aac133e7547c76faf87d9db6fe32a72e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aac133e7547c76faf87d9db6fe32a72e_JaffaCakes118
Size

713KB
MD5

aac133e7547c76faf87d9db6fe32a72e
SHA1

90f99a823f32dcab533230aa0bc8321d8316c674
SHA256

57f4c15f268d073bbdc4b83cb1b80380136de33c9c9bdc00d2047095f7237249
SHA512

9dbba6d8dd0206db96371525b90087648adec1e53fb13317ee3a331ed5dd636e5765b1f74d108a025958e3c3885f803ce6326f9c3be71a25ee7125ff0ca1c2ed
SSDEEP

12288:j1/25DQQVUR/S3BERax4xZNNBHIqwUk+3AE3nfWJLqwbl4Q8:jJ2lQQV0a9+x9BKUk+3fPWJV4Q8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Keymaker.exe

Files

aac133e7547c76faf87d9db6fe32a72e_JaffaCakes118
.rar
Download.Express.exe
.exe windows:1 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d6:77:69:ea:2e:08:21:4c:95:2c:10:a8:18:e0:c5:1f
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

08/01/2007, 00:00

Not After

07/01/2009, 23:59

Subject

CN=MetaProducts Corporation,O=MetaProducts Corporation,POSTALCODE=33682,STREET=P.O. Box 82160,L=Tampa,ST=FL,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

ce:cd:03:57:ef:d8:69:4a:a7:e7:64:40:1e:b5:ab:36:58:17:4d:bf
Signer

Actual PE Digest

ce:cd:03:57:ef:d8:69:4a:a7:e7:64:40:1e:b5:ab:36:58:17:4d:bf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 162KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Keymaker.exe
.exe windows:4 windows x86 arch:x86

9932ea624e4641f4d49c2c307092d45f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

InitializeCriticalSection
GetProcAddress
LocalFree
RaiseException
LocalAlloc
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileSectionA
RtlUnwind
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

arn
Size: - Virtual size: 292KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ownz
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

every1
Size: 5KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

in
Size: 39KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0day
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

world!
Size: 6KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

d6:77:69:ea:2e:08:21:4c:95:2c:10:a8:18:e0:c5:1fCertificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

ce:cd:03:57:ef:d8:69:4a:a7:e7:64:40:1e:b5:ab:36:58:17:4d:bfSigner

Headers

File Characteristics

Sections

CODE Size: 162KB - Virtual size: 436KB

DATA Size: 2KB - Virtual size: 4KB

BSS Size: - Virtual size: 12KB

.idata Size: 3KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 24KB

.rsrc Size: 19KB - Virtual size: 224KB

.aspack Size: 172KB - Virtual size: 172KB

.adata Size: - Virtual size: 4KB

9932ea624e4641f4d49c2c307092d45f

Headers

File Characteristics

Imports

kernel32

Sections

arn Size: - Virtual size: 292KB

ownz Size: 105KB - Virtual size: 105KB

every1 Size: 5KB - Virtual size: 40KB

in Size: 39KB - Virtual size: 60KB

0day Size: 6KB - Virtual size: 6KB

world! Size: 6KB - Virtual size: 27KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

d6:77:69:ea:2e:08:21:4c:95:2c:10:a8:18:e0:c5:1f
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

ce:cd:03:57:ef:d8:69:4a:a7:e7:64:40:1e:b5:ab:36:58:17:4d:bf
Signer

CODE
Size: 162KB - Virtual size: 436KB

DATA
Size: 2KB - Virtual size: 4KB

BSS
Size: - Virtual size: 12KB

.idata
Size: 3KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 24KB

.rsrc
Size: 19KB - Virtual size: 224KB

.aspack
Size: 172KB - Virtual size: 172KB

.adata
Size: - Virtual size: 4KB

arn
Size: - Virtual size: 292KB

ownz
Size: 105KB - Virtual size: 105KB

every1
Size: 5KB - Virtual size: 40KB

in
Size: 39KB - Virtual size: 60KB

0day
Size: 6KB - Virtual size: 6KB

world!
Size: 6KB - Virtual size: 27KB