ab99965c8d787e0159de164529d1c3c7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ab99965c8d787e0159de164529d1c3c7_JaffaCakes118
Size

201KB
MD5

ab99965c8d787e0159de164529d1c3c7
SHA1

a7a0da30de50a7493efbadbc4a112344b5bb847c
SHA256

5adfe7b7e4bf6dc7b84d3531fa5b70f785115df8c78b597187fa150619259a28
SHA512

f95cb8afa0c42faf12d16af24104b95eb99b4880d1d9fdb56927017b54b942d9de5cf69bc2982ce80ad79388c89afdb1f1e99e1e665877917e969627405ff647
SSDEEP

3072:QHm3k9/JkMzick9SLyVO2ln343xODic+UPyxXhQb0OkzN:5k9/2M+v9SLyVOf3xTc+OUGHkJ

Score

1^/10

Malware Config

Signatures

Files

ab99965c8d787e0159de164529d1c3c7_JaffaCakes118
.exe windows:0 windows x86 arch:x86

71a6ec5a365cb8946787f49f434959e5

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:9b:6f:17:2f:48:91:3b:5b:bd:29:2c:a0:ab:77:a3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

29/09/2006, 00:00

Not After

26/10/2009, 23:59

Subject

CN=Norman ASA,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarter,O=Norman ASA,L=Lysaker,ST=Oslo,C=NO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

66:41:75:cc:18:53:fe:48:dd:5e:f5:ce:c1:ee:50:86:a2:f4:b4:b4
Signer

Actual PE Digest

66:41:75:cc:18:53:fe:48:dd:5e:f5:ce:c1:ee:50:86:a2:f4:b4:b4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableA
ReplaceFileW
CopyFileA
GetTempFileNameA
CreateDirectoryW
GetEnvironmentStringsA
SetUnhandledExceptionFilter
lstrlenW
CreateMailslotW
lstrcpyW
LoadLibraryA
SetLocaleInfoW
GetCommandLineA
GetModuleHandleA
GetProcAddress
GetLocalTime
lstrcmpiA
FreeResource
DuplicateHandle
lstrcpy
GetSystemDirectoryA
GetAtomNameA
MultiByteToWideChar
lstrlenA
AddAtomW
GetExitCodeThread
GetExpandedNameA

user32

UpdateLayeredWindow
GetClassLongW
ActivateKeyboardLayout
GetMenuItemID
GetClientRect
SetFocus
CreatePopupMenu
LoadMenuIndirectA
DestroyWindow
PeekMessageA
EnumDesktopsW
EnumDesktopsW
RegisterClassW
mouse_event
GetDlgItemTextW
PostMessageW
GetWindowTextLengthA
CheckMenuItem
CreateCaret
IsChild
FillRect
SetParent
GetWindowRect
DefFrameProcA
GetDC
GetKeyboardLayout
InsertMenuItemA
IsMenu
ArrangeIconicWindows
GetCursorPos
GetWindowTextA
GetClassInfoW
MoveWindow
LoadMenuA

gdi32

GetTextExtentExPointI
SetDeviceGammaRamp
GetTextMetricsA
DeleteEnhMetaFile
GetCharABCWidthsW
CreateDIBPatternBrush
FloodFill
CreateScalableFontResourceW
GetROP2

advapi32

RegQueryMultipleValuesA
RegQueryValueA
RegDeleteValueA
RegOpenKeyExA
RegEnumKeyExA

ole32

GetErrorInfo

urlmon

BindAsyncMoniker
GetMarkOfTheWeb

Sections

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.x3S\^m
Size: 1024B - Virtual size: 24KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.1&+>
Size: 1KB - Virtual size: 29KB

IMAGE_SCN_MEM_READ

.'`};7
Size: 1KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.8<g
Size: 1024B - Virtual size: 39KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.)?BM
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.C
Size: 1024B - Virtual size: 35KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.<
Size: 1024B - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.6|
Size: 1024B - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71a6ec5a365cb8946787f49f434959e5

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

56:9b:6f:17:2f:48:91:3b:5b:bd:29:2c:a0:ab:77:a3Certificate

Extended Key Usages

Key Usages

66:41:75:cc:18:53:fe:48:dd:5e:f5:ce:c1:ee:50:86:a2:f4:b4:b4Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

urlmon

Sections

.rdata Size: 2KB - Virtual size: 2KB

.x3S\^m Size: 1024B - Virtual size: 24KB

.text Size: 17KB - Virtual size: 17KB

.1&+> Size: 1KB - Virtual size: 29KB

.'`};7 Size: 1KB - Virtual size: 26KB

.8<g Size: 1024B - Virtual size: 39KB

.)?BM Size: 14KB - Virtual size: 14KB

.C Size: 1024B - Virtual size: 35KB

.< Size: 1024B - Virtual size: 22KB

.6| Size: 1024B - Virtual size: 34KB

.rsrc Size: 154KB - Virtual size: 154KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

56:9b:6f:17:2f:48:91:3b:5b:bd:29:2c:a0:ab:77:a3
Certificate

66:41:75:cc:18:53:fe:48:dd:5e:f5:ce:c1:ee:50:86:a2:f4:b4:b4
Signer

.rdata
Size: 2KB - Virtual size: 2KB

.x3S\^m
Size: 1024B - Virtual size: 24KB

.text
Size: 17KB - Virtual size: 17KB

.1&+>
Size: 1KB - Virtual size: 29KB

.'`};7
Size: 1KB - Virtual size: 26KB

.8<g
Size: 1024B - Virtual size: 39KB

.)?BM
Size: 14KB - Virtual size: 14KB

.C
Size: 1024B - Virtual size: 35KB

.<
Size: 1024B - Virtual size: 22KB

.6|
Size: 1024B - Virtual size: 34KB

.rsrc
Size: 154KB - Virtual size: 154KB