b9485287186370af849d25ca53b91f55_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b9485287186370af849d25ca53b91f55_JaffaCakes118
Size

80KB
MD5

b9485287186370af849d25ca53b91f55
SHA1

8b0b389dad51ff22f1ace509dbdc3aa11d78ddf0
SHA256

dbd78401104a195665e05d0a1c680326914ec05b648d15fcacdd64d4457e0ee6
SHA512

c5aa9dc5e3dc44e5432bfbf29d7b67802f1e6b346f3ffdd1f28683f3fda6a3096414fdf09fe3977ec35267c1e7c49e259fabb562d63050cbb48dae1aa214da9a
SSDEEP

1536:Ef5YtI7kt98al+bB4Yz4XyQ/2AhSd1lRvkQ:Ef5YyEdoHm0AhSd1lR

Score

1^/10

Malware Config

Signatures

Files

b9485287186370af849d25ca53b91f55_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b90d1c77daa3107c597b5b656c103b10

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:09:6c:35:d6:44:db:35:44:60:11:65:19:42:e7:4e
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

07/07/2010, 00:00

Not After

06/07/2012, 23:59

Subject

CN=ResultBar.com,O=ResultBar.com,POSTALCODE=90245,STREET=Suite 2020+STREET=2141 Rosecrans Ave,L=El Segundo,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

95:31:8f:97:3f:ce:cc:15:a1:50:74:7c:12:d0:b9:dc:3a:ab:69:0e
Signer

Actual PE Digest

95:31:8f:97:3f:ce:cc:15:a1:50:74:7c:12:d0:b9:dc:3a:ab:69:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Develop\Firstlook\Projects\StubInstaller\stub\Release\stub.pdb

Imports

wininet

InternetReadFile
InternetCloseHandle
InternetOpenA
InternetOpenUrlA
HttpQueryInfoA

shlwapi

PathAppendA
PathRemoveFileSpecA
StrStrA
wnsprintfA

wintrust

WinVerifyTrust

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringA
CryptMsgClose
CertCloseStore
CryptQueryObject

rpcrt4

UuidCreate

kernel32

GetCPInfo
GetSystemInfo
LCMapStringA
LCMapStringW
VirtualProtect
LocalFree
GetOEMCP
GetStringTypeW
lstrcpyA
lstrlenA
SetFilePointer
CreateFileA
CloseHandle
WriteFile
InterlockedExchange
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
lstrcpynA
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
RaiseException
GetLastError
ResumeThread
SetPriorityClass
GetCurrentProcess
GetCurrentThread
SetThreadPriority
CreateProcessA
GetModuleFileNameA
RemoveDirectoryA
DeleteFileA
GetExitCodeProcess
WaitForSingleObject
SizeofResource
LockResource
LoadResource
FindResourceA
CreateDirectoryA
GetTempFileNameA
GetTempPathA
lstrcmpiA
lstrcmpA
Sleep
GetStringTypeA
LoadLibraryA
IsBadCodePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
InterlockedDecrement
IsBadReadPtr
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
VirtualQuery
RtlUnwind
ExitProcess
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
GetProcAddress
TerminateProcess
HeapSize
GetEnvironmentStrings

user32

MessageBoxA

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA

ole32

CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoInitializeEx
CoSetProxyBlanket

oleaut32

VariantChangeType
SysFreeString
SysAllocString
VariantInit
VariantClear

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b90d1c77daa3107c597b5b656c103b10

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

68:09:6c:35:d6:44:db:35:44:60:11:65:19:42:e7:4eCertificate

Extended Key Usages

Key Usages

95:31:8f:97:3f:ce:cc:15:a1:50:74:7c:12:d0:b9:dc:3a:ab:69:0eSigner

Headers

File Characteristics

PDB Paths

Imports

wininet

shlwapi

wintrust

crypt32

rpcrt4

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 2KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

68:09:6c:35:d6:44:db:35:44:60:11:65:19:42:e7:4e
Certificate

95:31:8f:97:3f:ce:cc:15:a1:50:74:7c:12:d0:b9:dc:3a:ab:69:0e
Signer

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 2KB