bb775b77c3a546fa432264a142c24a3d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bb775b77c3a546fa432264a142c24a3d_JaffaCakes118
Size

159KB
MD5

bb775b77c3a546fa432264a142c24a3d
SHA1

129795530434171de2b4bfd5ec5db3ed90e8a5d0
SHA256

172cd90fd9e31ba70e47f0cc76c07d53e512da4cbfd197772c179fe604b75369
SHA512

852a284104c7d835f17c5873ca31124d91ec6bce6a5300ca4a5ae5a0b355b80f66ed42e4c5ebf9f4e820c7ffa6fc1524156a19dfca79a4c12ef16ef551cff262
SSDEEP

3072:gJKHzTszgB3EzRBWSAHh2F6ykVvT7IQ6DLaypwssu5HnX:9zCzRBWhY67tv6PA03

Score

1^/10

Malware Config

Signatures

Files

bb775b77c3a546fa432264a142c24a3d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bac338bfe2685483c201e15eae4352d5

Code Sign

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

01/01/2021, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:2b:ae:c6:af:57:52:58:d8:ea:69:08:87:34:ea:f5
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

20/05/2011, 00:00

Not After

19/05/2013, 23:59

Subject

CN=Netimo Corporation Ltd.,O=Netimo Corporation Ltd.,L=Mapo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
??3@YAXPAX@Z
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
tolower
rand
wcsncpy
time
srand
sprintf
_beginthreadex
wcslen
_waccess
wcschr
swprintf
wcsstr
wcscpy
__CxxFrameHandler
??2@YAPAXI@Z
__p__commode

mfc42u

ord540
ord2914
ord2910
ord800

kernel32

GetStartupInfoA
GetModuleHandleA
WideCharToMultiByte
GetTickCount
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetFileInformationByHandle
GetFileSize
ReadFile
SetFilePointer
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
SetEvent
WaitForSingleObject
GetCurrentThreadId
MultiByteToWideChar
GetProcessHeap
HeapAlloc
CreateEventW
WaitForMultipleObjects
HeapFree
GetModuleFileNameW
GetEnvironmentVariableW
GetTempPathW
GetTempFileNameW
DeleteFileW
MoveFileW
MoveFileExW
ExpandEnvironmentStringsW
CreateProcessW
CreateDirectoryW
GetLastError
CreateFileW
WriteFile
CloseHandle

user32

PostThreadMessageW
GetInputState
GetDesktopWindow
GetMessageW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW

shlwapi

StrCmpNIW
StrRChrIW

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bac338bfe2685483c201e15eae4352d5

Code Sign

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1f:2b:ae:c6:af:57:52:58:d8:ea:69:08:87:34:ea:f5Certificate

Extended Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

msvcrt

mfc42u

kernel32

user32

advapi32

shell32

shlwapi

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 100KB - Virtual size: 98KB

.rsrc Size: 20KB - Virtual size: 18KB

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1f:2b:ae:c6:af:57:52:58:d8:ea:69:08:87:34:ea:f5
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 100KB - Virtual size: 98KB

.rsrc
Size: 20KB - Virtual size: 18KB