b8d1ec97879f12415417cf0acce22487_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b8d1ec97879f12415417cf0acce22487_JaffaCakes118
Size

137KB
MD5

b8d1ec97879f12415417cf0acce22487
SHA1

e0af05013bfd91b1e971605f57f556fb51b61782
SHA256

82f5c640f23887a671f6030a870eb5d8966c4e19ab84771f655889047633f559
SHA512

a085ca4a74883b07bb4b83e786bb3994a48778190b9352e9dae9d3766004552845ed98a91225c6d364bba11a33dfd1b4f0077e7bce96b5bb5ee43fbf66f3723e
SSDEEP

3072:9K/NuKug4i5tCrlnAOnzmdWVsEZoI/7RgkJ7cvDWrsDCtp+io:qug4iWr/z3rZlJmyADC3+v

Score

1^/10

Malware Config

Signatures

Files

b8d1ec97879f12415417cf0acce22487_JaffaCakes118
.exe windows:3 windows x86 arch:x86

e2f9e8b51a954f79006f95658a99bf6c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:ef:4f:72:14:93:67:bc:c7:77:5d:00:00:90:9c:1d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

29-01-2010 00:00

Not After

30-01-2012 23:59

Subject

CN=VIRUSBLOKADA LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=VIRUSBLOKADA LTD.,L=Minsk,ST=none,C=BY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

98:f9:59:fe:8f:60:e1:48:da:c9:10:02:ab:86:2a:ad:53:c5:55:4d
Signer

Actual PE Digest

98:f9:59:fe:8f:60:e1:48:da:c9:10:02:ab:86:2a:ad:53:c5:55:4d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForMultipleObjects
GetLongPathNameW
AddAtomW
OpenWaitableTimerA
CreateNamedPipeA
GetCalendarInfoA
GetAtomNameA
OpenMutexA
lstrcmpW
FindResourceW
GetFullPathNameA
ReadDirectoryChangesW
CreateFileMappingA
GetMailslotInfo
LoadLibraryW
lstrlen
GetCalendarInfoW
GetSystemDirectoryA
GetTempPathW
GetWindowsDirectoryW
DuplicateHandle
GetVersionExA
GetComputerNameA
GetCurrentDirectoryA
CreateSemaphoreA
CreateMutexA
lstrcmpiW
GetLogicalDriveStringsW
lstrcatW
SearchPathA
GetModuleFileNameW
CompareFileTime
SetCalendarInfoW
FatalAppExitA
GetSystemInfo
GetNumberFormatA
GetVersionExW
GetDiskFreeSpaceA
GetThreadPriority
WaitForSingleObject
TlsAlloc
FileTimeToDosDateTime
CopyFileA
GetModuleHandleA
CreateNamedPipeW
EnumTimeFormatsA
lstrcpynW
GetLogicalDriveStringsA
EndUpdateResourceW
GetUserDefaultLCID
GetShortPathNameW
GetProcAddress

user32

GetCaretPos
GetClassInfoW
UnregisterClassW
UpdateWindow
CheckDlgButton
CreateWindowExW
GetKeyboardType
GetClassLongW
CheckMenuItem
AdjustWindowRect
CreatePopupMenu
GetCursorPos
GetSysColor
GetActiveWindow
LoadMenuIndirectW
EnumDesktopsA
wvsprintfA
CloseWindow
CharPrevA
SetWindowPos
SetActiveWindow
MonitorFromRect
GetMenuItemCount
SetDlgItemTextW
GetWindowDC
DestroyMenu
GetMenuItemInfoA
GetSysColorBrush
IsWindowEnabled
GetActiveWindow
GetDlgItemTextA
GetClassNameW
PostQuitMessage
AnimateWindow
DrawTextW
UnregisterClassA
GetClientRect
IsIconic
EnumWindows
DefFrameProcA
wsprintfW
EndDialog
OffsetRect
GetWindowTextLengthW
GetClassInfoA

