b6980806b6f8b797ea4af0d5f250d250_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b6980806b6f8b797ea4af0d5f250d250_JaffaCakes118
Size

698KB
MD5

b6980806b6f8b797ea4af0d5f250d250
SHA1

fd6ebed845b4ff431c938803912bdc4e041cdd39
SHA256

5c82842ea97408a1f7adee1744bc9457078448035aec4b6c07868f0c8c8f1bea
SHA512

c1713f57c17ab99acf90ad31f04b04c458b78ecefab9bf469736bdf1e0ef9fd2ce9a98fcfda7eba78c8bf0e804c9decb0ff43a0f3ae3cdb24694d022cf51e712
SSDEEP

6144:ColrEMFEOIbcV0hcFuX7cIrnUzccU2btV0hcFuX7c9wKofV0hcFuX7c5KomDHvc1:CCrEO9tmHtcBXKYO/yT27VR

Score

1^/10

Malware Config

Signatures

Files

b6980806b6f8b797ea4af0d5f250d250_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3ce4c38bb2930ccb34312353b7886e0c

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23/05/2002, 08:00

Not After

25/09/2011, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/01/2005, 23:20

Not After

05/04/2006, 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

60:6c:2f:5b:a6:49:ec:ab:8a:25:b4:7b:03:c7:a5:e5:e7:44:b2:40
Signer

Actual PE Digest

60:6c:2f:5b:a6:49:ec:ab:8a:25:b4:7b:03:c7:a5:e5:e7:44:b2:40

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

exe\ssmsee.pdb

Imports

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetFileAttributesW
FindResourceW
SizeofResource
LoadResource
LockResource
CreateFileW
CloseHandle
GetThreadLocale
lstrcmpW
HeapReAlloc
CompareStringW
GetEnvironmentVariableW
SetEnvironmentVariableW
lstrcpyW
lstrcatW
FindAtomW
DeleteAtom
AddAtomW
FindFirstFileW
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
RaiseException
FindNextFileW
FindClose
GetUserDefaultLCID
GetSystemDefaultLCID
FreeLibrary
lstrlenA
GetModuleHandleW
GetFileSize
GetProcessHeap
HeapAlloc
ReadFile
HeapFree
GetModuleFileNameW
LoadLibraryExW
CreateDirectoryW
MultiByteToWideChar
GetVersionExW
GetModuleHandleA
lstrlenW
LoadLibraryW
GetProcAddress
IsBadCodePtr
GetLastError
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
Sleep
InterlockedCompareExchange
GetStartupInfoA
GetVersion

atl80

ord32
ord30
ord61
ord64
ord23

msvcr80

_wcsicmp
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
??3@YAXPAX@Z
__CxxFrameHandler3
free
??_V@YAXPAX@Z
_CxxThrowException
??_U@YAPAXI@Z
memset
memcpy
_wstat64i32
??2@YAPAXI@Z
_wcsnicmp
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
_encode_pointer
wcschr
malloc
_wsplitpath
memcpy_s
_vsnwprintf_s
wcstok
_wmakepath
_wtol
isprint
__setusermatherr
__p__fmode
__p__commode
_adjust_fdiv

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
LsaNtStatusToWinError
RegCreateKeyExW
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey

user32

MessageBoxW
LoadStringW
UnregisterClassA
LoadImageW
GetDesktopWindow
GetSystemMetrics
MonitorFromRect
GetMonitorInfoW
RegisterClassW
CreateWindowExW
CharNextW
DestroyWindow
IsWindow
SetWindowLongW
EndPaint
BeginPaint
DefWindowProcW
GetWindowLongW
ReleaseDC
GetDC
LoadBitmapW
UpdateWindow
LoadIconW

ole32

StringFromGUID2
OleInitialize
CoInitializeSecurity
OleUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysAllocStringLen

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc

gdi32

DeleteObject
DeleteDC
BitBlt
CreateCompatibleDC
SelectObject
GetDeviceCaps
CreatePalette
CreateDIBitmap
SelectPalette
RealizePalette
GetObjectW
SetStretchBltMode

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 640KB - Virtual size: 716KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3ce4c38bb2930ccb34312353b7886e0c

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7eCertificate

Extended Key Usages

Key Usages

61:05:87:58:00:03:00:00:00:5aCertificate

Extended Key Usages

Key Usages

60:6c:2f:5b:a6:49:ec:ab:8a:25:b4:7b:03:c7:a5:e5:e7:44:b2:40Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

atl80

msvcr80

advapi32

user32

ole32

oleaut32

shell32

gdi32

Sections

.text Size: 49KB - Virtual size: 48KB

.data Size: 512B - Virtual size: 6KB

.rsrc Size: 640KB - Virtual size: 716KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

61:05:87:58:00:03:00:00:00:5a
Certificate

60:6c:2f:5b:a6:49:ec:ab:8a:25:b4:7b:03:c7:a5:e5:e7:44:b2:40
Signer

.text
Size: 49KB - Virtual size: 48KB

.data
Size: 512B - Virtual size: 6KB

.rsrc
Size: 640KB - Virtual size: 716KB