cec1a72b29c44b2fe8735057663ee257_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cec1a72b29c44b2fe8735057663ee257_JaffaCakes118
Size

444KB
MD5

cec1a72b29c44b2fe8735057663ee257
SHA1

434563abda07f6b106906436f08fce2be23c3d27
SHA256

477c616d444f502aae8ce0b4f6bad43ebb6b4e1b3d4ee16225f73c05567f12b0
SHA512

b9d42d93dfea9887f0723c4d4b6095b19fb1f224ccaf21ed93ad48239fe4c5f5dac27339ec962964d88892fdc094a7e257d9e867a47cd7e0d380dcf73bd78d20
SSDEEP

6144:e+iCG+BY64JanxwHq1KZe75QgQbpkirLauxyxPS5djYQuuMVCCku3nAsAJmfsm+:c9zGbaPm

Score

1^/10

Malware Config

Signatures

Files

cec1a72b29c44b2fe8735057663ee257_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ef012e0f410ffa03eb0918e7a16663eb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:f8:20:a6:90:76:99:58:04:10:05:52:28:ec:ad:df
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/08/2007, 00:00

Not After

01/09/2009, 23:59

Subject

CN=NVIDIA Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

94:71:d7:96:a6:27:56:02:7f:1f:b5:3e:cb:fc:12:f9:4b:91:96:8e
Signer

Actual PE Digest

94:71:d7:96:a6:27:56:02:7f:1f:b5:3e:cb:fc:12:f9:4b:91:96:8e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceInstanceIdA
SetupDiClassGuidsFromNameA
SetupDiGetINFClassA
SetupDiGetDeviceInstallParamsA
SetupDiCallClassInstaller
SetupDiEnumDriverInfoA
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsA
SetupDiRegisterDeviceInfo
SetupDiSetDeviceRegistryPropertyA
SetupDiCreateDeviceInfoA
SetupDiCreateDeviceInfoList
SetupDiDestroyDriverInfoList
SetupDiSetSelectedDevice
SetupDiGetDriverInfoDetailA
SetupDiRemoveDevice
SetupDiDestroyDeviceInfoList

comctl32

ord17

shlwapi

PathAppendA
PathIsDirectoryA

kernel32

CreateProcessA
FindClose
FindNextFileA
SetLastError
FindFirstFileA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
Sleep
GetModuleFileNameA
SetCurrentDirectoryA
GetFullPathNameA
DeleteFileA
SetFileAttributesA
GetFileAttributesA
GetVersionExA
GetComputerNameA
GetUserDefaultLangID
GetCurrentDirectoryA
GetWindowsDirectoryA
GetCurrentProcess
ReleaseMutex
CreateDirectoryA
MapViewOfFile
CreateFileMappingA
CreateMutexA
UnmapViewOfFile
GetTimeFormatA
GetLocalTime
OutputDebugStringA
MoveFileExA
LocalAlloc
GetCurrentThread
FreeLibrary
SetEnvironmentVariableA
Module32First
CreateToolhelp32Snapshot
Process32Next
Process32First
TerminateProcess
OpenProcess
CloseHandle
DeviceIoControl
CreateFileA
GetPrivateProfileStringA
WaitForSingleObject
GlobalUnlock
GlobalLock
GlobalAlloc
CopyFileA
GetCurrentProcessId
GetCurrentThreadId
RemoveDirectoryA
LoadLibraryA
WriteFile
SetFilePointer
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
LeaveCriticalSection
EnterCriticalSection
RaiseException
LCMapStringW
WideCharToMultiByte
LCMapStringA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
ReadFile
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetStartupInfoA
WinExec
GetLastError
FormatMessageA
LocalFree
InitializeCriticalSection
GetConsoleCP
GetConsoleMode
GlobalFree
GetExitCodeProcess
FlushFileBuffers
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
GetProcessHeap
HeapAlloc
GetCommandLineA
CompareStringW
CompareStringA
SetEndOfFile
SetStdHandle
RtlUnwind
HeapFree
ExitProcess

user32

EndDeferWindowPos
LoadImageA
UpdateWindow
MessageBoxA
LoadStringA
GetWindowRect
ShowWindow
DeferWindowPos
GetClientRect
GetSystemMetrics
SetWindowPos
SendMessageA
CopyRect
GetParent
CheckDlgButton
SetDlgItemTextA
GetDlgItem
EnableWindow
EndDialog
IsDlgButtonChecked
GetWindowThreadProcessId
EnumWindows
DialogBoxParamA
GetWindowInfo
ExitWindowsEx
CreateWindowExA
OffsetRect
GetDesktopWindow
BeginDeferWindowPos
LoadBitmapA

advapi32

RegEnumValueA
OpenSCManagerA
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
CloseServiceHandle
ImpersonateSelf
OpenThreadToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
FreeSid
RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
RegSetValueExA
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoSetProxyBlanket

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ef012e0f410ffa03eb0918e7a16663eb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

3a:f8:20:a6:90:76:99:58:04:10:05:52:28:ec:ad:dfCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

94:71:d7:96:a6:27:56:02:7f:1f:b5:3e:cb:fc:12:f9:4b:91:96:8eSigner

Headers

File Characteristics

Imports

version

setupapi

comctl32

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 100KB - Virtual size: 96KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 296KB - Virtual size: 301KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

3a:f8:20:a6:90:76:99:58:04:10:05:52:28:ec:ad:df
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

94:71:d7:96:a6:27:56:02:7f:1f:b5:3e:cb:fc:12:f9:4b:91:96:8e
Signer

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 296KB - Virtual size: 301KB