d220b09a4529983daeccde8360236e72_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d220b09a4529983daeccde8360236e72_JaffaCakes118
Size

1.1MB
MD5

d220b09a4529983daeccde8360236e72
SHA1

a57f76cb345711229f2242ecbc5a445b18db8e83
SHA256

719a6da4e6f62fe880ebd7a1e4712905241aff3e9e5ebbf294a4551af653a4a4
SHA512

243c75972282b652cf607a1508863aaca6785ed0d2cf55586f09eb1c824d4d97793e5cf83a94501deff61df750021ad82c752d32736a0d2166274ea760115758
SSDEEP

24576:6HLrN0A1GimtLsasyJzDBIGfBUWNs7/UtCOIx6A3ZLY4lA:6HnN3GDs6IGfBUEM/qC4A3/A

Score

1^/10

Malware Config

Signatures

Files

d220b09a4529983daeccde8360236e72_JaffaCakes118
.exe windows:4 windows x86 arch:x86

432256747a2187fcf2459dfa21265ed2

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:ca:c0:20:4e:26:af:c8:93:f8:a3:db:73:e0:1c:70
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2011, 00:00

Not After

16/07/2013, 23:59

Subject

CN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bc:4d:a4:c6:4f:61:70:d4:f9:e6:20:ff:55:7a:c1:14:48:0a:1d:46
Signer

Actual PE Digest

bc:4d:a4:c6:4f:61:70:d4:f9:e6:20:ff:55:7a:c1:14:48:0a:1d:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostbyname
inet_ntoa
shutdown
setsockopt
recvfrom
ioctlsocket
connect
select
__WSAFDIsSet
sendto
ntohs
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
accept
recv
WSAGetLastError
ntohl
socket
htons
htonl
bind
listen
WSACreateEvent
WSAEventSelect
gethostname
inet_addr
send
WSAStartup
WSACloseEvent
closesocket
WSACleanup

kernel32

SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
Sleep
CloseHandle
WaitForSingleObject
GetTickCount
ReadFile
CreateFileW
GetLastError
GetModuleFileNameW
GetSystemInfo
GetACP
RemoveDirectoryW
DeleteFileW
GetEnvironmentVariableW
TerminateThread
CreateThread
GetCommandLineA
CreateMutexA
ResetEvent
SetFileAttributesW
CopyFileW
InitializeCriticalSection
InterlockedCompareExchange
DeleteCriticalSection
GetCurrentThreadId
EnterCriticalSection
GetModuleHandleA
GetVersionExA
AreFileApisANSI
SetFilePointer
WriteFile
SetEndOfFile
FlushFileBuffers
GetFileSize
UnlockFile
LockFile
GetFileAttributesA
DeleteFileA
GetFileAttributesW
LoadLibraryA
LoadLibraryW
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTime
GetSystemTimeAsFileTime
LockFileEx
GetTempPathA
GetTempPathW
LocalFree
FormatMessageA
FormatMessageW
GetFullPathNameA
GetFullPathNameW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
CreateFileA
SetEvent
InterlockedIncrement
CreateEventA
GetStringTypeW
GetStringTypeA
SetStdHandle
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapCreate
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
VirtualAlloc
VirtualFree
GetTimeZoneInformation
LeaveCriticalSection
GetFileSizeEx
GetOEMCP
HeapSize
ExitProcess
GetCurrentDirectoryA
GetConsoleMode
GetConsoleCP
GetComputerNameA
GetStdHandle
GetDiskFreeSpaceExA
GetSystemDirectoryA
GetDriveTypeA
GetLogicalDrives
GetVolumeInformationW
GetCurrentProcess
GetDiskFreeSpaceExW
GetDriveTypeW
GetSystemDirectoryW
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
MoveFileW
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
CreateEventW
WaitForMultipleObjects
SetFileValidData
SetFilePointerEx
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
HeapFree
HeapAlloc
GetProcessHeap
LocalAlloc
GetModuleFileNameA
InterlockedExchange
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
ExitThread
ResumeThread
HeapReAlloc
GetStartupInfoA
CreateDirectoryA
GetCPInfo
LCMapStringA
LCMapStringW
SetLastError

user32

PostQuitMessage
DefWindowProcA
TranslateMessage
wsprintfW
GetMessageA
CreateWindowExA
DispatchMessageA
FindWindowA
PostMessageA
LoadCursorA
LoadIconA
RegisterClassA

advapi32

ConvertSecurityDescriptorToStringSecurityDescriptorW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
GetFileSecurityW
RegSetValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

SHFileOperationW
SHGetSpecialFolderPathW
ShellExecuteW

shlwapi

StrStrIA

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ole32

CoCreateInstance
CoCreateGuid
CoInitialize
StringFromGUID2
CoUninitialize

oleaut32

SysStringLen
SysAllocString
SysFreeString

Sections

.text
Size: 884KB - Virtual size: 882KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

432256747a2187fcf2459dfa21265ed2

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

2c:ca:c0:20:4e:26:af:c8:93:f8:a3:db:73:e0:1c:70Certificate

Extended Key Usages

Key Usages

bc:4d:a4:c6:4f:61:70:d4:f9:e6:20:ff:55:7a:c1:14:48:0a:1d:46Signer

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

shell32

shlwapi

iphlpapi

version

ole32

oleaut32

Sections

.text Size: 884KB - Virtual size: 882KB

.rdata Size: 136KB - Virtual size: 132KB

.data Size: 16KB - Virtual size: 1.0MB

.rsrc Size: 116KB - Virtual size: 113KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

2c:ca:c0:20:4e:26:af:c8:93:f8:a3:db:73:e0:1c:70
Certificate

bc:4d:a4:c6:4f:61:70:d4:f9:e6:20:ff:55:7a:c1:14:48:0a:1d:46
Signer

.text
Size: 884KB - Virtual size: 882KB

.rdata
Size: 136KB - Virtual size: 132KB

.data
Size: 16KB - Virtual size: 1.0MB

.rsrc
Size: 116KB - Virtual size: 113KB