b5ed75eeac0b0b5d8f06b0d57b004897_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b5ed75eeac0b0b5d8f06b0d57b004897_JaffaCakes118
Size

1.0MB
MD5

b5ed75eeac0b0b5d8f06b0d57b004897
SHA1

2548bf61de65e717b3de88430f9f96d4c1ce4577
SHA256

762c1d155c85c01b9708b4d7b019fb324baf3fad51264ff2d647cb16156a11d1
SHA512

1d4849f6229416c17e8d1dac38521c5629fd4d34f187de218ce864479ce2dde80e897b51e0f7e2d1d57ca93e631f09ebe6224728386b4ef3d15302cdd81c6ebb
SSDEEP

384:/Twf2Qcty18vOWrErFGbpEwmNc3u37WRnlliLtXVj:/TwOQMj2WrE4bCwme3uiRnllix

Score

1^/10

Malware Config

Signatures

Files

b5ed75eeac0b0b5d8f06b0d57b004897_JaffaCakes118
.exe windows:4 windows x86 arch:x86

000f8378390d2da396de41ca0f20069d

Code Sign

01:a5
Certificate

Issuer

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Not Before

13/08/1998, 00:29

Not After

13/08/2018, 23:59

Subject

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

01:00:00:00:00:01:1f:80:95:bf:76
Certificate

Issuer

CN=Cybertrust SureServer CA,O=GlobalSign Inc

Not Before

16/02/2009, 18:44

Not After

16/02/2011, 18:44

Subject

CN=ambermms.syniverse.com,OU=Crossroads,O=Syniverse Technologies Inc.,L=Tampa,ST=Florida,C=US,1.2.840.113549.1.9.1=#0c1f62656c696e64612e6a61626c6f6e736b694073796e6976657273652e636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

04:00:03:cb
Certificate

Issuer

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Not Before

16/02/2005, 19:14

Not After

16/02/2012, 23:59

Subject

CN=Cybertrust SureServer CA,O=GlobalSign Inc

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:67:04:ec:22:e1:fa:f7:6c:cb:79:91:d7:c9:ba:95:0d:d4:29:68
Signer

Actual PE Digest

4f:67:04:ec:22:e1:fa:f7:6c:cb:79:91:d7:c9:ba:95:0d:d4:29:68

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetErrorDlg

advapi32

InitializeSecurityDescriptor
RegOpenKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA
SetSecurityDescriptorDacl

user32

GetMessageA
PostThreadMessageA
GetDesktopWindow

msvcrt

_sleep
__CxxFrameHandler
fwrite
fprintf
sprintf
free
strstr
atoi
_strupr
fscanf
strncpy
_snprintf
realloc
malloc
fflush
_filelength
_strdup
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
strrchr
fopen
_filbuf
fclose
strtok
exit
strncmp
_exit

iphlpapi

GetAdaptersInfo

ws2_32

WSAStartup
gethostname
gethostbyname
inet_ntoa
WSACleanup

shell32

DoEnvironmentSubstA

shlwapi

PathFileExistsA

kernel32

SetFileAttributesA
FindClose
FindNextFileA
FindFirstFileA
RemoveDirectoryA
GetModuleHandleA
GetStartupInfoA
GetLastError
DeleteFileA
GetVersionExA
CreateProcessA
GetComputerNameA
GetModuleFileNameA
GetCurrentThreadId
Sleep
CloseHandle
DeviceIoControl
CreateFileA
CreateMutexA

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

000f8378390d2da396de41ca0f20069d

Code Sign

01:a5Certificate

01:00:00:00:00:01:1f:80:95:bf:76Certificate

Key Usages

04:00:03:cbCertificate

Key Usages

4f:67:04:ec:22:e1:fa:f7:6c:cb:79:91:d7:c9:ba:95:0d:d4:29:68Signer

Headers

File Characteristics

Imports

wininet

advapi32

user32

msvcrt

iphlpapi

ws2_32

shell32

shlwapi

kernel32

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 5KB - Virtual size: 35KB

01:a5
Certificate

01:00:00:00:00:01:1f:80:95:bf:76
Certificate

04:00:03:cb
Certificate

4f:67:04:ec:22:e1:fa:f7:6c:cb:79:91:d7:c9:ba:95:0d:d4:29:68
Signer

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 5KB - Virtual size: 35KB