cecf3d0819a9c167f2b77724ed1e055c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cecf3d0819a9c167f2b77724ed1e055c_JaffaCakes118
Size

143KB
MD5

cecf3d0819a9c167f2b77724ed1e055c
SHA1

b9f44d23dcd46de7261ed740ebeabf6e9f1adff4
SHA256

1ab22853687026a773a39ac745a860ace0b4fc487909e8a63c95ba471d39bfb5
SHA512

c402341c09233bd604e032b017b49d12221e7d0410cdebda2e04a6690463ede7f750a66a5921f4c050605ecccbaf32613673ff2a94523ac39e0adca00278c2b4
SSDEEP

1536:kFVtEiQGYntRrptf8UKtYqzoINghoxVASEdjQfz6Cq:IRQFrptftKtYqbghoxVudjQLM

Score

1^/10

Malware Config

Signatures

Files

cecf3d0819a9c167f2b77724ed1e055c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

baf90112f5369077568aad2fa695f640

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

67:24:34:0d:db:c7:25:2f:7f:b7:14:b8:12:a5:c0:4d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

27/11/2009, 00:00

Not After

27/11/2011, 23:59

Subject

CN=YNK JAPAN Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=YNK JAPAN Inc,L=\ Nihonbashi Kodenmachou10-6,ST=Chuo-ku,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3c:b1:ae:9c:6c:80:01:b0:74:77:60:7d:e2:83:3b:9e:94:a9:e4:e8
Signer

Actual PE Digest

3c:b1:ae:9c:6c:80:01:b0:74:77:60:7d:e2:83:3b:9e:94:a9:e4:e8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
free
_except_handler3
srand
wcslen
wcscat
rand
memset
swprintf
_wfopen
fwrite
fclose

kernel32

LoadLibraryW
GetVersionExA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
GetCurrentProcess
TerminateProcess
GetStartupInfoW
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

baf90112f5369077568aad2fa695f640

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

67:24:34:0d:db:c7:25:2f:7f:b7:14:b8:12:a5:c0:4dCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

3c:b1:ae:9c:6c:80:01:b0:74:77:60:7d:e2:83:3b:9e:94:a9:e4:e8Signer

Headers

File Characteristics

Imports

msvcrt

kernel32

Sections

.text Size: 8KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 120KB - Virtual size: 116KB

.rsrc Size: 4KB - Virtual size: 16B

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

67:24:34:0d:db:c7:25:2f:7f:b7:14:b8:12:a5:c0:4d
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

3c:b1:ae:9c:6c:80:01:b0:74:77:60:7d:e2:83:3b:9e:94:a9:e4:e8
Signer

.text
Size: 8KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 120KB - Virtual size: 116KB

.rsrc
Size: 4KB - Virtual size: 16B