ba45e8c251c2693c15162f40475b48dc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ba45e8c251c2693c15162f40475b48dc_JaffaCakes118
Size

137KB
MD5

ba45e8c251c2693c15162f40475b48dc
SHA1

75a1248b57444961944ea13a9e9462ef0d3b0cf1
SHA256

1aa3062373bb71241e1ab7b1ed30e5adb3e23cc289c2e022a6692b1185e7b800
SHA512

1eeaad4ee07b54647035b915fc75da34e8cacbd5d494ebc1166ebb6311f6663648b356e5018697276b5db2f5d4e1d6b6c3fad913e928dc6ad56f56ba8ecbb8d6
SSDEEP

3072:KFxhOWQyph/SiGUPkqFszDd9CL0vo7a42QwCfzxtA+G/r8F:8OWRptFXkyszrUPm42XC7ZQ+

Score

1^/10

Malware Config

Signatures

Files

ba45e8c251c2693c15162f40475b48dc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

62c4f31d4603b9e2ad22f3692f3ab9eb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:df:80:45:7f:6f:03:c0:a2:f0:e2:59:51:35:96:93
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24/01/2007, 00:00

Not After

24/01/2008, 23:59

Subject

CN=2Squared Software,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=2Squared Software,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:22:48:73:d5:68:4c:f7:e1:55:b4:69:c2:71:62:ed:a9:53:f6:88
Signer

Actual PE Digest

01:22:48:73:d5:68:4c:f7:e1:55:b4:69:c2:71:62:ed:a9:53:f6:88

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Matthew\WorkCode\ErrorSweeper\trunk\release\Launcher.pdb

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

mfc80

ord5403
ord3997
ord1084
ord781
ord265
ord764
ord6703
ord310
ord4541
ord299
ord3683
ord1489
ord757
ord2540
ord566
ord3333
ord3830
ord4261
ord4481
ord3949
ord2644
ord3709
ord3719
ord3718
ord1207
ord2533
ord2646
ord762
ord2475
ord5529
ord266
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord578
ord5226
ord2248
ord3948
ord4568
ord5230
ord5213
ord5566
ord2537
ord2731
ord2835
ord4307
ord2714
ord2838

msvcr80

_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_CxxThrowException
?terminate@@YAXXZ
_initterm_e
_initterm
_acmdln
_ismbblead
_XcptFilter
_exit
_setmbcp
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_configthreadlocale
_controlfp_s
_cexit
__getmainargs
_amsg_exit
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__CxxFrameHandler3
_invalid_parameter_noinfo
exit
_decode_pointer
memset
__setusermatherr

kernel32

GetModuleFileNameA
GetCurrentProcess
TlsSetValue
TlsFree
TlsAlloc
GetVersionExA
GetLastError
InterlockedExchange
TerminateProcess
Sleep
InterlockedCompareExchange
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
GetACP
GetThreadLocale

user32

GetWindowTextLengthA
GetClientRect
GetSysColor
InvalidateRect
RedrawWindow
EndPaint
BeginPaint
PostMessageA
GetWindowTextA
SetPropA
GetDlgCtrlID
GetWindowLongA
UnregisterClassA
FillRect
GetParent
SendMessageA
DrawTextA
RegisterClassExA
DefWindowProcA
GetPropA

gdi32

SetBkColor
SetBkMode
DeleteObject
GetStockObject
CreateFontIndirectA
GetObjectA
SelectObject
SetTextColor
CreateSolidBrush

shell32

ShellExecuteA

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62c4f31d4603b9e2ad22f3692f3ab9eb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

0f:df:80:45:7f:6f:03:c0:a2:f0:e2:59:51:35:96:93Certificate

Extended Key Usages

Key Usages

01:22:48:73:d5:68:4c:f7:e1:55:b4:69:c2:71:62:ed:a9:53:f6:88Signer

Headers

File Characteristics

PDB Paths

Imports

version

mfc80

msvcr80

kernel32

user32

gdi32

shell32

Sections

.text Size: 8KB - Virtual size: 6KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 108KB - Virtual size: 106KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

0f:df:80:45:7f:6f:03:c0:a2:f0:e2:59:51:35:96:93
Certificate

01:22:48:73:d5:68:4c:f7:e1:55:b4:69:c2:71:62:ed:a9:53:f6:88
Signer

.text
Size: 8KB - Virtual size: 6KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 108KB - Virtual size: 106KB