d172c01ce288d6fdd72f261c7b4ca3a5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d172c01ce288d6fdd72f261c7b4ca3a5_JaffaCakes118
Size

244KB
MD5

d172c01ce288d6fdd72f261c7b4ca3a5
SHA1

23c8958c2e0cf284488d04a5e41b86d5162d3472
SHA256

e3b48265897ae2ab17e71b8c04c2d3d190e4d2b5fb1498ac0d2c4a6616e6a378
SHA512

4445d5d33653d111d5a2a57a82f2da8a8f6615e499037ed77a57e05156a7d6c7b1b93610496ec82686d88a8dc39768c06bea5b0d0910e3236864f2258419abed
SSDEEP

6144:VC+SWZbobuZD+HMmi2wpbQ7teOSy4SGnePjbViohZtPSfg:g+SWZRDOc20bYJl3VPDtx

Score

1^/10

Malware Config

Signatures

Files

d172c01ce288d6fdd72f261c7b4ca3a5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b421af2e508d90aee142c53006ee68ec

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/09/2006, 00:00

Not After

24/11/2007, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a5:f5:e6:81:de:a8:39:16:fd:65:fb:bd:35:e7:78:63:02:64:3d:5f
Signer

Actual PE Digest

a5:f5:e6:81:de:a8:39:16:fd:65:fb:bd:35:e7:78:63:02:64:3d:5f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmp
lstrcmpiW
CreateNamedPipeW
EnumTimeFormatsA
GlobalFindAtomA
MulDiv
SetCurrentDirectoryW
GetVersionExA
GetEnvironmentVariableA
GetSystemDirectoryW
GetModuleFileNameW
FileTimeToLocalFileTime
GetLogicalDriveStringsA
EnumDateFormatsW
CopyFileExW
BeginUpdateResourceA
GetSystemDefaultLCID
LoadLibraryExA
GetWindowsDirectoryA
GetTempPathA
ReplaceFileW
DeleteAtom
lstrlenW
OpenMutexW
LocalAlloc
GetDateFormatA
GetEnvironmentStringsA
GetVersion
SetUnhandledExceptionFilter
OpenMutexA
DisconnectNamedPipe
EnumCalendarInfoW
GetTickCount
GetSystemInfo
CreateSemaphoreA
LocalFree
CompareFileTime
GetDiskFreeSpaceW
CreateEventW
SearchPathW
GetProcAddress
EnumDateFormatsA
GetCurrentThread
OpenFile
IsValidCodePage
lstrcpy
CreateMutexA
FindAtomW
QueryPerformanceFrequency
GetLocaleInfoA
IsDebuggerPresent
GetExitCodeProcess
CreateDirectoryW
CreateEventA
GetTempPathW
SetLocaleInfoA
AddAtomW
CreateSemaphoreW
LoadLibraryW
GetModuleHandleA

user32

GetMenuStringW
CharLowerW
SetWindowTextW
DialogBoxIndirectParamA
GetClassInfoExA
GetCapture
EnableMenuItem
GetMenuItemInfoA
CharPrevA
GetMenuInfo
GetSubMenu
GetActiveWindow
GetDlgItemInt
MonitorFromPoint
CreateAcceleratorTableW
LoadBitmapW
UpdateLayeredWindow
FindWindowA
SendDlgItemMessageA
GetForegroundWindow
CreateDialogIndirectParamW
wvsprintfA
IsDlgButtonChecked
MessageBoxA
CharNextW
SetCapture
SetParent
ShowWindow

gdi32

CreatePolyPolygonRgn
SelectBrushLocal
CreatePolygonRgn
CreateBitmap
CreateFontA
CreateEllipticRgn
RemoveFontResourceExW
CreateDIBPatternBrush
CreateSolidBrush
RemoveFontResourceW
ExtCreateRegion
CreatePen
GetRasterizerCaps

shell32

StrNCmpIW
SHGetDataFromIDListA

comdlg32

PrintDlgW
FindTextA
PageSetupDlgA
ChooseFontA
GetOpenFileNameW
ReplaceTextW

setupapi

SetupQueueCopyW
CM_Query_Remove_SubTree
SetupDiRegisterCoDeviceInstallers
SetupRemoveFromDiskSpaceListW
SetupGetFieldCount
SetupFindNextLine
CM_Add_Res_Des_Ex
SetupOpenAppendInfFileA

ws2_32

gethostbyaddr
closesocket
WSAEventSelect
WSAEnumNetworkEvents
WSARecvDisconnect
gethostbyname
select
setsockopt
accept
bind
WSASend
recv
htons
WSACleanup
WSAGetLastError
WSADuplicateSocketA
gethostname

urlmon

CoInternetCombineUrl
CoInstall
HlinkSimpleNavigateToMoniker
GetMarkOfTheWeb
CreateURLMonikerEx
GetComponentIDFromCLSSPEC
CoInternetGetSession
RevokeFormatEnumerator
RegisterFormatEnumerator
URLOpenStreamA
CoInternetCompareUrl
IsLoggingEnabledW
CopyStgMedium
FindMediaType
RegisterMediaTypes
HlinkGoForward
ReleaseBindInfo

mprapi

MprAdminUserClose
MprAdminUserOpen

inetcomm

HrGetAttachIcon
EssReceiptRequestEncodeEx
MimeOleSMimeCapGetHashAlg
CreatePOP3Transport
MimeOleAlgNameFromSMimeCap
MimeOleGetPropW

Sections

.I
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.v
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qY
Size: 2KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.KP
Size: 5KB - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.V
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.GvuZ
Size: 2KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gGofL
Size: 5KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Ujh
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qZQgA
Size: 11KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RvyXx
Size: 2KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b421af2e508d90aee142c53006ee68ec

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4Certificate

Extended Key Usages

Key Usages

a5:f5:e6:81:de:a8:39:16:fd:65:fb:bd:35:e7:78:63:02:64:3d:5fSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

setupapi

ws2_32

urlmon

mprapi

inetcomm

Sections

.I Size: 7KB - Virtual size: 7KB

.v Size: 90KB - Virtual size: 90KB

.qY Size: 2KB - Virtual size: 338KB

.KP Size: 5KB - Virtual size: 463KB

.V Size: 11KB - Virtual size: 11KB

.GvuZ Size: 2KB - Virtual size: 208KB

.gGofL Size: 5KB - Virtual size: 45KB

.Ujh Size: 92KB - Virtual size: 92KB

.qZQgA Size: 11KB - Virtual size: 161KB

.RvyXx Size: 2KB - Virtual size: 54KB

.rsrc Size: 7KB - Virtual size: 6KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

a5:f5:e6:81:de:a8:39:16:fd:65:fb:bd:35:e7:78:63:02:64:3d:5f
Signer

.I
Size: 7KB - Virtual size: 7KB

.v
Size: 90KB - Virtual size: 90KB

.qY
Size: 2KB - Virtual size: 338KB

.KP
Size: 5KB - Virtual size: 463KB

.V
Size: 11KB - Virtual size: 11KB

.GvuZ
Size: 2KB - Virtual size: 208KB

.gGofL
Size: 5KB - Virtual size: 45KB

.Ujh
Size: 92KB - Virtual size: 92KB

.qZQgA
Size: 11KB - Virtual size: 161KB

.RvyXx
Size: 2KB - Virtual size: 54KB

.rsrc
Size: 7KB - Virtual size: 6KB