be386839a9fc2a7ef9704274f340fb61_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

be386839a9fc2a7ef9704274f340fb61_JaffaCakes118
Size

234KB
MD5

be386839a9fc2a7ef9704274f340fb61
SHA1

d9787331387e763e7647cf1a1470d56600e8115f
SHA256

bf205cb218c5f423a5fafb81d249213136e4b045cd7800949fd783a00ff60bf1
SHA512

8748a73970aa06b93930eaf4d3b427ac7a8c52b3ba1f8904ce3604fba348e2b46947a31afa80abe13ea1a91176f8a30a71d10dab59b717404a206c303bf827ba
SSDEEP

3072:Bnirb0a1aLv39/sbDfw0YZ3ukkXlKe11axP0lyEHJPoDH+tLBM2Ye1P+:BkQa1aLP9/AfPX06gEHJP2epRYC+

Score

1^/10

Malware Config

Signatures

Files

be386839a9fc2a7ef9704274f340fb61_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bdd6508f143c567fb94454733600fb55

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/09/2009, 00:00

Not After

01/10/2012, 23:59

Subject

CN=ArcaBit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ArcaBit,O=ArcaBit Ltd.,L=Warsaw,ST=Warsaw,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:70:ae:5c:1c:9a:c6:09:05:96:e6:9c:7d:32:65:fd:52:38:ac:7d
Signer

Actual PE Digest

1b:70:ae:5c:1c:9a:c6:09:05:96:e6:9c:7d:32:65:fd:52:38:ac:7d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetNumberFormatA
GetShortPathNameW
OpenWaitableTimerA
GetShortPathNameA
GetExpandedNameW
FileTimeToDosDateTime
EnumCalendarInfoA
LoadLibraryExA
GetHandleInformation
GlobalDeleteAtom
GetTimeFormatW
SetLocaleInfoW
SetEvent
GlobalAlloc
FindAtomA
GetExitCodeProcess
lstrcmp
CompareFileTime
IsBadCodePtr
LocalAlloc
InitializeCriticalSection
GetThreadLocale
AddAtomW
GetUserDefaultLCID
CreateMutexW
GetEnvironmentStringsW
GetProcAddress
EnumTimeFormatsA
GetEnvironmentStringsA
GetExpandedNameA
CreateMailslotA
GetCurrentThread
lstrcpyA
GetTempFileNameW
GetSystemDirectoryA
GetModuleFileNameW
DosDateTimeToFileTime
GetSystemInfo
TlsAlloc
IsBadWritePtr
CopyFileA
GetStartupInfoW
GetCPInfo
GetOEMCP
GetSystemDirectoryW
lstrcat
OpenMutexA
CreateSemaphoreW
WinExec
GlobalGetAtomNameA
FreeLibrary
GetCalendarInfoA
IsBadStringPtrW
GetStartupInfoA
FatalAppExitW
GlobalFindAtomA
OpenSemaphoreW
GetVersionExW
SearchPathA
IsBadStringPtrA
FindResourceW
OpenMutexW
GetStringTypeW
GetComputerNameA
OpenEventW
FindResourceA
GetVersionExA
GetDateFormatA
RemoveDirectoryA
lstrcpy

user32

FindWindowA
SendMessageW
MoveWindow
AppendMenuW
InvalidateRgn
GetMenuState
CopyRect
SetWindowTextA
GetWindowRgn
WaitMessage
RegisterClassA
CreatePopupMenu
SetDlgItemTextA
RemoveMenu
MonitorFromPoint
SendDlgItemMessageA
GetActiveWindow
InsertMenuItemA
DefWindowProcW
CheckMenuItem
SetDlgItemInt
GetClassInfoW
RegisterWindowMessageA
SetActiveWindow
PostMessageW
GetDlgItemTextW
GetMenuItemRect
GetMenuStringA
LoadCursorW
wsprintfA
SetParent
GetSysColorBrush
IsDlgButtonChecked
CreateDialogParamA
DialogBoxIndirectParamA
EmptyClipboard
GetClassInfoA
SetMenu
SendDlgItemMessageW
GetAsyncKeyState
GetClassInfoExA
CreateDesktopW
CharNextA
DestroyIcon
AdjustWindowRect
SetCursor
MessageBoxIndirectW
GetMenuItemInfoA
GetScrollPos
ActivateKeyboardLayout
EnableMenuItem
DestroyMenu
InvalidateRect
EndDialog
EnumClipboardFormats
mouse_event
MessageBoxA
DestroyCursor
GetDlgItemTextA
WinHelpW
keybd_event
SetWindowRgn
LoadCursorA
LoadIconW
DialogBoxParamA
WinHelpA
UnregisterClassW
TrackPopupMenuEx
GetDlgItemInt
OffsetRect
LoadImageA
CopyIcon
MonitorFromRect
LoadIconA
CreateDialogIndirectParamW
SetWindowTextW
CreateWindowExA
IsChild

