b2bfe1024f89850e17a14e2843f80b27_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b2bfe1024f89850e17a14e2843f80b27_JaffaCakes118
Size

268KB
MD5

b2bfe1024f89850e17a14e2843f80b27
SHA1

129b8336ccc92d8f9d1a73d77954c1ec1d69ee2e
SHA256

73e09a664c66f58ce7a93eebd8db79d53c17a7049fa125974d6ca33b65e99450
SHA512

c0e871c0bb4ab5ca7acb649622f7caf80d9112b6f9f9c290b5cbe35ac7b8ebf7ecbec2e63d6f1f477cdec0dbb20410624462ab20a1de7b947b1dc137d55bf54c
SSDEEP

6144:nng6bDsNCzM2PDgbd40U8LLQSrEkLGYOu6zdaiU+eBZI9:g6ECg2mVtLLXrNO7ZaiURS9

Score

1^/10

Malware Config

Signatures

Files

b2bfe1024f89850e17a14e2843f80b27_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dbcb21198b25978a8889739a25480390

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20-01-2010 00:00

Not After

24-01-2012 23:59

Subject

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ce:a9:3f:f6:50:f8:42:6d:ad:9c:e4:52:3e:e7:cd:3a:ea:de:56:02
Signer

Actual PE Digest

ce:a9:3f:f6:50:f8:42:6d:ad:9c:e4:52:3e:e7:cd:3a:ea:de:56:02

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetHandleInformation
EnumDateFormatsA
GetSystemDirectoryW
CopyFileExW
GetSystemDefaultLangID
SetCurrentDirectoryW
GetVersionExW
GetOEMCP
ExpandEnvironmentStringsW
GetEnvironmentStringsW
GetProcAddress
GetShortPathNameA
FileTimeToDosDateTime
RaiseException
SetLocaleInfoW
GetACP
DeleteAtom
GetCommandLineW
SetLocaleInfoA
GetCurrentThread
GetFullPathNameA
GetAtomNameA
CreateSemaphoreA
ConnectNamedPipe

user32

CopyImage
InsertMenuW
ReleaseDC
DeleteMenu
IsChild
CheckDlgButton
GetClassInfoExW
GetMenuItemCount
GetIconInfo
GetActiveWindow
CloseWindow
RegisterClassW
GetKeyboardLayout
SetWindowPos
GetForegroundWindow
InsertMenuItemW
FindWindowW
BringWindowToTop
GetKeyState
GetDC
LoadImageW
GetAsyncKeyState
GetCapture
GetDlgItem
WinHelpA
CharPrevA
PostQuitMessage
MonitorFromWindow
SetMenu
GetMenuItemRect
CharLowerW
CreatePopupMenu
SetWindowTextW
MoveWindow
SendDlgItemMessageA
RemoveMenu

gdi32

GetSystemPaletteUse
GetCurrentPositionEx
GetTextFaceW
RemoveFontResourceExA
GetCharABCWidthsFloatA
Polygon
CloseMetaFile
PlayMetaFile
GetObjectA
CreateDIBSection
RoundRect
GetAspectRatioFilterEx
SetStretchBltMode
EnumFontFamiliesExA

advapi32

RegCloseKey
RegCreateKeyExW
RegCreateKeyExW
RegFlushKey
RegQueryInfoKeyA
RegOpenKeyExA

shell32

StrChrIW
SHGetDesktopFolder
SHGetFileInfoW
ExtractIconEx
StrStrIW
SHGetDiskFreeSpaceExW
ExtractIconW
StrRChrIW
StrStrA

shlwapi

SHSkipJunction
SHGetValueW
StrStrA
UrlIsOpaqueW
PathMakeSystemFolderA

comctl32

CreateStatusWindow
UninitializeFlatSB

opengl32

glTexParameterf
glColor4f
glRasterPos2f
glFrontFace
glPixelZoom
glIndexiv
glNormal3iv
glLoadIdentity
wglCreateLayerContext
wglUseFontBitmapsW
glPushMatrix

inetcomm

MimeOleClearDirtyTree
HrGetAttachIconByFile
MimeOleSMimeCapGetEncAlg
CreateNNTPTransport
MimeOleGetInternat
DllGetClassObject
MimeEditViewSource
MimeEditGetBackgroundImageUrl
MimeOleDecodeHeader

oledlg

OleUIBusyA

sqlunirl

_GetKeyNameText_@12
_RegEnumKeyEx_@32
_NDdeIsValidAppTopicList_@4
_RegisterServiceCtrlHandler_@8
_PolyTextOut_@12
_GetSaveFileName@4
_GetClassLong_@8
_CommDlg_OpenSave_GetFilePath@12
_BroadcastSystemMessage_@20
_RegQueryMultipleValues_@20
_LogonUser_@24
_CreateSemaphore_@16
_DefDlgProc_@16
_LoadString@16
_FindText_@4
_CreateMetaFile_@4
_GetKeyboardLayoutName_@4
_OemToChar_@8
_NDdeShareSetInfo_@24
_GetObject@12
_GetMenuItemInfo_@16

wsock32

WSARecvEx
getsockname

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MDa
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msM
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nemPU
Size: 512B - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zkVEjs
Size: 1KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JL
Size: 512B - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xVJOi
Size: 1KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbcb21198b25978a8889739a25480390

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

ce:a9:3f:f6:50:f8:42:6d:ad:9c:e4:52:3e:e7:cd:3a:ea:de:56:02Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

comctl32

opengl32

inetcomm

oledlg

sqlunirl

wsock32

Sections

.text Size: 12KB - Virtual size: 12KB

.MDa Size: 512B - Virtual size: 4KB

.msM Size: 4KB - Virtual size: 16KB

.nemPU Size: 512B - Virtual size: 49KB

.data Size: 11KB - Virtual size: 11KB

.zkVEjs Size: 1KB - Virtual size: 21KB

.JL Size: 512B - Virtual size: 48KB

.xVJOi Size: 1KB - Virtual size: 301KB

.rsrc Size: 228KB - Virtual size: 228KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

ce:a9:3f:f6:50:f8:42:6d:ad:9c:e4:52:3e:e7:cd:3a:ea:de:56:02
Signer

.text
Size: 12KB - Virtual size: 12KB

.MDa
Size: 512B - Virtual size: 4KB

.msM
Size: 4KB - Virtual size: 16KB

.nemPU
Size: 512B - Virtual size: 49KB

.data
Size: 11KB - Virtual size: 11KB

.zkVEjs
Size: 1KB - Virtual size: 21KB

.JL
Size: 512B - Virtual size: 48KB

.xVJOi
Size: 1KB - Virtual size: 301KB

.rsrc
Size: 228KB - Virtual size: 228KB