d038b44fa9631306cf84a1a6456f6fe3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d038b44fa9631306cf84a1a6456f6fe3_JaffaCakes118
Size

244KB
MD5

d038b44fa9631306cf84a1a6456f6fe3
SHA1

68b5ac771958a2ce1d5cc1a7252b423d82da78ee
SHA256

ebb539bf7ed0843d265ad239a684d270037ddfabf8f9d43b7395bbd714869c37
SHA512

3bc866579e4cf99462ff5a14091ca39f2a0d4dc4a88c2894d7c3556a67b322898d54f348aee9f11ac075d33c2b0d335e678c5eebfe971d46477c157376ee7a2a
SSDEEP

6144:WC+SWZbobuZD+HMmi2wpbQ7teOSy4SGnePjbViohZtPSfg:D+SWZRDOc20bYJl3VPDtx

Score

1^/10

Malware Config

Signatures

Files

d038b44fa9631306cf84a1a6456f6fe3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b421af2e508d90aee142c53006ee68ec

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11-09-2006 00:00

Not After

24-11-2007 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a5:f5:e6:81:de:a8:39:16:fd:65:fb:bd:35:e7:78:63:02:64:3d:5f
Signer

Actual PE Digest

a5:f5:e6:81:de:a8:39:16:fd:65:fb:bd:35:e7:78:63:02:64:3d:5f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmp
lstrcmpiW
CreateNamedPipeW
EnumTimeFormatsA
GlobalFindAtomA
MulDiv
SetCurrentDirectoryW
GetVersionExA
GetEnvironmentVariableA
GetSystemDirectoryW
GetModuleFileNameW
FileTimeToLocalFileTime
GetLogicalDriveStringsA
EnumDateFormatsW
CopyFileExW
BeginUpdateResourceA
GetSystemDefaultLCID
LoadLibraryExA
GetWindowsDirectoryA
GetTempPathA
ReplaceFileW
DeleteAtom
lstrlenW
OpenMutexW
LocalAlloc
GetDateFormatA
GetEnvironmentStringsA
GetVersion
SetUnhandledExceptionFilter
OpenMutexA
DisconnectNamedPipe
EnumCalendarInfoW
GetTickCount
GetSystemInfo
CreateSemaphoreA
LocalFree
CompareFileTime
GetDiskFreeSpaceW
CreateEventW
SearchPathW
GetProcAddress
EnumDateFormatsA
GetCurrentThread
OpenFile
IsValidCodePage
lstrcpy
CreateMutexA
FindAtomW
QueryPerformanceFrequency
GetLocaleInfoA
IsDebuggerPresent
GetExitCodeProcess
CreateDirectoryW
CreateEventA
GetTempPathW
SetLocaleInfoA
AddAtomW
CreateSemaphoreW
LoadLibraryW
GetModuleHandleA

user32

GetMenuStringW
CharLowerW
SetWindowTextW
DialogBoxIndirectParamA
GetClassInfoExA
GetCapture
EnableMenuItem
GetMenuItemInfoA
CharPrevA
GetMenuInfo
GetSubMenu
GetActiveWindow
GetDlgItemInt
MonitorFromPoint
CreateAcceleratorTableW
LoadBitmapW
UpdateLayeredWindow
FindWindowA
SendDlgItemMessageA
GetForegroundWindow
CreateDialogIndirectParamW
wvsprintfA
IsDlgButtonChecked
MessageBoxA
CharNextW
SetCapture
SetParent
ShowWindow

gdi32

CreatePolyPolygonRgn
SelectBrushLocal
CreatePolygonRgn
CreateBitmap
CreateFontA
CreateEllipticRgn
RemoveFontResourceExW
CreateDIBPatternBrush
CreateSolidBrush
RemoveFontResourceW
ExtCreateRegion
CreatePen
GetRasterizerCaps

shell32

StrNCmpIW
SHGetDataFromIDListA

comdlg32

PrintDlgW
FindTextA
PageSetupDlgA
ChooseFontA
GetOpenFileNameW
ReplaceTextW

setupapi

SetupQueueCopyW
CM_Query_Remove_SubTree
SetupDiRegisterCoDeviceInstallers
SetupRemoveFromDiskSpaceListW
SetupGetFieldCount
SetupFindNextLine
CM_Add_Res_Des_Ex
SetupOpenAppendInfFileA

ws2_32

gethostbyaddr
closesocket
WSAEventSelect
WSAEnumNetworkEvents
WSARecvDisconnect
gethostbyname
select
setsockopt
accept
bind
WSASend
recv
htons
WSACleanup
WSAGetLastError
WSADuplicateSocketA
gethostname

urlmon

CoInternetCombineUrl
CoInstall
HlinkSimpleNavigateToMoniker
GetMarkOfTheWeb
CreateURLMonikerEx
GetComponentIDFromCLSSPEC
CoInternetGetSession
RevokeFormatEnumerator
RegisterFormatEnumerator
URLOpenStreamA
CoInternetCompareUrl
IsLoggingEnabledW
CopyStgMedium
FindMediaType
RegisterMediaTypes
HlinkGoForward
ReleaseBindInfo

mprapi

MprAdminUserClose
MprAdminUserOpen

inetcomm

HrGetAttachIcon
EssReceiptRequestEncodeEx
MimeOleSMimeCapGetHashAlg
CreatePOP3Transport
MimeOleAlgNameFromSMimeCap
MimeOleGetPropW

Sections

.I
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.v
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qY
Size: 2KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.KP
Size: 5KB - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.V
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.GvuZ
Size: 2KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gGofL
Size: 5KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Ujh
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qZQgA
Size: 11KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RvyXx
Size: 2KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b421af2e508d90aee142c53006ee68ec

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4Certificate

Extended Key Usages

Key Usages

a5:f5:e6:81:de:a8:39:16:fd:65:fb:bd:35:e7:78:63:02:64:3d:5fSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

setupapi

ws2_32

urlmon

mprapi

inetcomm

Sections

.I Size: 7KB - Virtual size: 7KB

.v Size: 90KB - Virtual size: 90KB

.qY Size: 2KB - Virtual size: 338KB

.KP Size: 5KB - Virtual size: 463KB

.V Size: 11KB - Virtual size: 11KB

.GvuZ Size: 2KB - Virtual size: 208KB

.gGofL Size: 5KB - Virtual size: 45KB

.Ujh Size: 92KB - Virtual size: 92KB

.qZQgA Size: 11KB - Virtual size: 161KB

.RvyXx Size: 2KB - Virtual size: 54KB

.rsrc Size: 7KB - Virtual size: 6KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

a5:f5:e6:81:de:a8:39:16:fd:65:fb:bd:35:e7:78:63:02:64:3d:5f
Signer

.I
Size: 7KB - Virtual size: 7KB

.v
Size: 90KB - Virtual size: 90KB

.qY
Size: 2KB - Virtual size: 338KB

.KP
Size: 5KB - Virtual size: 463KB

.V
Size: 11KB - Virtual size: 11KB

.GvuZ
Size: 2KB - Virtual size: 208KB

.gGofL
Size: 5KB - Virtual size: 45KB

.Ujh
Size: 92KB - Virtual size: 92KB

.qZQgA
Size: 11KB - Virtual size: 161KB

.RvyXx
Size: 2KB - Virtual size: 54KB

.rsrc
Size: 7KB - Virtual size: 6KB