bd45f12c432514923561fe1f2b6be59a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bd45f12c432514923561fe1f2b6be59a_JaffaCakes118
Size

88KB
MD5

bd45f12c432514923561fe1f2b6be59a
SHA1

e63f6f4b1184c021b8aac738160dcbb5349700d9
SHA256

de1072cfb73ffce178db796d5b0bc15822e380651a797ae4bbcf62847d2dc680
SHA512

9bf8a7b38d96b885f43e8603420ba9fe016507077bf483399601832a24179d91c6c723666be411ca5f0e48a3ee572acb8fa701618c4f5281e1b5acdd1bfe0c56
SSDEEP

768:2m5AwZXWFWMqivcwFBqWV2AqU3GtmArsocthQqhvcaTTfWctTiB9tfDP2mIL58Pf:2gmLqopFBqrAiTqhvFfADumPsoGnVg

Score

1^/10

Malware Config

Signatures

Files

bd45f12c432514923561fe1f2b6be59a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c94af32a4408328b7b0c96187b5f7a11

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:84:b0:e7:ac:23:c4:fb:5a:9c:bd:cd:c5:24:91:87
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

17/11/2006, 00:00

Not After

16/11/2008, 23:59

Subject

CN=iWin\, Inc,OU=Secure Application Development,O=iWin\, Inc,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dc:e2:41:bf:d7:f6:2b:24:25:b3:53:e6:fa:82:8f:89:34:3c:90:bb
Signer

Actual PE Digest

dc:e2:41:bf:d7:f6:2b:24:25:b3:53:e6:fa:82:8f:89:34:3c:90:bb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHGetValueA

kernel32

GetModuleFileNameW
GetModuleFileNameA
WinExec
GetVersionExA
FlushFileBuffers
HeapSize
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
RaiseException
HeapReAlloc
HeapAlloc
TerminateProcess
GetCurrentProcess
CloseHandle
GetProcAddress
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetLastError
SetFilePointer
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
GetStringTypeA
GetStringTypeW
ReadFile
LCMapStringA
LCMapStringW

advapi32

RegQueryValueExA
RegOpenKeyExW
RegDeleteValueW
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegEnumValueA
RegOpenKeyA
RegEnumValueW
RegOpenKeyW
RegQueryValueExW
RegFlushKey
RegSetValueExA
RegCreateKeyExA

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c94af32a4408328b7b0c96187b5f7a11

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

04:84:b0:e7:ac:23:c4:fb:5a:9c:bd:cd:c5:24:91:87Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

dc:e2:41:bf:d7:f6:2b:24:25:b3:53:e6:fa:82:8f:89:34:3c:90:bbSigner

Headers

File Characteristics

Imports

shlwapi

kernel32

advapi32

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 424B

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

04:84:b0:e7:ac:23:c4:fb:5a:9c:bd:cd:c5:24:91:87
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

dc:e2:41:bf:d7:f6:2b:24:25:b3:53:e6:fa:82:8f:89:34:3c:90:bb
Signer

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 424B