d398c53dafe3f3293ffd9305bd95b2e5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d398c53dafe3f3293ffd9305bd95b2e5_JaffaCakes118
Size

137KB
MD5

d398c53dafe3f3293ffd9305bd95b2e5
SHA1

415e4b6450e966c9b8b38c1825bfa15c6fa62656
SHA256

65128bc814c12941aab8a2b6e0540486e675599b1811f26ea6bda6ed5891b9be
SHA512

0a3a9bfc7db43931b42e51b415a84ada899eba4158175dd2e43757201d14fd8911e34c0c4ff1145a019627e7c0181266515ad9f755681c7241af64e090c630c3
SSDEEP

1536:e0deET3EJoBaTGuv7DFN4Adzex/g9LY98bAt8dc5EPNo5Vv5EwvAVYvIAY5Tzx2w:VgoBa3P4AdzSM3bDOh2woVYwAY5TzxV

Score

1^/10

Malware Config

Signatures

Files

d398c53dafe3f3293ffd9305bd95b2e5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a999832f8700a5068f10b6728347af60

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:5e:20:a8:0b:54:a4:5d:36:f6:c0:6b:9b:02:f9:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/06/2007, 00:00

Not After

26/06/2009, 23:59

Subject

CN=Apple Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Apple Inc.,L=Cupertino,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\bwa\appleossmgrwin-200.0.1\srcroot\appleossmgr\release\AppleOSSMgr.pdb

Imports

powrprof

IsPwrHibernateAllowed

kernel32

GetVolumeInformationW
GetWindowsDirectoryW
GetDriveTypeW
GetLogicalDriveStringsW
FlushFileBuffers
GetCommandLineW
GetModuleHandleW
ReadFile
SetFilePointerEx
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteFile
Sleep
CreateFileW
GetLastError
DeviceIoControl
CloseHandle
GetStartupInfoW
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
HeapReAlloc
HeapAlloc
HeapFree
GetProcAddress
GetModuleHandleA
ExitProcess
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapSize
MultiByteToWideChar
RtlUnwind
GetStdHandle
GetModuleFileNameA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LoadLibraryA
InitializeCriticalSection
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetStdHandle
CreateFileA
LCMapStringA

user32

LoadStringW
wsprintfW

advapi32

RegisterServiceCtrlHandlerExW
RegOpenCurrentUser
RegCreateKeyExW
RegCloseKey
RegSetValueExW
SetServiceStatus
ChangeServiceConfig2W
ControlService
DeleteService
CreateServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
StartServiceCtrlDispatcherW

setupapi

CM_Get_Device_IDW
SetupDiGetDeviceRegistryPropertyW
CM_Get_Parent
SetupDiOpenDeviceInfoW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a999832f8700a5068f10b6728347af60

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

09:5e:20:a8:0b:54:a4:5d:36:f6:c0:6b:9b:02:f9:3aCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

powrprof

kernel32

user32

advapi32

setupapi

Sections

.text Size: 84KB - Virtual size: 82KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 3KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

09:5e:20:a8:0b:54:a4:5d:36:f6:c0:6b:9b:02:f9:3a
Certificate

.text
Size: 84KB - Virtual size: 82KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 3KB