c273a511f8972c443c48ce294a62ce58_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c273a511f8972c443c48ce294a62ce58_JaffaCakes118
Size

6.4MB
MD5

c273a511f8972c443c48ce294a62ce58
SHA1

25df2b6f6343d95f3d6a0b08d3b868c88a50df91
SHA256

8b8bff440e16f2dfc319ac2252a928e899de0cddf43e191f7fa28702af31a777
SHA512

5bd75e86a6e3ba191cd1c87d24f0562427907242f22e7a67913860b7714c379a00a02ff60c2ece850c5dddff91864fb99062b53d9ebcc40e1d08244a9ea399a8
SSDEEP

196608:x8stL/0BQCyYXV8bD/TKxMwhu2QFzGS316U6HaPJCkIxIPr:xToX/S+xMwM0wgU6HABeIPr

Score

1^/10

Malware Config

Signatures

Files

c273a511f8972c443c48ce294a62ce58_JaffaCakes118
.exe windows:5 windows x86 arch:x86

05638d02997dbbd5355f3e798e9deaf7

Code Sign

20:e6:5f:5d:29:b5:82:24:10:50:4b:1a:c1:83:ca:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/11/2013, 00:00

Not After

14/11/2014, 23:59

Subject

CN=Nanjing Zhixiao Information Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Nanjing Zhixiao Information Technology Co.\,Ltd,L=Nanjing,ST=Jiangsu,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:25:b4:b8:c8:d9:00:ea:30:75:95:44:91:dc:ea:ba:47:e3:14:4b
Signer

Actual PE Digest

55:25:b4:b8:c8:d9:00:ea:30:75:95:44:91:dc:ea:ba:47:e3:14:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

urielac

urielac_fss

kernel32

GetVersionExA
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetCursorPos
GetProcessWindowStation
GetUserObjectInformationW

gdi32

TextOutW

shell32

ShellExecuteA

ole32

CoCreateInstance

winmm

timeBeginPeriod

d3d8

Direct3DCreate8

python27

PyImport_ImportModule

iphlpapi

GetAdaptersInfo

devil

ilConvertImage

imm32

ImmNotifyIME

version

VerQueryValueA

imagehlp

GetTimestampForLoadedLibrary

granny2

_GrannyFreeMeshBinding@4

mss32

_AIL_auto_update_3D_position@8

speedtreert

?SetLodLimits@CSpeedTreeRT@@QAEXMM@Z

dinput8

DirectInput8Create

ws2_32

__WSAFDIsSet

ddraw

DirectDrawCreate

advapi32

RegOpenKeyExA

oleaut32

VariantClear

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 468KB - Virtual size: 467KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 186KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uriel0
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uriel1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05638d02997dbbd5355f3e798e9deaf7

Code Sign

20:e6:5f:5d:29:b5:82:24:10:50:4b:1a:c1:83:ca:3dCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

55:25:b4:b8:c8:d9:00:ea:30:75:95:44:91:dc:ea:ba:47:e3:14:4bSigner

Headers

DLL Characteristics

File Characteristics

Imports

urielac

kernel32

user32

gdi32

shell32

ole32

winmm

d3d8

python27

iphlpapi

devil

imm32

version

imagehlp

granny2

mss32

speedtreert

dinput8

ws2_32

ddraw

advapi32

oleaut32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 468KB - Virtual size: 467KB

.data Size: 186KB - Virtual size: 464KB

.data1 Size: 2KB - Virtual size: 2KB

.uriel0 Size: 1.6MB - Virtual size: 1.6MB

.uriel1 Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 122KB - Virtual size: 121KB

.rsrc Size: 47KB - Virtual size: 46KB

20:e6:5f:5d:29:b5:82:24:10:50:4b:1a:c1:83:ca:3d
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

55:25:b4:b8:c8:d9:00:ea:30:75:95:44:91:dc:ea:ba:47:e3:14:4b
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 468KB - Virtual size: 467KB

.data
Size: 186KB - Virtual size: 464KB

.data1
Size: 2KB - Virtual size: 2KB

.uriel0
Size: 1.6MB - Virtual size: 1.6MB

.uriel1
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 122KB - Virtual size: 121KB

.rsrc
Size: 47KB - Virtual size: 46KB