be4e03aa810ee307632847c34065535b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

be4e03aa810ee307632847c34065535b_JaffaCakes118
Size

9.6MB
MD5

be4e03aa810ee307632847c34065535b
SHA1

04af50da6a5e1b27accb6987ba7000bb09e0696a
SHA256

8362f39e3c45632cfde61d5577ce700778e6d4a567b3dfb0a42ec373104da2d3
SHA512

8be03d081d2bdf570cab82e9f7d907f0e48ecc82b4dc8193d95a0388d329acce567d4e5cce9c001f57cfb8ee06ef8e665d9513982fe7767ac08927e1d28482d2
SSDEEP

196608:SnGi9/tS9Su5gTe3p2VLyMCLLtgQIJQSG5t2FUJti8wHMgDZCNedd1WIiVII5a:SnBJtSfmTe52VGMCXW+5I9dMgya1WIia

Score

1^/10

Malware Config

Signatures

Files

be4e03aa810ee307632847c34065535b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

41b67a3f7d33b66b55cb74fb7bb369b2

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:48:2b:f8:48:a6:0c:84:94:77:f7:47:1b:54:23:10
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

20/11/2013, 00:00

Not After

20/12/2015, 23:59

Subject

CN=SimpleHelp Ltd,O=SimpleHelp Ltd,L=Burntisland,ST=Midlothian,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

9f:c7:ef:e7:6e:9a:68:b0:6b:f8:5a:15:86:df:09:87:70:25:c9:09
Signer

Actual PE Digest

9f:c7:ef:e7:6e:9a:68:b0:6b:f8:5a:15:86:df:09:87:70:25:c9:09

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

InitCommonControlsEx

wininet

HttpSendRequestA
InternetErrorDlg
InternetOpenA
InternetSetOptionA
InternetReadFile
InternetCrackUrlA
InternetConnectA
InternetOpenUrlA
HttpQueryInfoA
InternetCloseHandle
InternetQueryOptionA
HttpOpenRequestA

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpOpen
WinHttpGetProxyForUrl

kernel32

CompareStringA
GetStringTypeW
GetStringTypeA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
LCMapStringW
LCMapStringA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
MoveFileExA
FreeLibrary
GetCurrentProcess
Sleep
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetVersion
WaitForSingleObject
SetEvent
TerminateThread
CreateEventA
GetLastError
CloseHandle
CreateMutexA
CompareStringW
CreateThread
SetCurrentDirectoryA
GetCurrentDirectoryA
GlobalFree
DeleteFileA
GetExitCodeProcess
CreateProcessA
lstrlenA
FormatMessageA
GetShortPathNameA
LocalAlloc
GetVersionExA
LocalFree
FreeEnvironmentStringsA
HeapSize
SetFilePointer
GetOEMCP
GetACP
GetCPInfo
ReadFile
RtlUnwind
FlushFileBuffers
GetConsoleMode
GetConsoleCP
InitializeCriticalSection
GetStartupInfoA
GetFileType
SetHandleCount
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ReleaseMutex
FileTimeToSystemTime
InterlockedExchange
RaiseException
HeapFree
HeapAlloc
SetEndOfFile
FileTimeToLocalFileTime
FindFirstFileA
FindNextFileA
FindClose
MoveFileA
ExitProcess
GetTimeFormatA
GetDateFormatA
GetDriveTypeA
GetFullPathNameA
GetTimeZoneInformation
GetSystemTimeAsFileTime
ExitThread
GetCurrentThreadId
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
SetEnvironmentVariableA
GetFileAttributesA
CreateDirectoryA
RemoveDirectoryA
GetCommandLineA
GetProcessHeap
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
WriteFile

user32

SetTimer
GetWindowRect
KillTimer
SetWindowPos
GetDesktopWindow
DestroyWindow
GetMessageA
PostThreadMessageA
MonitorFromPoint
LoadIconA
SendMessageA
GetMonitorInfoA
TranslateMessage
SetWindowLongA
GetWindowLongA
CreateWindowExA
PeekMessageA
DefWindowProcA
GetCursorPos
ShowWindow
DispatchMessageA
SystemParametersInfoA
LoadCursorA
ValidateRect
RegisterClassA

advapi32

GetUserNameA

Sections

.text
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41b67a3f7d33b66b55cb74fb7bb369b2

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

6e:48:2b:f8:48:a6:0c:84:94:77:f7:47:1b:54:23:10Certificate

Extended Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03Certificate

Extended Key Usages

Key Usages

9f:c7:ef:e7:6e:9a:68:b0:6b:f8:5a:15:86:df:09:87:70:25:c9:09Signer

Headers

File Characteristics

Imports

winmm

version

comctl32

wininet

winhttp

kernel32

user32

advapi32

Sections

.text Size: 168KB - Virtual size: 165KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 8KB - Virtual size: 1.0MB

.rsrc Size: 48KB - Virtual size: 45KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

6e:48:2b:f8:48:a6:0c:84:94:77:f7:47:1b:54:23:10
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

9f:c7:ef:e7:6e:9a:68:b0:6b:f8:5a:15:86:df:09:87:70:25:c9:09
Signer

.text
Size: 168KB - Virtual size: 165KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 8KB - Virtual size: 1.0MB

.rsrc
Size: 48KB - Virtual size: 45KB