c832e54f982c5b0d9106b36f00d8cba9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c832e54f982c5b0d9106b36f00d8cba9_JaffaCakes118
Size

221KB
MD5

c832e54f982c5b0d9106b36f00d8cba9
SHA1

f53f6d2ce6dc41e3c820a4816a1d3cb302e3ef52
SHA256

1e86c3167c438365caa4b659f73b94b616c52bf8bdcef0983b1c1b442f09f18f
SHA512

65838056e9008c1f962266c8bd29744aca322d871ea77e6d5258fec416b17a6430d9a7487c72b4fa8e6b7816d04186ebab2040eaf4ee91cbe2222b075943c882
SSDEEP

3072:dQPTY6g1BJ1WMY0gOXPXCI0BGduQuy4HYHzLE:GsVaB0P/SBJ5H6zL

Score

1^/10

Malware Config

Signatures

Files

c832e54f982c5b0d9106b36f00d8cba9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bfa0d838c704b6f0ee77ed09092e02f0

Code Sign

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

03/12/2001, 00:00

Not After

02/12/2011, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2001 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

40:53:bf:f7:a1:3d:e2:e9:c6:fe:43:93:d3:f1:fd:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2001 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Not Before

15/09/2004, 00:00

Not After

15/09/2005, 23:59

Subject

CN=Autodesk\, Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Design Solutions Group,O=Autodesk\, Inc,L=San Rafael,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

U:\install\msi\local\current\Release\bin\common\Setup.pdb

Imports

comctl32

InitCommonControlsEx

shlwapi

PathUnquoteSpacesW
PathFindExtensionW
PathStripPathW
PathRemoveFileSpecW
PathAppendW
PathRenameExtensionW
PathFileExistsW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shell32

SHGetFolderPathW

msi

ord8
ord160
ord159
ord32
ord118
ord92

kernel32

WideCharToMultiByte
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
LoadLibraryA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
lstrcpyW
lstrcmpiW
lstrlenW
lstrcpynW
GetPrivateProfileSectionW
GetPrivateProfileStringW
GetPrivateProfileIntW
LoadLibraryW
FreeLibrary
GetProcAddress
ExpandEnvironmentStringsW
GetTempFileNameW
GetTempPathW
GetCurrentProcess
GetVersionExW
CloseHandle
lstrcmpW
GetLastError
CreateMutexW
GlobalFree
GlobalAlloc
GetSystemDirectoryW
WriteFile
GetLocalTime
LocalFree
FormatMessageW
GetComputerNameW
SetFilePointer
GetStringTypeW
ReadFile
FlushFileBuffers
Sleep
MoveFileExW
GetExitCodeProcess
CreateProcessW
lstrcatW
VerifyVersionInfoW
VerSetConditionMask
GetModuleFileNameW
GetModuleHandleW
HeapDestroy
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
MultiByteToWideChar
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
LCMapStringW
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
HeapSize
HeapReAlloc
HeapAlloc
HeapFree
GetVersionExA
GetStartupInfoW
RtlUnwind
TerminateProcess
SetStdHandle
VirtualProtect
GetSystemInfo
VirtualQuery
GetLocaleInfoA
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
CreateFileW
ExitProcess
GetModuleHandleA

user32

SetCursor
GetWindowRect
SystemParametersInfoW
GetDlgItem
IsDialogMessageW
SetDlgItemTextW
DestroyWindow
MessageBoxW
LoadCursorW
ExitWindowsEx
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
PeekMessageW
GetSystemMetrics
LoadStringW
ShowWindow
LoadIconW
SetForegroundWindow
SetFocus
MoveWindow
SetWindowTextW
CreateDialogParamW
EndDialog
DialogBoxParamW
wsprintfW
SendMessageW

advapi32

EqualSid
RegSetValueExW
GetUserNameW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
FreeSid

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bfa0d838c704b6f0ee77ed09092e02f0

Code Sign

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

40:53:bf:f7:a1:3d:e2:e9:c6:fe:43:93:d3:f1:fd:b7Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

comctl32

shlwapi

version

shell32

msi

kernel32

user32

advapi32

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 15KB

.rsrc Size: 153KB - Virtual size: 153KB

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

40:53:bf:f7:a1:3d:e2:e9:c6:fe:43:93:d3:f1:fd:b7
Certificate

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 15KB

.rsrc
Size: 153KB - Virtual size: 153KB