b5fe0c9d42046055945e6c7b1f9cabf4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b5fe0c9d42046055945e6c7b1f9cabf4_JaffaCakes118
Size

244KB
MD5

b5fe0c9d42046055945e6c7b1f9cabf4
SHA1

9dcee68c7c191c8467aad70acb01f0072bdbe193
SHA256

299a19b24dcb5c543c8a882c999a3c104c815ab8a7b8f810cf9c1ffc1ee0741b
SHA512

e2aee4c75c3f3e49a21f43d6b6951bfb1bca210ba962b67ff44c36e6187b60f57dbd7d7322e1f561c1ffc5d32f2a9458d47a90877ab7f9cde0bcab614af151ba
SSDEEP

6144:EmrQjPo6ASHk7E6XqEXm2h9VTRT8QrLsabAwa:O7o6A+k7AEXmI9dElwa

Score

1^/10

Malware Config

Signatures

Files

b5fe0c9d42046055945e6c7b1f9cabf4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e1028815b65aa4a420cca98cc5309337

Code Sign

61:08:77:5f:00:00:00:00:00:4a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/07/2010, 22:53

Not After

19/10/2011, 22:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:03:dc:f6:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:12

Not After

25/07/2011, 19:22

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:15:08:27:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

25/01/2006, 23:22

Not After

25/01/2017, 23:32

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

cd:b8:77:2f:a9:e8:9b:84:99:0b:7b:e5:a1:af:f8:5c:81:bd:92:c9
Signer

Actual PE Digest

cd:b8:77:2f:a9:e8:9b:84:99:0b:7b:e5:a1:af:f8:5c:81:bd:92:c9

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
GlobalGetAtomNameA
GetWindowsDirectoryA
GetLogicalDrives
SetCurrentDirectoryW
ExitProcess
FatalAppExitA
GlobalDeleteAtom
SetCalendarInfoA
SetComputerNameA
LoadLibraryExA
GetTempFileNameA
QueryPerformanceCounter
GetSystemTime
GetAtomNameA
GetTempPathW
IsBadStringPtrW
GetCPInfo
GetStartupInfoA
MultiByteToWideChar
SetLocaleInfoA
GetDiskFreeSpaceA
MoveFileA
SearchPathA
GetSystemDefaultLCID
DisconnectNamedPipe
OpenWaitableTimerA
ExpandEnvironmentStringsA
IsBadWritePtr
Sleep
GetAtomNameW
GetFullPathNameA
lstrcatW
GetFileAttributesW
GetExitCodeThread
GetModuleHandleW
SleepEx
GetVersion
EnumDateFormatsW
CreateMailslotA
lstrcpy
GetVolumeInformationA
GetSystemDirectoryA
GetTimeFormatW
Beep
lstrcpyn
OpenEventW
FindAtomW
GetStringTypeA
GetCalendarInfoA
GetDateFormatA
GetNumberFormatW
WaitForSingleObject
IsValidCodePage
GetModuleHandleA
GetThreadPriority
ReplaceFileA
GetProcAddress
DuplicateHandle
lstrcpynA
GetEnvironmentStringsA
AddAtomW
QueryPerformanceFrequency
GetNumberFormatA
FileTimeToSystemTime
OpenMutexA
CreatePipe
GetUserDefaultLangID
LocalAlloc

user32

wsprintfA
IsMenu
EnableWindow
DialogBoxIndirectParamW
IsDlgButtonChecked
CopyRect
GetCaretPos
LoadBitmapA
SetWindowLongW
EndDialog
MessageBeep
RegisterWindowMessageA
UnregisterClassA
OpenClipboard
GetWindowRgn
FindWindowA
GetMenuState
GetScrollPos
PostQuitMessage
GetSystemMetrics
DialogBoxParamA
EnumWindows
GetMenuStringA
RegisterClassW
CreateWindowExW
MessageBoxA
LoadMenuA
GetActiveWindow
InvalidateRect

gdi32

CreateCompatibleDC
CreatePatternBrush
CreatePen
SetEnhMetaFileBits
CreateICW
CreateSolidBrush
SetMetaFileBitsEx
RemoveFontResourceExW
CreateFontIndirectA

advapi32

CryptContextAddRef

shell32

StrChrW
StrRStrA
ShellExecuteExW

setupapi

SetupDiGetClassDescriptionW
SetupAddToDiskSpaceListW
SetupGetIntField
CM_Get_Hardware_Profile_Info_ExW
SetupPromptReboot
CM_Uninstall_DevNode
CM_Get_Child
SetupDiInstallDevice
SetupRenameErrorW

wininet

UnlockUrlCacheEntryFileA
HttpSendRequestA
FtpPutFileEx
InternetFindNextFileW
GopherOpenFileA
InternetSetOptionA
InternetSetPerSiteCookieDecisionA
DeleteUrlCacheContainerA

oledlg

OleUIBusyW
OleUIObjectPropertiesW
OleUIUpdateLinksW
OleUIConvertA
OleUIPromptUserA
OleUIPasteSpecialA
OleUIUpdateLinksA
OleUIPasteSpecialW

Sections

.nf
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SgNQg
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.T
Size: 2KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.NPVpb
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nGx
Size: 512B - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.LlOO
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TN
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TVqjNu
Size: 13KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BCdZAQ
Size: 1024B - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.HMqala
Size: 3KB - Virtual size: 413KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1028815b65aa4a420cca98cc5309337

Code Sign

61:08:77:5f:00:00:00:00:00:4aCertificate

Extended Key Usages

Key Usages

61:03:dc:f6:00:00:00:00:00:0cCertificate

Extended Key Usages

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

61:15:08:27:00:00:00:00:00:0cCertificate

Extended Key Usages

Key Usages

cd:b8:77:2f:a9:e8:9b:84:99:0b:7b:e5:a1:af:f8:5c:81:bd:92:c9Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

setupapi

wininet

oledlg

Sections

.nf Size: 3KB - Virtual size: 3KB

.SgNQg Size: 90KB - Virtual size: 90KB

.T Size: 2KB - Virtual size: 46KB

.NPVpb Size: 11KB - Virtual size: 11KB

.nGx Size: 512B - Virtual size: 412KB

.LlOO Size: 4KB - Virtual size: 9KB

.TN Size: 91KB - Virtual size: 90KB

.TVqjNu Size: 13KB - Virtual size: 281KB

.BCdZAQ Size: 1024B - Virtual size: 257KB

.HMqala Size: 3KB - Virtual size: 413KB

.rsrc Size: 9KB - Virtual size: 9KB

61:08:77:5f:00:00:00:00:00:4a
Certificate

61:03:dc:f6:00:00:00:00:00:0c
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:15:08:27:00:00:00:00:00:0c
Certificate

cd:b8:77:2f:a9:e8:9b:84:99:0b:7b:e5:a1:af:f8:5c:81:bd:92:c9
Signer

.nf
Size: 3KB - Virtual size: 3KB

.SgNQg
Size: 90KB - Virtual size: 90KB

.T
Size: 2KB - Virtual size: 46KB

.NPVpb
Size: 11KB - Virtual size: 11KB

.nGx
Size: 512B - Virtual size: 412KB

.LlOO
Size: 4KB - Virtual size: 9KB

.TN
Size: 91KB - Virtual size: 90KB

.TVqjNu
Size: 13KB - Virtual size: 281KB

.BCdZAQ
Size: 1024B - Virtual size: 257KB

.HMqala
Size: 3KB - Virtual size: 413KB

.rsrc
Size: 9KB - Virtual size: 9KB