ae94cb7e228abc276ff5ebd3622e5ae5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ae94cb7e228abc276ff5ebd3622e5ae5_JaffaCakes118
Size

235KB
MD5

ae94cb7e228abc276ff5ebd3622e5ae5
SHA1

3e8805d24ad9b18f3d57f946ef8dc6af4520a3f1
SHA256

15ae0b22cad3e314f46144f3727f7bba17cad3a6b98dc0a2589e44b59d9e7f3e
SHA512

fdb692e048172b6db06a76d1983b72dcbdb7e851f0825d3b6c95150d63a970f52b66a3c545599092cc4345e2148186625421fc6121adc6fbcc306f7008a2c756
SSDEEP

6144:xWnorIT97ejtNx0v04G4+vbETANnZ0IsDTN:sdsjtP4PMRinDTN

Score

1^/10

Malware Config

Signatures

Files

ae94cb7e228abc276ff5ebd3622e5ae5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0704e53c33e635746c26d329d8fbee08

Code Sign

7c:b4:5a:b3:70:a1:82:07:78:b4:e7:1e:8a:32:76:1b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

10/05/2010, 00:00

Not After

09/05/2012, 23:59

Subject

CN=Towers Watson & Co,OU=Digital ID Class 3 - Microsoft VBA Software Validation v2,O=Towers Watson & Co,L=Philadelphia,ST=Pennsylvania,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:f7:b8:c2:d2:9b:d9:55:70:b0:b9:6c:6f:57:52:10:95:5d:cc:61
Signer

Actual PE Digest

56:f7:b8:c2:d2:9b:d9:55:70:b0:b9:6c:6f:57:52:10:95:5d:cc:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Q:\jhmbxfl\qGRhpNCa\lsqgtDrw.pdb

Imports

kernel32

GetSystemDirectoryW
GetCompressedFileSizeW
LoadLibraryA
SuspendThread
FileTimeToDosDateTime
SetCommTimeouts
GetModuleHandleA
OpenEventA
SizeofResource
SetFilePointer
MoveFileW
GetSystemDefaultUILanguage
GetThreadLocale
GetStdHandle
CreateDirectoryW
DuplicateHandle
GetLongPathNameW
GetStartupInfoW
SetThreadContext
GetThreadPriority
HeapLock
GetUserDefaultLangID
GlobalSize
CreateFileA
SearchPathA
OutputDebugStringA
GlobalLock
CreateWaitableTimerA
CreateEventW
GetProcAddress
GetAtomNameW
SetFileAttributesW
GetCommConfig
GetFileInformationByHandle
EnumResourceNamesA
IsBadReadPtr
TransactNamedPipe
GetDateFormatA
GetCommModemStatus
TlsGetValue
SetHandleInformation
MulDiv
FindNextFileW
SetCommMask
GlobalHandle
VerifyVersionInfoW
GetSystemDirectoryA
GetModuleFileNameA
HeapUnlock
ReleaseSemaphore
EnterCriticalSection
GetBinaryTypeW
GetShortPathNameA
VirtualQuery
WaitForSingleObject
lstrcpyA

shlwapi

StrToIntW

msvcrt

_controlfp
getenv
__set_app_type
iswalpha
strtok
__p__fmode
mbstowcs
floor
isspace
strncpy
wcschr
__p__commode
_amsg_exit
fread
fwrite
strchr
ungetc
puts
swscanf
swprintf
_initterm
wcstok
wcslen
wcsrchr
fgets
_ismbblead
vswprintf
fseek
vsprintf
isalnum
wcscspn
iswdigit
wcsncpy
_XcptFilter
_exit
wcscpy
strcpy
setvbuf
_cexit
mktime
clock
__setusermatherr
__getmainargs
fputc
wcsncmp
qsort
strpbrk

