c8a0234327cc5e4a6fee94dcc6e4a4a2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c8a0234327cc5e4a6fee94dcc6e4a4a2_JaffaCakes118
Size

125KB
MD5

c8a0234327cc5e4a6fee94dcc6e4a4a2
SHA1

901835775df380587dfcd433ff2ce646752320d1
SHA256

d26c8baac6d8ff77f8abd9825bc1afc42e38d8a6126d967acf5e32a8c4e2cae2
SHA512

f0b0b92e03e20cf2d02cd488cff0bc2de18d1007e230e1336015af728d3bac16e60ab6d3bbe2b09395ef9af2d41c83524dc939811c06ffbe79d78f267ad63a55
SSDEEP

1536:AhiGCQe+q9mJgowS4G+RVAJWwNrblBWc/ksvbfJoZRtqtvRqTZ7nzrNPTJdxKax+:xpHWlbPNrbCc/fJoZRtqtvR0Jz9lzg

Score

1^/10

Malware Config

Signatures

Files

c8a0234327cc5e4a6fee94dcc6e4a4a2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9686e9a68c64aa174c94a9245ccc3512

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31/07/2009, 00:00

Not After

30/07/2012, 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExW

kernel32

SetEvent
CreateThread
CreateEventW
GetModuleFileNameW
InterlockedIncrement
lstrlenA
DebugBreak
OutputDebugStringW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
Sleep
GetProcAddress
LoadLibraryW
GetCurrentThreadId
GetCommandLineW
EnterCriticalSection
LeaveCriticalSection
VirtualFreeEx
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
lstrcmpiW
GetShortPathNameW
GetVersionExW
GlobalFree
GlobalAlloc
GetCurrentProcess
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
InterlockedDecrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
WaitForSingleObject
CloseHandle
FlushFileBuffers
GetLocaleInfoA
SetHandleCount
GetCommandLineA
SetFilePointer
LoadLibraryA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetVersionExA
HeapAlloc
HeapFree
RtlUnwind
HeapReAlloc
GetProcessHeap
GetStartupInfoW
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetFileType

user32

CharLowerBuffW
LoadStringW
GetMessageW
TranslateMessage
DispatchMessageW
CharNextW
PostThreadMessageW
UnregisterClassA

advapi32

RegCreateKeyW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetFolderPathW
ShellExecuteExW

ole32

CoRegisterClassObject
StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoRevokeClassObject
CoCreateInstance
CoTaskMemFree

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen

shlwapi

PathFileExistsW
StrCmpNIW

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9686e9a68c64aa174c94a9245ccc3512

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8dCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

psapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 64KB - Virtual size: 60KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 24KB - Virtual size: 20KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

.text
Size: 64KB - Virtual size: 60KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 24KB - Virtual size: 20KB