b14e9c8d27d0e34a6039c8fca5b89822_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b14e9c8d27d0e34a6039c8fca5b89822_JaffaCakes118
Size

876KB
MD5

b14e9c8d27d0e34a6039c8fca5b89822
SHA1

07c0f3a1ea80a23ae98243eb9974ce66596bdec8
SHA256

463d9345ca27f8ac5a404a5279818b604bc5ecd819b72f5005bff8da1bf91616
SHA512

80f651aac6b20df5a7455f05d71176e78945aa75a56452e9bd1ae5110ab17e374d99a3b3135584b7fcd0cc3f919da4be8e75bc764f1a2f84d283bb2769ce7c38
SSDEEP

24576:Bsd4JCrbC/ngV4dXJZ69TsZyiE06OMIrEHo4:4pYgVKZqBiEe/h4

Score

1^/10

Malware Config

Signatures

Files

b14e9c8d27d0e34a6039c8fca5b89822_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b4acb017106540875bc1ed5fe370619f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

3d:49:cd:33:c1:1e:6c:1b:ba:e2:97:1e:37:76:c7:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/02/2008, 00:00

Not After

31/01/2009, 23:59

Subject

CN=InstallProvider Inc.,O=InstallProvider Inc.,POSTALCODE=DM,STREET=15 Cornwall Street,L=Roseau,ST=Dominica,C=DM

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueueUserAPC
GetCommState
WriteProcessMemory
ReadConsoleA
GlobalFindAtomA
OpenEventA
GetDriveTypeA
lstrcpyn
TransactNamedPipe
SystemTimeToTzSpecificLocalTime
IsBadReadPtr
IsBadWritePtr
MulDiv
LocalAlloc
CloseHandle
OpenProcess
GetOverlappedResult
CallNamedPipeA
GetBinaryTypeA
LoadModule
LocalShrink
lstrcat
CopyFileA
GlobalCompact
GetConsoleOutputCP
GetTapeParameters
FatalExit
SetEvent
ReleaseSemaphore
HeapUnlock
SetTapeParameters
LocalFileTimeToFileTime
GlobalReAlloc
GetConsoleTitleA
GetProfileIntA
RequestDeviceWakeup
GetDiskFreeSpaceA
CommConfigDialogA
GenerateConsoleCtrlEvent
GetPrivateProfileIntA
IsProcessorFeaturePresent
_lclose
VirtualFree
GetFileTime
OutputDebugStringA
BuildCommDCBA
DisconnectNamedPipe
SetVolumeLabelA
GetSystemTimeAdjustment
SetConsoleCursorPosition
CancelIo
LockFileEx
InterlockedExchange
Process32Next
SetCommBreak
GetNumberFormatA
TlsSetValue
GetCPInfoExA
GlobalGetAtomNameA
Thread32Next
VirtualLock

shlwapi

StrChrIA
PathSearchAndQualifyA
PathFileExistsA
PathAppendA
PathIsFileSpecA
SHRegCreateUSKeyA
PathQuoteSpacesA
PathStripToRootA
StrToIntExA
SHIsLowMemoryMachine
StrCSpnA
SHAutoComplete
StrIsIntlEqualA
PathIsUNCA
PathIsRelativeA
SHRegOpenUSKeyA
HashData
StrFormatByteSize64A
AssocQueryStringA
PathRemoveBlanksA
SHCreateStreamWrapper
SHRegWriteUSValueA
UrlCombineA
PathGetDriveNumberA
StrRChrIA
PathFindOnPathA
UrlIsOpaqueA
PathCommonPrefixA
SHRegEnumUSKeyA

advapi32

AllocateAndInitializeSid

Sections

.crits
Size: 638KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qzw
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kfep
Size: 19KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gzolk
Size: 512B - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wpa
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rgp
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wngxa
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.toz
Size: 48KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ncds
Size: 132KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4acb017106540875bc1ed5fe370619f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

3d:49:cd:33:c1:1e:6c:1b:ba:e2:97:1e:37:76:c7:0bCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

shlwapi

advapi32

Sections

.crits Size: 638KB - Virtual size: 1.3MB

.qzw Size: 6KB - Virtual size: 8KB

.kfep Size: 19KB - Virtual size: 27KB

.gzolk Size: 512B - Virtual size: 21KB

.wpa Size: 6KB - Virtual size: 15KB

.rgp Size: 512B - Virtual size: 56B

.wngxa Size: 512B - Virtual size: 24B

.toz Size: 48KB - Virtual size: 77KB

.ncds Size: 132KB - Virtual size: 1.7MB

.rsrc Size: 18KB - Virtual size: 20KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

3d:49:cd:33:c1:1e:6c:1b:ba:e2:97:1e:37:76:c7:0b
Certificate

.crits
Size: 638KB - Virtual size: 1.3MB

.qzw
Size: 6KB - Virtual size: 8KB

.kfep
Size: 19KB - Virtual size: 27KB

.gzolk
Size: 512B - Virtual size: 21KB

.wpa
Size: 6KB - Virtual size: 15KB

.rgp
Size: 512B - Virtual size: 56B

.wngxa
Size: 512B - Virtual size: 24B

.toz
Size: 48KB - Virtual size: 77KB

.ncds
Size: 132KB - Virtual size: 1.7MB

.rsrc
Size: 18KB - Virtual size: 20KB