bdb9be5ee6a0dac10b679cf54c85ecb4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bdb9be5ee6a0dac10b679cf54c85ecb4_JaffaCakes118
Size

201KB
MD5

bdb9be5ee6a0dac10b679cf54c85ecb4
SHA1

5b55c63bd17380e44bc5f475c6531f3809f15640
SHA256

5ef3655ef3e157b713ea9767703e0339057b5f59df1f5fbdaf3e19167ba4c1c9
SHA512

64e5f2231719ad8a688a6c06aa4fcb52343e7674aaaef7f094061d19a19462511b27d870fb661b716452dc7ed7c15b3b605f5cfc29407f7dfa1aa54560e25fbe
SSDEEP

3072:/9wQQswjIZqH4BMIQFhyhMMKHt5+PI/ykwYpNt0sivhA1Rt05D:/9BQswjSqH6MfgPSNtKQX0h

Score

1^/10

Malware Config

Signatures

Files

bdb9be5ee6a0dac10b679cf54c85ecb4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

96951f590cf71a47eb52e29de9465dd0

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:9b:6f:17:2f:48:91:3b:5b:bd:29:2c:a0:ab:77:a3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

29/09/2006, 00:00

Not After

26/10/2009, 23:59

Subject

CN=Norman ASA,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarter,O=Norman ASA,L=Lysaker,ST=Oslo,C=NO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ed:f9:66:ed:d3:54:9c:72:11:4d:25:08:ba:93:5f:c8:2b:57:a0:2c
Signer

Actual PE Digest

ed:f9:66:ed:d3:54:9c:72:11:4d:25:08:ba:93:5f:c8:2b:57:a0:2c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EndUpdateResourceW
EnumTimeFormatsA
GetLogicalDriveStringsW
CreateDirectoryA
IsBadStringPtrA
lstrcatW
DuplicateHandle
ConnectNamedPipe
CompareStringA
GetCalendarInfoW
GetTempPathW
GetOEMCP
GetVersionExA
GetACP
CreatePipe
GetWindowsDirectoryW
CreateFileW
GetLongPathNameW
GlobalDeleteAtom
GetModuleHandleA
FileTimeToLocalFileTime
FindResourceW
CreateEventA
GetProcessHeaps
CreateDirectoryW
EnumTimeFormatsW
GlobalAlloc
GetExitCodeThread
SetErrorMode
GetLogicalDriveStringsA
IsBadReadPtr
MoveFileA
Sleep
CreateFileMappingA
lstrcmp
GetFileType
IsBadWritePtr
HeapCreate
SetCalendarInfoW
DosDateTimeToFileTime
GetSystemDirectoryA
CreateFileMappingA
GetProcAddress
CreateThread
GetNamedPipeInfo
GetMailslotInfo
DeleteAtom
LocalAlloc

user32

RegisterClassW
CharLowerW
LoadCursorW
GetDC
ShowCaret
LoadMenuIndirectW
SetTimer
GetScrollPos
GetDlgItemTextA
TrackPopupMenuEx
GetClassNameA
CreateAcceleratorTableW
SetActiveWindow
SetDlgItemTextA
CallWindowProcW
FindWindowA
DrawTextW
RegisterClassA
MonitorFromPoint
CharNextA
GetSysColorBrush
GetDlgItemTextW
CallWindowProcA
GetClassInfoW
InvalidateRgn
CreateAcceleratorTableA
MessageBoxIndirectA
EnumWindows
InsertMenuItemA
BringWindowToTop
SendDlgItemMessageW
FlashWindow
SetForegroundWindow
DefWindowProcW
wsprintfW
GetDesktopWindow
UpdateWindow
EnableMenuItem
GetClassInfoExA
CharNextW
MessageBoxIndirectW
GetWindowLongW
InsertMenuW
SetWindowTextA
GetSubMenu
PostMessageA
CreateMenu
LoadMenuA
LoadCursorA
GetCaretPos
ClientToScreen

gdi32

GetColorAdjustment
ScaleWindowExtEx
GdiGetBatchLimit
GetObjectType
OffsetRgn
GetEnhMetaFilePixelFormat
GetTextCharacterExtra
CreatePatternBrush
SetPixelV
GetMiterLimit
DeleteDC
Escape
Rectangle
GetTextColor
CreateRectRgn
GetRgnBox

