ac0295bd221268697df9deac04dae9fc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ac0295bd221268697df9deac04dae9fc_JaffaCakes118
Size

1.1MB
MD5

ac0295bd221268697df9deac04dae9fc
SHA1

e130c3ef93be46efc53aeb3f003f17512fae370d
SHA256

d8e4f959e77cf9900ef15669f4802dd4291f1ffb3aa96f7d1b8a5c9ecd7d9f67
SHA512

218df7ee8dcc4bd3d8bbc3e67e54948e60119e5e238838a84e9cd4fdf3bd3e31d13f5ede25b1172a4b2ef7378fc7b04783f7a693874df07e5488264f18376d58
SSDEEP

24576:rKIc77QyzaGrwk4kUvyE6yr4HB9x4ddKPIO03hywIZ8:uIny2Grwk4ME6yr47xIdKPz03hywl

Score

1^/10

Malware Config

Signatures

Files

ac0295bd221268697df9deac04dae9fc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8a54cacc74688fabee84feed1ac966a2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:b8:da:6b:f0:0d:94:f1:58:30:10:01:ad:d6:52:7f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/02/2010, 00:00

Not After

22/02/2012, 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

87:3e:79:5e:3f:e9:70:23:5f:f4:f0:0e:97:15:fd:78:5f:ca:0d:31
Signer

Actual PE Digest

87:3e:79:5e:3f:e9:70:23:5f:f4:f0:0e:97:15:fd:78:5f:ca:0d:31

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\b\build\slave\chrome-official\build\src\build\Release\chrome_exe.pdb

Imports

shlwapi

PathFileExistsW
PathRemoveFileSpecW

kernel32

SetInformationJobObject
GetQueuedCompletionStatus
WaitForSingleObject
SetEvent
InitializeCriticalSection
LeaveCriticalSection
GetLastError
SetLastError
EnterCriticalSection
ResetEvent
CreateEventW
PostQueuedCompletionStatus
CreateIoCompletionPort
DeleteCriticalSection
GetCurrentThreadId
DuplicateHandle
TerminateJobObject
CreateThread
SetHandleInformation
VirtualFree
GetProcessHandleCount
ResumeThread
SignalObjectAndWait
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
GetThreadContext
MapViewOfFile
FreeLibrary
LoadLibraryW
AssignProcessToJobObject
GetExitCodeProcess
CreateFileMappingW
WriteProcessMemory
RegisterWaitForSingleObject
UnregisterWaitEx
VirtualFreeEx
VirtualAllocEx
GetFileAttributesW
CreateFileW
GetLongPathNameW
VirtualProtectEx
QueryDosDeviceW
CreateJobObjectW
GetCurrentProcessId
CreateNamedPipeW
OpenEventW
SearchPathW
CreateMutexW
GetCurrentDirectoryW
lstrlenW
DebugBreak
VirtualQuery
WideCharToMultiByte
ReadProcessMemory
SuspendThread
ReleaseSemaphore
CreateSemaphoreW
WaitNamedPipeW
WriteFile
TransactNamedPipe
SetNamedPipeHandleState
WaitForMultipleObjects
SetEnvironmentVariableW
ExpandEnvironmentStringsW
UnmapViewOfFile
ReadFile
VirtualAlloc
GetFileTime
TerminateProcess
SetFilePointer
FormatMessageA
ReleaseMutex
MultiByteToWideChar
GetUserDefaultLangID
GetNativeSystemInfo
GetVersionExW
RaiseException
IsDebuggerPresent
InterlockedExchangeAdd
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
QueryPerformanceFrequency
GetStdHandle
RtlCaptureStackBackTrace
SetEndOfFile
FlushFileBuffers
FindResourceW
LoadResource
SizeofResource
LockResource
WTSGetActiveConsoleSessionId
UnhandledExceptionFilter
GetStartupInfoW
HeapFree
GetConsoleCP
GetConsoleMode
SetStdHandle
GetFileType
HeapReAlloc
HeapAlloc
GetProcessHeap
GetCPInfo
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapCreate
HeapSize
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetTickCount
GetModuleHandleW
GetCurrentProcess
GetUserDefaultUILanguage
GetSystemDirectoryW
GetWindowsDirectoryW
LocalAlloc
GetThreadLocale
LocalFree
CloseHandle
QueueUserWorkItem
GetTempPathW
Sleep
InterlockedCompareExchange
SetUnhandledExceptionFilter
CreateProcessW
GetCommandLineW
ExitProcess
GetModuleHandleA
SetCurrentDirectoryW
GetProcAddress
GetModuleFileNameW
LoadLibraryExW
GetEnvironmentVariableW

user32

CloseWindowStation
CloseDesktop
GetUserObjectInformationW
GetProcessWindowStation
CreateWindowStationW
GetThreadDesktop
SetProcessWindowStation
CreateDesktopW
MessageBoxW
CharUpperW

shell32

CommandLineToArgvW
SHGetFolderPathW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQueryUserToken

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

timeGetTime

advapi32

SetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExW
RevertToSelf
RegDisablePredefinedCache
SetThreadToken
CreateProcessAsUserW
SetTokenInformation
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSecurityDescriptorSacl
GetLengthSid
RegCreateKeyExW
CopySid
CreateWellKnownSid
GetTokenInformation
CreateRestrictedToken
InitializeSecurityDescriptor
EqualSid
DuplicateToken
LookupPrivilegeValueW
DuplicateTokenEx
GetSecurityInfo
ConvertSecurityDescriptorToStringSecurityDescriptorW
SetFileSecurityW
GetFileSecurityW
RegisterTraceGuidsW
GetTraceEnableLevel
UnregisterTraceGuids
TraceEvent
GetTraceLoggerHandle
GetTraceEnableFlags
ConvertSidToStringSidW
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
SetEntriesInAclW
RegQueryValueExW
RegQueryInfoKeyW
OpenProcessToken

Exports

Exports

CrashForException
DumpProcess
SetActiveURL
SetClientId
SetExtensionID
SetGpuInfo
SetNumberOfExtensions
SetNumberOfViews

Sections

.text
Size: 462KB - Virtual size: 462KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 330KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a54cacc74688fabee84feed1ac966a2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

36:b8:da:6b:f0:0d:94:f1:58:30:10:01:ad:d6:52:7fCertificate

Extended Key Usages

Key Usages

87:3e:79:5e:3f:e9:70:23:5f:f4:f0:0e:97:15:fd:78:5f:ca:0d:31Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

shell32

userenv

wtsapi32

version

winmm

advapi32

Exports

Exports

Sections

.text Size: 462KB - Virtual size: 462KB

.rdata Size: 330KB - Virtual size: 329KB

.data Size: 8KB - Virtual size: 28KB

.rsrc Size: 171KB - Virtual size: 171KB

.reloc Size: 33KB - Virtual size: 32KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

36:b8:da:6b:f0:0d:94:f1:58:30:10:01:ad:d6:52:7f
Certificate

87:3e:79:5e:3f:e9:70:23:5f:f4:f0:0e:97:15:fd:78:5f:ca:0d:31
Signer

.text
Size: 462KB - Virtual size: 462KB

.rdata
Size: 330KB - Virtual size: 329KB

.data
Size: 8KB - Virtual size: 28KB

.rsrc
Size: 171KB - Virtual size: 171KB

.reloc
Size: 33KB - Virtual size: 32KB