comdlg32

CommDlgExtendedError
FindTextW
PrintDlgExW
ChooseColorW
GetSaveFileNameW

user32

GetMessageExtraInfo
CharNextA
GetMenuItemID
CheckMenuRadioItem
GetWindow
GetLastActivePopup
MapVirtualKeyExW
ShowCursor
IsDlgButtonChecked
GetUpdateRect
EnumWindows
TileWindows
DestroyIcon
GetKeyNameTextW
CharLowerA
SetCursorPos
GetMenuStringA
TranslateMessage
SendDlgItemMessageA
CopyAcceleratorTableW
GetMenuItemCount
MonitorFromRect
SystemParametersInfoA
CheckDlgButton
GetDialogBaseUnits
GetMenuStringW
TrackPopupMenu
CopyImage
GetUpdateRgn
EndDialog
FrameRect
GetSysColor
MessageBoxW
DestroyCursor
OpenInputDesktop
EnumThreadWindows
DefFrameProcW
GetAsyncKeyState
MapVirtualKeyW
GetScrollRange
CharNextExA
IsDialogMessageA
SetDlgItemTextA
DefDlgProcA
CheckMenuItem
EnumChildWindows
GetWindowLongA
GetDlgCtrlID
DrawTextA
GetMonitorInfoW
CharToOemA
UnloadKeyboardLayout
SetWindowPos
DestroyCaret
DispatchMessageA
DestroyAcceleratorTable
FillRect
PostQuitMessage
ScrollWindowEx
InSendMessage
DefFrameProcA
FindWindowW
TrackPopupMenuEx
DrawFrameControl
GetScrollInfo
SetMenuDefaultItem
wsprintfA
MessageBoxExA
DestroyWindow
IsWindow
InternalGetWindowText
BeginPaint
SetDlgItemInt
AppendMenuA
LoadStringA
GetWindowLongW
TranslateAcceleratorW
CreateDialogParamA
DefWindowProcA
GetDC
InsertMenuA
LoadBitmapW
ShowOwnedPopups
DeferWindowPos
LoadBitmapA
IsChild
ReleaseDC
SetMenuItemInfoW
HiliteMenuItem
MoveWindow
WaitMessage
DestroyMenu
wsprintfW
GetMenuItemRect
GetMessageA
GetMenuItemInfoW
SendMessageW
RegisterWindowMessageA
SendMessageTimeoutW
CreateDialogIndirectParamW
GetSystemMetrics
GetMessageW
SetTimer
CreateDialogParamW
GetNextDlgGroupItem
GetClientRect
InvalidateRgn
OffsetRect
GetMenuCheckMarkDimensions
DrawMenuBar
LoadCursorW
GetCaretPos
IsCharUpperA
MessageBoxExW
GetTopWindow
DrawAnimatedRects
GetKeyboardLayoutList
ExitWindowsEx
AttachThreadInput
CascadeWindows

Exports

Exports

?Extract_Options@@YGK_KHE:O

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 86B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.feed
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0704e53c33e635746c26d329d8fbee08

Code Sign

7c:b4:5a:b3:70:a1:82:07:78:b4:e7:1e:8a:32:76:1bCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

56:f7:b8:c2:d2:9b:d9:55:70:b0:b9:6c:6f:57:52:10:95:5d:cc:61Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

shlwapi

msvcrt

comdlg32

user32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.idata Size: 6KB - Virtual size: 5KB

.edata Size: 512B - Virtual size: 86B

.feed Size: 512B - Virtual size: 128B

.data Size: 2KB - Virtual size: 167KB

.rsrc Size: 200KB - Virtual size: 200KB

.reloc Size: 1KB - Virtual size: 1KB

7c:b4:5a:b3:70:a1:82:07:78:b4:e7:1e:8a:32:76:1b
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

56:f7:b8:c2:d2:9b:d9:55:70:b0:b9:6c:6f:57:52:10:95:5d:cc:61
Signer

.text
Size: 20KB - Virtual size: 19KB

.idata
Size: 6KB - Virtual size: 5KB

.edata
Size: 512B - Virtual size: 86B

.feed
Size: 512B - Virtual size: 128B

.data
Size: 2KB - Virtual size: 167KB

.rsrc
Size: 200KB - Virtual size: 200KB

.reloc
Size: 1KB - Virtual size: 1KB