c28144ce4aa3620187591ead11d015ec_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c28144ce4aa3620187591ead11d015ec_JaffaCakes118
Size

1.1MB
MD5

c28144ce4aa3620187591ead11d015ec
SHA1

badbc572c4f6042f8928025e87053966e67d4ab1
SHA256

c06dce37bd6ac4bcf8016bc472eae884e81e265d71060b57bcc922100454527d
SHA512

20cbf2fd3f9eaa954cd9b63380b8254c7cd23fdc4321c5019435be8bd5248a01401ba107d22b34f381e474b9d5af53fc48ae473230be792c534167871cf42a87
SSDEEP

24576:UK78zjwjzbz2sTb++Rwa7ZKPPQyT3cj7wK/MR5+uv+uW+uh+u8+uK+uQF7FRE:Uw8ij2sTb++RwWoP4yTtK/MR4FW38GpE

Score

1^/10

Malware Config

Signatures

Files

c28144ce4aa3620187591ead11d015ec_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0bd94addaea969266fa049c776cb2dad

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:1f:4a:c0:fb:2b:4a:49:93:0f:c1:97:53:ae:e0:4c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/10/2009, 00:00

Not After

22/10/2012, 23:59

Subject

CN=Net Transmit & Receive SL,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Net Transmit & Receive SL,L=Barcelona,ST=Barcelona,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

SetFilePointer
ReadFile
GetVolumeInformationA
GetVersionExA
GetWindowsDirectoryA
GetCurrentProcess
CreateDirectoryA
LocalFree
LocalAlloc
SizeofResource
LockResource
LoadResource
FindResourceA
GetCurrentDirectoryA
GetCurrentProcessId
HeapAlloc
GetProcessHeap
CreateMutexA
ReleaseMutex
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
lstrcpynA
GetLocaleInfoW
GetTimeZoneInformation
lstrcatA
lstrcpyA
CopyFileA
SetFileAttributesA
lstrcmpA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetCurrentThread
EnterCriticalSection
GetSystemDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
LoadLibraryA
GetProcAddress
SetCurrentDirectoryA
GetModuleHandleA
FreeLibrary
CreateEventA
CreateThread
WaitForSingleObject
GetTickCount
lstrlenW
Sleep
TerminateThread
SetEvent
MultiByteToWideChar
DeleteFileA
SetLastError
GetModuleFileNameA
GetVersion
CreateFileA
lstrlenA
WriteFile
CloseHandle
GetLastError
WideCharToMultiByte
GetTempPathA
GetTempFileNameA
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetHandleCount
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetStdHandle
VirtualAlloc
VirtualFree
GetUserDefaultLCID
GetStringTypeA
SetEndOfFile
GetConsoleMode
GetConsoleCP
SetStdHandle
HeapSize
QueryPerformanceFrequency
QueryPerformanceCounter
FormatMessageA
LocalSize
OutputDebugStringA
ExitProcess
GlobalAlloc
GlobalFree
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetLocaleInfoA
HeapFree
HeapReAlloc
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
GetFileType
LCMapStringA
LCMapStringW
GetCPInfo
GetTimeFormatA
GetDateFormatA
CompareStringA
CompareStringW
GetStringTypeW
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
HeapCreate
GetEnvironmentStringsW

user32

InvalidateRect
RegisterClassExA
EnableMenuItem
InsertMenuItemA
CreatePopupMenu
DestroyMenu
LoadAcceleratorsA
SystemParametersInfoA
SetWindowTextA
MessageBoxA
GetDesktopWindow
wsprintfA
GetSystemMetrics
DestroyWindow
CreateWindowExA
GetClassInfoA
LoadIconA
LoadCursorA
RegisterClassA
DefWindowProcA
PostQuitMessage
GetCapture
GetCursorPos
SetForegroundWindow
TrackPopupMenu
FlashWindow
GetMessageA
TranslateAcceleratorA
IsDialogMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
MoveWindow
SetWindowPos
EnableWindow
ShowWindow
SetFocus
UpdateWindow
SendMessageA
PostMessageA
BeginPaint
EndPaint
IntersectRect
TrackMouseEvent
SetCursor
SetCapture
PtInRect
ReleaseCapture
SetWindowLongA
GetWindowLongA
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
SetRectEmpty
KillTimer
SetTimer
SetRect
CallWindowProcA
GetWindowTextW
GetFocus

advapi32

CryptDestroyHash
CreateServiceA
StartServiceA
DeleteService
QueryServiceObjectSecurity
GetSecurityDescriptorDacl
BuildExplicitAccessWithNameA
SetEntriesInAclA
SetServiceObjectSecurity
OpenSCManagerA
CloseServiceHandle
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
FreeSid
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCloseKey
LookupAccountNameA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptReleaseContext

shell32

ShellExecuteA

ole32

CoTaskMemFree

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString

comctl32

InitCommonControlsEx

wsock32

WSAGetLastError
ioctlsocket
inet_addr
gethostbyname
WSAStartup
gethostname

gdi32

CreateFontA
BitBlt
SelectObject
CreateDIBSection
DeleteDC
DeleteObject
CreateCompatibleDC

Sections

.text
Size: 648KB - Virtual size: 647KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 86KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0bd94addaea969266fa049c776cb2dad

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

14:1f:4a:c0:fb:2b:4a:49:93:0f:c1:97:53:ae:e0:4cCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

comctl32

wsock32

gdi32

Sections

.text Size: 648KB - Virtual size: 647KB

.rdata Size: 176KB - Virtual size: 175KB

.data Size: 86KB - Virtual size: 94KB

.rsrc Size: 257KB - Virtual size: 256KB

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

14:1f:4a:c0:fb:2b:4a:49:93:0f:c1:97:53:ae:e0:4c
Certificate

.text
Size: 648KB - Virtual size: 647KB

.rdata
Size: 176KB - Virtual size: 175KB

.data
Size: 86KB - Virtual size: 94KB

.rsrc
Size: 257KB - Virtual size: 256KB