cdfafa774b68f7a8002a375f1c8cbd55_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cdfafa774b68f7a8002a375f1c8cbd55_JaffaCakes118
Size

354KB
MD5

cdfafa774b68f7a8002a375f1c8cbd55
SHA1

f5f2619b63182ebd1e75666d7a270f84421f803c
SHA256

292001aa95afc5ed82da7b29b512f137bedf91f74b7e198ac9846c417eadb87b
SHA512

f1c2e38546eab5269b287a2f3063202a18486167008dcd9bd8ca5908160f2044693aec6b62c58e6341474972ee82f723cb59635f0bf29227739e8747e0dfd9af
SSDEEP

6144:pBWpTeMCnS0JgxaRnxUYOR8hNrqnUVkQ04hIr190cd7q05KEePphTqtjqJhuyOHL:pOyfS0TKJ8SUutd7zx5t4pCWmyJy0G

Score

1^/10

Malware Config

Signatures

Files

cdfafa774b68f7a8002a375f1c8cbd55_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0be0fa442043af36b856b0736392d16e

Code Sign

c4:57:23:da:43:45:a1:67
Certificate

Issuer

CN=Thelawhathyetanotherholdonyou

Not Before

10/09/2011, 07:28

Not After

06/06/2014, 07:28

Subject

CN=Thelawhathyetanotherholdonyou

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:83:8a:d3:af:28:66:14:8a:84:df:67:84:c1:aa:70:da:fd:ca:14
Signer

Actual PE Digest

50:83:8a:d3:af:28:66:14:8a:84:df:67:84:c1:aa:70:da:fd:ca:14

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
SetEnvironmentVariableW
GetLastError
SetEvent
GetExitCodeThread
GetThreadContext
GetOEMCP
GetWindowsDirectoryW
GetUserDefaultLangID
CreateEventW
Thread32First
GetCurrentProcessId
CloseHandle
GetThreadPriority
MoveFileW
WinExec
FlushFileBuffers
SetProcessPriorityBoost
GetSystemDirectoryW
GetCurrentThreadId
GetProcAddress
LoadLibraryA
IsBadReadPtr
VirtualProtect
VirtualProtectEx
VirtualFree
Sleep
VirtualAlloc
FreeLibrary
WaitForSingleObject
WaitForMultipleObjects
GetSystemTime
GetCurrentProcess
lstrcpyA
TerminateJobObject
OpenProcess
lstrcpyW

advapi32

GetLengthSid
IsValidSid
GetUserNameW
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RevertToSelf
InitiateSystemShutdownExW
RegDeleteKeyW
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegOpenCurrentUser
OpenThreadToken
OpenProcessToken
GetTokenInformation
FreeSid
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
RegDeleteValueW
CopySid

Sections

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 345KB - Virtual size: 345KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0be0fa442043af36b856b0736392d16e

Code Sign

c4:57:23:da:43:45:a1:67Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

50:83:8a:d3:af:28:66:14:8a:84:df:67:84:c1:aa:70:da:fd:ca:14Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 392B

.text Size: 345KB - Virtual size: 345KB

.rsrc Size: 2KB - Virtual size: 1KB

c4:57:23:da:43:45:a1:67
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

50:83:8a:d3:af:28:66:14:8a:84:df:67:84:c1:aa:70:da:fd:ca:14
Signer

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 392B

.text
Size: 345KB - Virtual size: 345KB

.rsrc
Size: 2KB - Virtual size: 1KB