gdi32

CreateDIBPatternBrushPt
SelectBrushLocal
CreateMetaFileW
GetMetaFileA
CreateFontIndirectExA
GetStockObject
CreatePalette
DeleteObject
RemoveFontResourceExW
SetWinMetaFileBits
CreateFontIndirectA
TranslateCharsetInfo
CreatePolyPolygonRgn
CreateRoundRectRgn
StretchDIBits
GetTextExtentPointA
GetEnhMetaFilePixelFormat
CreateScalableFontResourceW
CreateColorSpaceA
AddFontResourceA
CreateColorSpaceW
GetMetaFileW

shell32

StrRChrA
StrRStrIW
StrRChrIW
ExtractAssociatedIconA
StrNCmpA
ShellExecuteA
SHGetSpecialFolderLocation
Shell_NotifyIcon
Shell_NotifyIconA
StrStrA
ExtractIconW
ExtractAssociatedIconW
ShellExecuteExW

comdlg32

PrintDlgExA
GetOpenFileNameW
FindTextA
PageSetupDlgA
ChooseFontW
PrintDlgExW
PrintDlgW
PageSetupDlgW
GetSaveFileNameW

oleaut32

VarUI1FromUI4
VarBstrFromUI2

setupapi

SetupDiSetDeviceInstallParamsW
CM_Set_HW_Prof_Flags_ExW
pSetupStringTableInitializeEx
pSetupGetCurrentDriverSigningPolicy
CM_Free_Res_Des_Handle
DoesUserHavePrivilege
SetupDiGetHwProfileFriendlyNameExA
SetupInstallServicesFromInfSectionExA
SetupDiSetClassRegistryPropertyW
SetupDiDestroyDeviceInfoList
CM_Register_Device_Interface_ExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeA
VerLanguageNameA
VerFindFileW
VerLanguageNameW
VerInstallFileW
VerFindFileA
VerInstallFileA

rasman

RasDeAllocateRoute
RasFreeBuffer

inetcomm

MimeOleCreateByteStream
MimeOleSMimeCapsToDlg
EssMLHistoryDecodeEx
MimeEditCreateMimeDocument
MimeOleParseRfc822Address

Sections

.dPbhfB
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UVQ
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.s
Size: 1KB - Virtual size: 478KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VkaeI
Size: 512B - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.haH
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.CbZGB
Size: 6KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zd
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.YJ
Size: 12KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Z
Size: 1024B - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bdd6508f143c567fb94454733600fb55

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3dCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

1b:70:ae:5c:1c:9a:c6:09:05:96:e6:9c:7d:32:65:fd:52:38:ac:7dSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

oleaut32

setupapi

version

rasman

inetcomm

Sections

.dPbhfB Size: 5KB - Virtual size: 5KB

.UVQ Size: 91KB - Virtual size: 91KB

.s Size: 1KB - Virtual size: 478KB

.VkaeI Size: 512B - Virtual size: 255KB

.haH Size: 10KB - Virtual size: 10KB

.CbZGB Size: 6KB - Virtual size: 39KB

.zd Size: 90KB - Virtual size: 90KB

.YJ Size: 12KB - Virtual size: 171KB

.Z Size: 1024B - Virtual size: 337KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 1KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3d
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

1b:70:ae:5c:1c:9a:c6:09:05:96:e6:9c:7d:32:65:fd:52:38:ac:7d
Signer

.dPbhfB
Size: 5KB - Virtual size: 5KB

.UVQ
Size: 91KB - Virtual size: 91KB

.s
Size: 1KB - Virtual size: 478KB

.VkaeI
Size: 512B - Virtual size: 255KB

.haH
Size: 10KB - Virtual size: 10KB

.CbZGB
Size: 6KB - Virtual size: 39KB

.zd
Size: 90KB - Virtual size: 90KB

.YJ
Size: 12KB - Virtual size: 171KB

.Z
Size: 1024B - Virtual size: 337KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 1KB - Virtual size: 1KB