArcaBit Ltd.,L=Warsaw,ST=Warsaw,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3c:59:28:44:b9:c9:63:09:55:82:28:05:02:3e:2e:3b:42:e4:94:78
Signer

Actual PE Digest

3c:59:28:44:b9:c9:63:09:55:82:28:05:02:3e:2e:3b:42:e4:94:78

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexW
AddAtomA
SetErrorMode
lstrcpynW
Sleep
GetStartupInfoW
SetCurrentDirectoryW
GetCalendarInfoA
lstrcat
lstrcpyA
GetExitCodeThread
SystemTimeToFileTime
GetSystemDefaultLCID
GetVolumeInformationW
GetDiskFreeSpaceW
GetStartupInfoA
IsValidLocale
GetStringTypeW
LoadLibraryExA
GetProcAddress
IsBadReadPtr
QueryPerformanceFrequency
CreateSemaphoreA
GetThreadLocale
ExpandEnvironmentStringsW
FileTimeToSystemTime
GetDiskFreeSpaceA
CreateNamedPipeA
GetLastError
FreeLibrary

user32

InsertMenuItemA
keybd_event
GetActiveWindow
IsMenu
CreateAcceleratorTableW
SetDlgItemTextW
DialogBoxIndirectParamA
GetCapture
ShowCaret
GetCaretPos
CheckMenuItem
IsWindow
RegisterWindowMessageW
DialogBoxIndirectParamW
GetTopWindow
DialogBoxParamW
GetMenu
RegisterClassExA
UpdateLayeredWindow
MonitorFromRect
IsDlgButtonChecked
PostMessageW
GetKeyboardLayout
SetWindowPos
MessageBoxIndirectA
CreateDialogIndirectParamA
SetTimer
SetFocus
MonitorFromPoint
IsChild
wsprintfA
wvsprintfW
CreateAcceleratorTableA
MonitorFromWindow
AppendMenuA
GetClassInfoExW
CharNextA
EndDialog
GetSystemMetrics
ShowWindow
CreateDialogIndirectParamW
MoveWindow
InsertMenuItemW
SetMenu
RegisterWindowMessageA
SetCursor
GetDesktopWindow
CreateDesktopW
GetScrollPos
EnableMenuItem
LoadMenuW
SetParent
DestroyMenu
GetMenuItemInfoW
IsIconic
CharPrevW
GetDlgItemInt
TrackPopupMenuEx
CopyIcon
CharUpperW
GetMenuStringW
GetClassInfoW
GetDCEx
LoadBitmapW
InsertMenuA
GetActiveWindow

gdi32

UpdateICMRegKeyW
GetMetaFileW
CreateColorSpaceW
CreateICW
CreateDIBSection
StretchDIBits
AddFontResourceW
TranslateCharsetInfo
RemoveFontResourceExA
CreateRectRgn
CreatePolyPolygonRgn
AddFontResourceA
SetWinMetaFileBits
CreateFontA
CreateMetaFileA
CreateFontIndirectExW
GetMetaFileA
CreateICA
GetTextExtentPointA
CreateBrushIndirect
CreateCompatibleDC
UpdateICMRegKeyA
CreatePatternBrush
CreateFontIndirectA

shell32

ExtractIconA
StrNCmpIA
ExtractAssociatedIconExW
StrStrIW
SHGetSpecialFolderLocation
StrRStrW
SHBrowseForFolder
Shell_NotifyIconA
ExtractAssociatedIconA
StrStrW
SHGetFolderLocation
Shell_NotifyIcon

oleaut32

OleLoadPictureFile
VarDateFromR4

ws2_32

WSACloseEvent
WSAIoctl
getprotobynumber
WSAEventSelect
WSARecv
WSACreateEvent
gethostbyname
listen
select

urlmon

CopyBindInfo
IsValidURL
FaultInIEFeature
GetClassURL
CoInternetParseUrl
URLOpenPullStreamW
CoInternetCreateZoneManager
ReleaseBindInfo
GetMarkOfTheWeb
CoInternetCompareUrl
CoInternetGetSecurityUrl
CreateAsyncBindCtx
HlinkSimpleNavigateToMoniker
RevokeFormatEnumerator
GetClassFileOrMime
CoInternetCreateSecurityManager
RegisterBindStatusCallback
GetComponentIDFromCLSSPEC

rasman

RasRpcSetUserPreferences
RasGetPortUserData
RasPortSetFramingEx
RasDeAllocateRoute
RasRpcGetInstalledProtocols
RasSetDialParams
RasFreeBuffer

inetcomm

CreateIMAPTransport2
MimeOleSMimeCapGetEncAlg
HrDoAttachmentVerb
MimeOleParseRfc822Address
MimeEditGetBackgroundImageUrl
HrGetLastOpenFileDirectory
MimeOleGetAllocator
MimeOleGetBodyPropW
MimeOleCreateHeaderTable
HrAthGetFileNameW
MimeOleGetRelatedSection
MimeOleSMimeCapInit
MimeOleGenerateCID

Sections

.z
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.D
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SmJEG
Size: 1KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Vnvqv
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.AWAS
Size: 512B - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MwNgTx
Size: 5KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.omuQ
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vTyM
Size: 15KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VzGZ
Size: 4KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b771951269eb9c40a4867ea7bc844f0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3dCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

3c:59:28:44:b9:c9:63:09:55:82:28:05:02:3e:2e:3b:42:e4:94:78Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

oleaut32

ws2_32

urlmon

rasman

inetcomm

Sections

.z Size: 6KB - Virtual size: 6KB

.D Size: 92KB - Virtual size: 91KB

.SmJEG Size: 1KB - Virtual size: 21KB

.Vnvqv Size: 11KB - Virtual size: 11KB

.AWAS Size: 512B - Virtual size: 33KB

.MwNgTx Size: 5KB - Virtual size: 42KB

.omuQ Size: 93KB - Virtual size: 92KB

.vTyM Size: 15KB - Virtual size: 66KB

.VzGZ Size: 4KB - Virtual size: 436KB

.rsrc Size: 6KB - Virtual size: 6KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3d
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

3c:59:28:44:b9:c9:63:09:55:82:28:05:02:3e:2e:3b:42:e4:94:78
Signer

.z
Size: 6KB - Virtual size: 6KB

.D
Size: 92KB - Virtual size: 91KB

.SmJEG
Size: 1KB - Virtual size: 21KB

.Vnvqv
Size: 11KB - Virtual size: 11KB

.AWAS
Size: 512B - Virtual size: 33KB

.MwNgTx
Size: 5KB - Virtual size: 42KB

.omuQ
Size: 93KB - Virtual size: 92KB

.vTyM
Size: 15KB - Virtual size: 66KB

.VzGZ
Size: 4KB - Virtual size: 436KB

.rsrc
Size: 6KB - Virtual size: 6KB