advapi32

RegCreateKeyW
RegQueryInfoKeyA
RegEnumValueW
RegDeleteKeyW
RegQueryValueA
RegCreateKeyExA
RegDeleteValueW

comctl32

DestroyPropertySheetPage
ImageList_DrawEx
ImageList_GetBkColor
DllGetVersion
ImageList_Draw

ole32

CoCreateInstance
CLSIDFromString
CreateErrorInfo
CoGetCurrentProcess
CoGetClassVersion

oleaut32

VarI8FromUI1
VarUI2FromI4
VarI1FromDisp
VarI2FromUI2
VarBstrFromDate
VarSub
VarUI2FromDisp

setupapi

SetupFreeSourceListW
SetupGetFileCompressionInfoExW
CM_Connect_MachineW
SetupDiGetCustomDevicePropertyA
SetupDiClassNameFromGuidW
SetupInitDefaultQueueCallback
CM_Create_DevNode_ExA

urlmon

UrlMkBuildVersion
CoInternetCompareUrl
CoInternetGetSecurityUrl
URLOpenStreamA
ObtainUserAgentString
DllInstall
CreateAsyncBindCtxEx
URLDownloadToFileW
IsLoggingEnabledW
GetClassURL
IsValidURL
ReleaseBindInfo
RegisterBindStatusCallback
DllRegisterServerEx
CoGetClassObjectFromURL
RegisterMediaTypeClass
CopyBindInfo
URLDownloadToCacheFileW
CDLGetLongPathNameA
CreateURLMoniker

winspool.drv

EndDocPrinter
DeletePrinterConnectionA
DeletePrintProcessorA
GetDefaultPrinterW
AddPrinterDriverExW
WritePrinter
AddJobW
GetFormW

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Y
Size: 512B - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qR
Size: 1KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zD
Size: 5KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.AfKcN
Size: 2KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bDZdzz
Size: 1024B - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.I
Size: 1KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.FwB
Size: 1024B - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gXr
Size: 512B - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Sr
Size: 1KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96951f590cf71a47eb52e29de9465dd0

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

56:9b:6f:17:2f:48:91:3b:5b:bd:29:2c:a0:ab:77:a3Certificate

Extended Key Usages

Key Usages

ed:f9:66:ed:d3:54:9c:72:11:4d:25:08:ba:93:5f:c8:2b:57:a0:2cSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

comctl32

ole32

oleaut32

setupapi

urlmon

winspool.drv

Sections

.text Size: 11KB - Virtual size: 11KB

.Y Size: 512B - Virtual size: 38KB

.qR Size: 1KB - Virtual size: 23KB

.zD Size: 5KB - Virtual size: 52KB

.AfKcN Size: 2KB - Virtual size: 18KB

.bDZdzz Size: 1024B - Virtual size: 37KB

.I Size: 1KB - Virtual size: 31KB

.data Size: 9KB - Virtual size: 8KB

.FwB Size: 1024B - Virtual size: 47KB

.gXr Size: 512B - Virtual size: 31KB

.Sr Size: 1KB - Virtual size: 109KB

.rsrc Size: 162KB - Virtual size: 162KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

56:9b:6f:17:2f:48:91:3b:5b:bd:29:2c:a0:ab:77:a3
Certificate

ed:f9:66:ed:d3:54:9c:72:11:4d:25:08:ba:93:5f:c8:2b:57:a0:2c
Signer

.text
Size: 11KB - Virtual size: 11KB

.Y
Size: 512B - Virtual size: 38KB

.qR
Size: 1KB - Virtual size: 23KB

.zD
Size: 5KB - Virtual size: 52KB

.AfKcN
Size: 2KB - Virtual size: 18KB

.bDZdzz
Size: 1024B - Virtual size: 37KB

.I
Size: 1KB - Virtual size: 31KB

.data
Size: 9KB - Virtual size: 8KB

.FwB
Size: 1024B - Virtual size: 47KB

.gXr
Size: 512B - Virtual size: 31KB

.Sr
Size: 1KB - Virtual size: 109KB

.rsrc
Size: 162KB - Virtual size: 162KB