gdi32

GetArcDirection
PolyPolyline
SetAbortProc
GetICMProfileW
GetViewportExtEx
CreatePalette
DeleteObject
CreateEllipticRgn
SetBkColor
SetROP2
GetMiterLimit
OffsetClipRgn
SetMetaFileBitsEx
IntersectClipRect
GetMetaFileA
SetTextCharacterExtra
ScaleViewportExtEx
RectInRegion
CreatePolyPolygonRgn
PlayEnhMetaFile

advapi32

RegRestoreKeyA
RegQueryMultipleValuesW
RegDeleteKeyW
RegQueryMultipleValuesA
RegReplaceKeyW
RegDeleteValueW
RegOpenKeyA

shell32

SHGetFolderPathA
StrChrIA
SHCreateDirectory
StrRStrIA
StrRStrIW
StrStrIA

shlwapi

ColorRGBToHLS
StrSpnW
SHDeleteKeyW
SHRegDuplicateHKey
StrCSpnIW
SHOpenRegStream2A

comctl32

ShowHideMenuCtl
ImageList_LoadImage
DrawStatusTextA
CreateStatusWindow
ImageList_SetImageCount
ImageList_Create
DestroyPropertySheetPage

ole32

IsValidIid
CoDosDateTimeToFileTime
CoDisconnectObject
CoGetInstanceFromFile
CoGetClassObject
OleCreate
StringFromCLSID

oleaut32

VarBoolFromR8
VarR8FromUI4
VarDecFromR4
VarR4FromUI8
VarI2FromI8
QueryPathOfRegTypeLib
VarDateFromR4

ws2_32

getpeername
recvfrom
htonl
connect
WSAIoctl
select
WSAAccept
htonl

urlmon

HlinkSimpleNavigateToString
URLOpenStreamA
CopyBindInfo
CoInternetGetProtocolFlags
RegisterMediaTypeClass
UrlMkSetSessionOption
URLDownloadToFileA

winspool.drv

EnumFormsW
EXTDEVICEMODE
StartDocDlgW
DeviceCapabilitiesA
DeleteMonitorW
AddPortExW
SetFormW
ConfigurePortW
ScheduleJob
AddPortExA

inetcomm

CreateSMTPTransport
MimeEditViewSource
HrAttachDataFromBodyPart
HrDoAttachmentVerb
MimeOleGetDefaultCharset
MimeOleGenerateCID
MimeOleGetInternat
MimeOleCreateMessage

wsock32

send
ntohl
GetAddressByNameA
getsockopt
getpeername
WSASetBlockingHook
connect

crypt32

CertCreateSelfSignCertificate
CertSaveStore
CertCompareCertificateName
CryptMsgVerifyCountersignatureEncodedEx
CryptMsgControl
I_CryptCreateLruEntry

Sections

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 1KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 22KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2f9e8b51a954f79006f95658a99bf6c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

2b:ef:4f:72:14:93:67:bc:c7:77:5d:00:00:90:9c:1dCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

98:f9:59:fe:8f:60:e1:48:da:c9:10:02:ab:86:2a:ad:53:c5:55:4dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

comctl32

ole32

oleaut32

ws2_32

urlmon

winspool.drv

inetcomm

wsock32

crypt32

Sections

.rdata Size: 17KB - Virtual size: 17KB

.rdata Size: 6KB - Virtual size: 6KB

.edata Size: 1KB - Virtual size: 39KB

.rdata Size: 1024B - Virtual size: 22KB

.data Size: 11KB - Virtual size: 15KB

.edata Size: 1024B - Virtual size: 8KB

.rsrc Size: 89KB - Virtual size: 88KB

.reloc Size: 1024B - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

2b:ef:4f:72:14:93:67:bc:c7:77:5d:00:00:90:9c:1d
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

98:f9:59:fe:8f:60:e1:48:da:c9:10:02:ab:86:2a:ad:53:c5:55:4d
Signer

.rdata
Size: 17KB - Virtual size: 17KB

.rdata
Size: 6KB - Virtual size: 6KB

.edata
Size: 1KB - Virtual size: 39KB

.rdata
Size: 1024B - Virtual size: 22KB

.data
Size: 11KB - Virtual size: 15KB

.edata
Size: 1024B - Virtual size: 8KB

.rsrc
Size: 89KB - Virtual size: 88KB

.reloc
Size: 1024B - Virtual size: 4KB