bda9271beea95b1658f77390e280801b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bda9271beea95b1658f77390e280801b_JaffaCakes118
Size

73KB
MD5

bda9271beea95b1658f77390e280801b
SHA1

009336ea9ab098b814e780a93a59f454e781dce1
SHA256

226708cfb9d8cd07eab114666f58aaaf092bf42a7362939762aca0be3c419d73
SHA512

33f1e4950abf8f5c92e99ac36a7c8f57cbff13fec37a95b9848856a325ea89f3b2b6731dcdb5d9d17f195f6de03e672b1ca6702acf638e027f86de5182d21173
SSDEEP

1536:q16ck2GGzQtE/NOxLMqvWq/yESY4L4KdiVvZe4y1ieJOHZrCRy:Kk2GttE/NOxoQzkY4L4KQvZe4y1ieJOk

Score

1^/10

Malware Config

Signatures

Files

bda9271beea95b1658f77390e280801b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a0dc12a91c50b02fad8befb0f31bd0a8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:a8:73:2b:6c:96:86:80:84:f6:e9:b7:b2:0c:e0:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22-02-2010 00:00

Not After

22-02-2011 23:59

Subject

CN=TuneUp Media\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TuneUp Media\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2f:49:1c:a0:1d:62:53:69:52:52:81:6e:16:1d:5c:3d:9a:14:98:be
Signer

Actual PE Digest

2f:49:1c:a0:1d:62:53:69:52:52:81:6e:16:1d:5c:3d:9a:14:98:be

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\utils\cygwin\home\dbyron\src\tuneup\trunk\tools\all_access\Release\all_access.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA

kernel32

GetFileAttributesA
DeleteFileW
GetFileInformationByHandle
GetFileAttributesW
GetFullPathNameW
Sleep
CreateDirectoryW
SetLastError
FreeLibrary
LoadLibraryA
GetProcAddress
GetShortPathNameW
GetModuleFileNameW
OpenProcess
GetCommandLineW
ExpandEnvironmentStringsW
GetCurrentProcess
FormatMessageA
WaitForSingleObject
ReleaseMutex
CreateMutexA
LocalAlloc
GetVersionExA
WriteFile
LocalFree
GetLastError
CreateFileA
CreateFileW
CloseHandle
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
MapGenericMask
GetSidIdentifierAuthority
GetSidSubAuthority
SetNamedSecurityInfoW
GetAclInformation
InitializeAcl
GetAce
AddAce
GetNamedSecurityInfoW
EqualSid
IsValidSid
GetLengthSid
CopySid
LookupAccountSidW
GetTokenInformation
OpenProcessToken
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

shell32

CommandLineToArgvW

msvcr90

_errno
vsprintf
malloc
_vscprintf
memset
_strdup
strerror
_getpid
strftime
_wcsdup
memcpy
sprintf
realloc
strtol
strstr
wcsstr
_CIpow
_CIlog10
mblen
isprint
ceil
_CIfmod
floor
__CxxFrameHandler3
_itoa
_i64toa
wcsncpy
??3@YAXPAX@Z
strncpy
strpbrk
strspn
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
exit
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_crt_debugger_hook
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
free
_time64
_localtime64_s
strncmp
getenv
strchr
__argv
__iob_func
fprintf
vfprintf
isalpha
printf

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0dc12a91c50b02fad8befb0f31bd0a8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

6d:a8:73:2b:6c:96:86:80:84:f6:e9:b7:b2:0c:e0:d1Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

2f:49:1c:a0:1d:62:53:69:52:52:81:6e:16:1d:5c:3d:9a:14:98:beSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

advapi32

shell32

msvcr90

msvcp90

Sections

.text Size: 43KB - Virtual size: 43KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 1024B - Virtual size: 130KB

.rsrc Size: 1KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

6d:a8:73:2b:6c:96:86:80:84:f6:e9:b7:b2:0c:e0:d1
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

2f:49:1c:a0:1d:62:53:69:52:52:81:6e:16:1d:5c:3d:9a:14:98:be
Signer

.text
Size: 43KB - Virtual size: 43KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 1024B - Virtual size: 130KB

.rsrc
Size: 1KB - Virtual size: 1KB