cff83366f1643bd96ad86c961883305c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cff83366f1643bd96ad86c961883305c_JaffaCakes118
Size

149KB
MD5

cff83366f1643bd96ad86c961883305c
SHA1

37385e18e4a84d956e19607d4406ae5049fe09b8
SHA256

196d8ae6c0d0fc05be7e4383774a5afdad0ca5e7abca816291df8464006f59d1
SHA512

f4aa2daf0c94b4db1b1cb43d137e43591a0d61751f2470810a6c0902ed76f66b9cce86a1ac12a5310d0132862014db87bfd23b2b7f5e5c04ba91600c6c92aac9
SSDEEP

3072:lwNbFMl8ZYm8v3+aAeiW4Q8Tbln61rRy5Htwln:/IYepWHKbJ62565

Score

1^/10

Malware Config

Signatures

Files

cff83366f1643bd96ad86c961883305c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ae9572578fc3bb8f97e1d3bbb76faea6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:55:f9:95:e6:cd:a7:e4:0d:b8:62:9e:5a:f1:5e:48
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

26/02/2007, 00:00

Not After

26/02/2008, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Shenzhen R&D Center,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

88:04:cf:00:a3:da:5a:ae:bf:dd:8a:1d:18:9b:19:25:48:28:96:87
Signer

Actual PE Digest

88:04:cf:00:a3:da:5a:ae:bf:dd:8a:1d:18:9b:19:25:48:28:96:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\CC\HummerMultiStr1.5Proj_2\Basic_hummer_VOB\Hummer1.0\Output\Bin\TXPlatform.pdb

Imports

kernel32

InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
GetModuleHandleW
SetProcessWorkingSetSize
GetCurrentProcess
CloseHandle
WaitForSingleObject
GetTickCount
CreateProcessW
CreateFileW
GetFileAttributesW
OpenProcess
GetCurrentProcessId
ReleaseMutex
Sleep
CreateThread
CreateEventW
GetCurrentThreadId
SetEvent
CreateMutexW
GetVersion
GetCommandLineW
GetProcAddress
LoadLibraryA
GetVersionExW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InterlockedIncrement
GetConsoleMode
GetConsoleCP
SetFilePointer
lstrcmpiW
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
VirtualFree
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetCPInfo
GetStartupInfoW
ExitProcess
GetModuleHandleA
GetSystemTimeAsFileTime
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
WideCharToMultiByte
LCMapStringA
GetModuleFileNameA
GetStdHandle
lstrlenW
WriteFile
HeapCreate
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
VirtualAlloc

user32

CharNextW
SendMessageW
IsWindow
SendMessageTimeoutW
GetWindowThreadProcessId
PostQuitMessage
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
CharUpperW
MessageBoxW
UnregisterClassA

advapi32

RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW

ole32

CoRegisterClassObject
CLSIDFromString
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
StringFromGUID2
CoRevokeClassObject
CoUninitialize

oleaut32

VariantChangeType
VariantClear
VariantInit
RegisterTypeLi
UnRegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VarBstrCmp
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
SysFreeString

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain

crypt32

CertGetNameStringW

psapi

GetModuleFileNameExW

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae9572578fc3bb8f97e1d3bbb76faea6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

0d:55:f9:95:e6:cd:a7:e4:0d:b8:62:9e:5a:f1:5e:48Certificate

Extended Key Usages

Key Usages

88:04:cf:00:a3:da:5a:ae:bf:dd:8a:1d:18:9b:19:25:48:28:96:87Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

wintrust

crypt32

psapi

Sections

.text Size: 96KB - Virtual size: 94KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 8KB - Virtual size: 7KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

0d:55:f9:95:e6:cd:a7:e4:0d:b8:62:9e:5a:f1:5e:48
Certificate

88:04:cf:00:a3:da:5a:ae:bf:dd:8a:1d:18:9b:19:25:48:28:96:87
Signer

.text
Size: 96KB - Virtual size: 94KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 8KB - Virtual size: 7KB