af1493e044fedfda20d2a60a6ca48a0d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

af1493e044fedfda20d2a60a6ca48a0d_JaffaCakes118
Size

44KB
MD5

af1493e044fedfda20d2a60a6ca48a0d
SHA1

0f45ad1efdb7f8c7a27e6717c2cd6b4c175713c3
SHA256

444dde86aa7e5581b5461df20f5ae6eb6d334aa350a88bb84c2133416e113eff
SHA512

914a26fe84c5a236f552dd0b66f027b011a009db6df379a679f3b0e9b2cae38cd630ce4896571cc33564773f3718168bfcfd1e811768e8c6ad6ba4a6bfb55c8b
SSDEEP

768:LV/TuFEjR37QHd6b7/j3Xz+PYPUQX/N+O0R67iCTYNn8LUbCs:gi37QHETj3sYsQ1+O97HtsCs

Score

1^/10

Malware Config

Signatures

Files

af1493e044fedfda20d2a60a6ca48a0d_JaffaCakes118
.exe windows:1 windows x86 arch:x86

04d59d2fafd4fb3d8670e292bfa74868

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

89:41:8a:c3:8c:1b:eb:e7:e3:74:57:1b:db:86:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

30/04/2010, 00:00

Not After

07/05/2011, 23:59

Subject

CN=Panda Security S.L,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Panda Security S.L,L=Bilbao,ST=Bizkaia,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:0d:25:7b:25:a0:17:14:4a:bf:f2:1f:90:dc:69:7d:07:ca:7b:60
Signer

Actual PE Digest

7f:0d:25:7b:25:a0:17:14:4a:bf:f2:1f:90:dc:69:7d:07:ca:7b:60

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForMultipleObjects
GetCurrentThreadId
WinExec
lstrcmp
CreateMutexA
GetAtomNameA
GetTempFileNameA
OpenSemaphoreW
GetModuleFileNameA
GetCurrentDirectoryA
lstrcpyW

user32

SetWindowLongW
RemoveMenu
GetMenuStringA
RegisterClassExW
CreateWindowExA
ShowWindow
CreateWindowExW
GetWindowPlacement
ReleaseDC
EndPaint
DialogBoxIndirectParamW
InsertMenuItemW
GetWindowLongW
WinHelpW
GetWindowTextLengthA
DefWindowProcW

gdi32

SetPixel
CreateFontIndirectA
SetTextColor
GetStockObject
CreateEllipticRgn
SelectObject
GetBkMode

advapi32

RegDeleteValueW

comdlg32

GetSaveFileNameW
PrintDlgExW
FindTextW

shell32

Shell_NotifyIconW
ExtractAssociatedIconA
StrChrIA
StrStrW
SHGetImageList
ExtractAssociatedIconExW
ShellExecuteW

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04d59d2fafd4fb3d8670e292bfa74868

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

89:41:8a:c3:8c:1b:eb:e7:e3:74:57:1b:db:86:c4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

7f:0d:25:7b:25:a0:17:14:4a:bf:f2:1f:90:dc:69:7d:07:ca:7b:60Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

comdlg32

shell32

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 18KB - Virtual size: 17KB

.rsrc Size: 5KB - Virtual size: 5KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

89:41:8a:c3:8c:1b:eb:e7:e3:74:57:1b:db:86:c4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

7f:0d:25:7b:25:a0:17:14:4a:bf:f2:1f:90:dc:69:7d:07:ca:7b:60
Signer

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 18KB - Virtual size: 17KB

.rsrc
Size: 5KB - Virtual size: 5KB