d34ead1350e6d12fc1df25003af2807a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d34ead1350e6d12fc1df25003af2807a_JaffaCakes118
Size

308KB
MD5

d34ead1350e6d12fc1df25003af2807a
SHA1

74a9569fc696d0747ab45322e4da950ce71b61d3
SHA256

d4b5df8abdba4c13973c505635e4469986be5fed4368c5505ff3e8756ca647c6
SHA512

b5eb44e6e3979ac364a615a2b85ab7887b995a9f838bf608f99ae8d7fff28076f65d35a31374929f0baf00aea0905141970810e8b81e717858eda17acbea4f66
SSDEEP

6144:1QcaVpy1FeGkauToFZalhAK9tXqAuReydv4jXUWGPCZVSbXCVRYSKRZpkq1ZBjHF:mlpyfeGkbTmLK9QY5jkrP40bXCJKzDJ

Score

1^/10

Malware Config

Signatures

Files

d34ead1350e6d12fc1df25003af2807a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

88ef56c92b838b74d0eb86db96ebbab7

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:97:14:8c:e1:59:cf:04:fb:ae:e6:f5:78:b7:9f:06
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

30/10/2008, 03:33

Not After

16/11/2010, 11:06

Subject

CN=Haansoft\, Inc,OU=Technical Development Laboratory,O=Haansoft\, Inc,L=KwangJin-Gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

21:fd:e8:0f:72:a2:84:35:12:bd:cf:d2:78:08:66:2d:25:ab:a8:ff
Signer

Actual PE Digest

21:fd:e8:0f:72:a2:84:35:12:bd:cf:d2:78:08:66:2d:25:ab:a8:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetStdHandle
GetCurrentProcess
CreateEventA
CreateFileMappingA
SetEvent
UnmapViewOfFile
MapViewOfFile
ResetEvent
WaitForSingleObject
CloseHandle
ReleaseMutex
CreateMutexA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
VirtualFree
VirtualAlloc
GetProcAddress
GetModuleHandleA
GetVersion
OpenMutexA
GetLastError
GlobalReAlloc
GetPrivateProfileIntA
GetWindowsDirectoryA
GetPrivateProfileStringA
IsDBCSLeadByte
TlsGetValue
GetCurrentDirectoryA
GetFullPathNameA
SetFileAttributesA
FindFirstFileA
CreateDirectoryA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDriveTypeA
DeleteFileA
GetLocaleInfoW
FindClose
DuplicateHandle
GetTimeZoneInformation
GetSystemTime
GetLocalTime
ExitProcess
TerminateProcess
GetStartupInfoA
GetCommandLineA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
WideCharToMultiByte
GetStringTypeA
GetStringTypeW
MultiByteToWideChar
ReadFile
SetPriorityClass
GetFileType
SetHandleCount
GetStdHandle
CreatePipe
GetExitCodeProcess
HeapReAlloc
HeapAlloc
SetFilePointer
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
InterlockedIncrement
InterlockedDecrement
RtlUnwind
GetFileAttributesA
FlushFileBuffers
WriteFile
GetCPInfo
GetACP
GetOEMCP
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
CreateFileA
CreateProcessA
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
SetEnvironmentVariableA
LoadLibraryA
SetEndOfFile
GetLocaleInfoA

user32

KillTimer
SetTimer
PostQuitMessage
SetWindowTextA
CreateWindowExA
DestroyWindow
DefWindowProcA
RegisterClassA
LoadCursorA
LoadIconA
DispatchMessageA
GetMessageA
TranslateMessage

Exports

Exports

_romkan_close@4
_romkan_henkan_dlm@20
_romkan_init3@20
_romkan_restore_table_handle@8
_romkan_restore_table_point@4
_romkan_save_table_handle@4
_romkan_save_table_point@4
_romkan_table_close@4
_romkan_table_exist@0
_romkan_table_open@0

Sections

.text
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88ef56c92b838b74d0eb86db96ebbab7

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

31:97:14:8c:e1:59:cf:04:fb:ae:e6:f5:78:b7:9f:06Certificate

Extended Key Usages

21:fd:e8:0f:72:a2:84:35:12:bd:cf:d2:78:08:66:2d:25:ab:a8:ffSigner

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 266KB - Virtual size: 266KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 26KB - Virtual size: 83KB

.rsrc Size: 2KB - Virtual size: 1KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

31:97:14:8c:e1:59:cf:04:fb:ae:e6:f5:78:b7:9f:06
Certificate

21:fd:e8:0f:72:a2:84:35:12:bd:cf:d2:78:08:66:2d:25:ab:a8:ff
Signer

.text
Size: 266KB - Virtual size: 266KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 26KB - Virtual size: 83KB

.rsrc
Size: 2KB - Virtual size: 1KB