b3f3b2a6cf093d14cf8ae44eeda928c6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b3f3b2a6cf093d14cf8ae44eeda928c6_JaffaCakes118
Size

250KB
MD5

b3f3b2a6cf093d14cf8ae44eeda928c6
SHA1

6b61ec5c6ba71ad51e562dc93cab68699597f98d
SHA256

32cc6897b278d4608dbae5e2ac0336868321dde7986ec591f041d551a7f9c5b0
SHA512

4da4b1770b00d0de916390298e276d77441d3b04f1a331b4ac99fb83ec9db594313e3336af69cafac56ccaa4db11077b20c9e746163828206d972e847b4d1a60
SSDEEP

6144:EfNgWL+5aUoBHFFXQmtmwhEEHhEvjDx7K:bWLqaRBHFFXVnEEEl7K

Score

1^/10

Malware Config

Signatures

Files

b3f3b2a6cf093d14cf8ae44eeda928c6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9bf05bf1f319fe56f143824fb1af0ab9

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

06:bd:7a:76:61:72:e1:ef:44:f1:9f:35:d5:e8:2b:34
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

31/10/2001, 00:00

Not After

23/11/2002, 23:59

Subject

CN=Symantec Corporation,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=VeriSign\, Inc.,L=Internet+L=Santa Monica,ST=California,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

d7:49:ad:ce:9e:6b:0e:6a:ac:04:f9:62:1d:85:90:0f:e5:36:2a:b0
Signer

Actual PE Digest

d7:49:ad:ce:9e:6b:0e:6a:ac:04:f9:62:1d:85:90:0f:e5:36:2a:b0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
DeleteCriticalSection
FreeConsole
LeaveCriticalSection
AllocConsole
InitializeCriticalSection
SetFilePointer
CreateFileA
GetModuleFileNameA
GetVersion
WaitForSingleObject
GetExitCodeProcess
CloseHandle
lstrcpyA
GetFileAttributesA
MultiByteToWideChar
Sleep
EnterCriticalSection
WriteFile
GetStartupInfoA
TerminateProcess
GetCPInfo
FlushFileBuffers
SetStdHandle
GetOEMCP
GetACP
InterlockedIncrement
InterlockedDecrement
GetVersionExA
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryA
LocalFree
lstrcmpA
LocalAlloc
GetModuleHandleA
GetLastError
RtlUnwind
GetLocalTime
lstrlenA
GetCommandLineA
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
VirtualAlloc
GetStringTypeW
GetEnvironmentStringsW
WideCharToMultiByte
LCMapStringA
LCMapStringW
HeapReAlloc
HeapAlloc
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
VirtualFree
SetHandleCount
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
HeapFree
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
GetStringTypeA

user32

CharNextA
PeekMessageA
wsprintfA
CharPrevA
TranslateMessage
GetDesktopWindow
GetKeyboardType
LoadStringA
MessageBoxA
DispatchMessageA
FindWindowA

advapi32

RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegOpenKeyA

shell32

ShellExecuteExA
SHFileOperationA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysAllocStringLen
SysFreeString
VariantClear

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9bf05bf1f319fe56f143824fb1af0ab9

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

06:bd:7a:76:61:72:e1:ef:44:f1:9f:35:d5:e8:2b:34Certificate

Key Usages

d7:49:ad:ce:9e:6b:0e:6a:ac:04:f9:62:1d:85:90:0f:e5:36:2a:b0Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 20KB

.rsrc Size: 28KB - Virtual size: 25KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

06:bd:7a:76:61:72:e1:ef:44:f1:9f:35:d5:e8:2b:34
Certificate

d7:49:ad:ce:9e:6b:0e:6a:ac:04:f9:62:1d:85:90:0f:e5:36:2a:b0
Signer

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 28KB - Virtual size: 25KB