b2db28a4ac8d803df19a4fbed63101ff_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b2db28a4ac8d803df19a4fbed63101ff_JaffaCakes118
Size

209KB
MD5

b2db28a4ac8d803df19a4fbed63101ff
SHA1

1827f3b44baadf2682542e594dc96557f42ab84e
SHA256

ab89c7357c87ef6b0bddbaa97f53ef1d5ff5b3090109ba6835e61053132d4065
SHA512

d0a17c96b40a9561ba04e47aeaab5b33ce31d173bee8fb6f8c18eec484a60a230f0d8a1c77bd883b66d99a536455bac95d05df47d8a2d6e730b6bfbe3b4db427
SSDEEP

6144:N/S/hRP88Z2bRB/y0vyklyMZwk60O7bbI:8Z58I2bRBq0vlNZww0bbI

Score

1^/10

Malware Config

Signatures

Files

b2db28a4ac8d803df19a4fbed63101ff_JaffaCakes118
.exe windows:4 windows x86 arch:x86

348380018d0ac2787939fe8e920b01d7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:be:8f:83:f4:45:50:21:f4:e2:4f:b0:21:fc:a2:4a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

08/03/2010, 00:00

Not After

08/03/2011, 23:59

Subject

CN=Kaspersky Lab,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technical dept,O=Kaspersky Lab,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:29:f4:6c:86:06:1a:73:13:c6:93:62:2c:c5:33:43:0a:ba:d7:37
Signer

Actual PE Digest

65:29:f4:6c:86:06:1a:73:13:c6:93:62:2c:c5:33:43:0a:ba:d7:37

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingA
GetVersionExA
lstrcmpiW
GetSystemInfo
GetSystemDefaultLCID
SetPriorityClass
lstrcatA
GetModuleHandleA
GetExpandedNameW
GetMailslotInfo
EndUpdateResourceA
GetLogicalDrives
GetProcAddress
WaitForMultipleObjects
lstrcpyn
GetModuleHandleW
CreateFileMappingW
CopyFileExA
LocalAlloc
GetTempPathW
CompareStringW
CreateDirectoryA
lstrcmpiA
SystemTimeToFileTime
GlobalFindAtomA
CreateFileW
GlobalGetAtomNameW
SetCurrentDirectoryW
CopyFileA
GetVersion

user32

GetMenuStringW
wsprintfA
CreateDialogParamA
MonitorFromPoint
CheckMenuRadioItem
CreatePopupMenu
GetCapture
DefDlgProcW
GetDC
RegisterWindowMessageW
GetAsyncKeyState
GetSystemMetrics
SetCapture
DefWindowProcA
MessageBoxIndirectA
GetParent
GetMenuItemCount
CloseWindow
CallWindowProcA
RegisterClassA
MessageBoxW
keybd_event
CharNextA
GetDlgItemTextW
GetFocus
GetKeyState
LoadIconA
SetCursorPos
WinHelpA
FindWindowW
FindWindowA
EnumWindows
CharLowerW
SendMessageW
SendDlgItemMessageW
GetWindowTextA
LoadBitmapA

gdi32

GetCharWidth32W
EndFormPage
GetCurrentPositionEx
ColorCorrectPalette
GetTextCharacterExtra
RectVisible
AbortPath
GetObjectA
GetFontUnicodeRanges
SetTextCharacterExtra
SetBkColor
GetKerningPairsA
GetDCPenColor
GetClipRgn
GetOutlineTextMetricsW
CreateSolidBrush
CreateEllipticRgn

advapi32

RegOpenKeyA
RegSaveKeyW
RegReplaceKeyA
RegCreateKeyA

comctl32

MakeDragList
CreateToolbar
ImageList_AddMasked

comdlg32

GetSaveFileNameW
ChooseFontA
PageSetupDlgA
GetFileTitleW
ReplaceTextW
GetSaveFileNameA

setupapi

pSetupGetField
CM_Query_And_Remove_SubTree_ExW
pSetupHandleFailedVerification
CM_Get_Class_Key_NameW
SetupGetFileQueueCount
SetupDiGetActualSectionToInstallW
SetupDiRemoveDeviceInterface
CM_Get_Depth
SetupRemoveSectionFromDiskSpaceListW
CM_Query_Remove_SubTree

urlmon

ReleaseBindInfo
UrlMkSetSessionOption
DllCanUnloadNow
CreateFormatEnumerator
CompareSecurityIds
IsValidURL
CopyStgMedium
AsyncGetClassBits
DllGetClassObject
CreateURLMoniker
CDLGetLongPathNameW
URLDownloadToCacheFileW
URLDownloadToFileA
CoInternetCreateZoneManager

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lRDEeX
Size: 2KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wEw
Size: 3KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qVoP
Size: 1KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zRt
Size: 2KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xb
Size: 1024B - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.npBcsw
Size: 2KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.R
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xO
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tN
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zbRH
Size: 1KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

348380018d0ac2787939fe8e920b01d7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

07:be:8f:83:f4:45:50:21:f4:e2:4f:b0:21:fc:a2:4aCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

65:29:f4:6c:86:06:1a:73:13:c6:93:62:2c:c5:33:43:0a:ba:d7:37Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

comctl32

comdlg32

setupapi

urlmon

Sections

.text Size: 12KB - Virtual size: 12KB

.lRDEeX Size: 2KB - Virtual size: 43KB

.wEw Size: 3KB - Virtual size: 46KB

.qVoP Size: 1KB - Virtual size: 27KB

.zRt Size: 2KB - Virtual size: 32KB

.xb Size: 1024B - Virtual size: 33KB

.npBcsw Size: 2KB - Virtual size: 25KB

.R Size: 1KB - Virtual size: 2KB

.data Size: 7KB - Virtual size: 7KB

.xO Size: 1KB - Virtual size: 2KB

.tN Size: 512B - Virtual size: 3KB

.zbRH Size: 1KB - Virtual size: 134KB

.rsrc Size: 163KB - Virtual size: 162KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

07:be:8f:83:f4:45:50:21:f4:e2:4f:b0:21:fc:a2:4a
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

65:29:f4:6c:86:06:1a:73:13:c6:93:62:2c:c5:33:43:0a:ba:d7:37
Signer

.text
Size: 12KB - Virtual size: 12KB

.lRDEeX
Size: 2KB - Virtual size: 43KB

.wEw
Size: 3KB - Virtual size: 46KB

.qVoP
Size: 1KB - Virtual size: 27KB

.zRt
Size: 2KB - Virtual size: 32KB

.xb
Size: 1024B - Virtual size: 33KB

.npBcsw
Size: 2KB - Virtual size: 25KB

.R
Size: 1KB - Virtual size: 2KB

.data
Size: 7KB - Virtual size: 7KB

.xO
Size: 1KB - Virtual size: 2KB

.tN
Size: 512B - Virtual size: 3KB

.zbRH
Size: 1KB - Virtual size: 134KB

.rsrc
Size: 163KB - Virtual size: 162KB