d6ead4e9b34a988a3e9587a1cb536ef7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d6ead4e9b34a988a3e9587a1cb536ef7_JaffaCakes118
Size

201KB
MD5

d6ead4e9b34a988a3e9587a1cb536ef7
SHA1

0e6727178ddd68e09c69a5d7aff0f6d18d2cb311
SHA256

59333fa0c49ee5ef427f1f33527773ee026bb31e57f377d8995dd29cfcdeb2ff
SHA512

9c228446bc7ae6fa41d018a80adcee34b5a5b94681d4a426787df0155e65bddaf5d105125b20c0dff37eb79dfe564f7c59e1988f51cdd6e60ba5cde88bbbfe13
SSDEEP

3072:/WOm3Za3sg9SldHWx9hmIDT4nbwdgRO6UEMv2ZQo8HhSL202+MBgiCnxVbOYPs:eE/90dHWx+m4ArBHIHMBW7OYPs

Score

1^/10

Malware Config

Signatures

Files

d6ead4e9b34a988a3e9587a1cb536ef7_JaffaCakes118
.exe windows:0 windows x86 arch:x86

e903147a09573ec4400af662d45f0062

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/09/2009, 00:00

Not After

01/10/2012, 23:59

Subject

CN=ArcaBit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ArcaBit,O=ArcaBit Ltd.,L=Warsaw,ST=Warsaw,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b8:7e:95:f4:46:3a:16:37:92:30:38:52:6f:34:78:13:15:a1:f5:e0
Signer

Actual PE Digest

b8:7e:95:f4:46:3a:16:37:92:30:38:52:6f:34:78:13:15:a1:f5:e0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dsuiext

DsGetIcon

msimg32

TransparentBlt
DllInitialize
GradientFill
AlphaBlend

comsvcs

GetMTAThreadPoolMetrics
GetTrkSvrObject
DllGetClassObject
DispManGetContext

keymgr

KRShowKeyMgr

modemui

QueryModemForCountrySettings
InvokeControlPanel

compstui

CommonPropertySheetUIA
GetCPSUIUserData
CommonPropertySheetUIW
SetCPSUIUserData

kbdbene

KbdLayerDescriptor

msutb

ClosePopupTipbar

gpedit

ExportRSoPData

kernel32

GetPrivateProfileSectionNamesA
GetProcessWorkingSetSize
GetConsoleCursorMode
GetExitCodeThread
_llseek
GetProcAddress
CreateEventA
LockFileEx
GetProfileStringW
RtlUnwind
GetTempPathA
AddConsoleAliasA
WriteProfileStringA
AddAtomW
SetUserGeoID
CreateTimerQueueTimer
GetDefaultCommConfigA
GetConsoleFontSize
UnmapViewOfFile
GlobalReAlloc
ReleaseActCtx
BaseCheckAppcompatCache
VDMOperationStarted
GetUserDefaultLangID
ExpungeConsoleCommandHistoryA
SetSystemPowerState
GetTapeStatus
EnumDateFormatsA
QueryDosDeviceA
SetThreadPriorityBoost
GetConsoleKeyboardLayoutNameA
GetNativeSystemInfo
QueryDosDeviceW
FindCloseChangeNotification
GetCommConfig
GetACP
EnumResourceLanguagesA
VerifyVersionInfoW
GetCurrencyFormatW
HeapDestroy
RequestDeviceWakeup
ActivateActCtx
GetProcessIoCounters
GetDriveTypeA
GetConsoleTitleW
LocalFlags

user32

TileChildWindows
CreateDialogIndirectParamW
AdjustWindowRectEx
GetWindowContextHelpId
LoadRemoteFonts
SendNotifyMessageW
ShowOwnedPopups
CloseWindow
SendInput
DlgDirListComboBoxW
GetDlgItemTextW
ClientToScreen
CharLowerA
ChangeDisplaySettingsW
CheckDlgButton
UnregisterClassW
SetProgmanWindow
GetWindowDC
DdeCreateDataHandle
MessageBoxIndirectW
UserLpkTabbedTextOut
GetClassInfoExA
DdeInitializeA
DdeAddData
LoadAcceleratorsW
GetMessageA
ReasonCodeNeedsComment
BroadcastSystemMessageW
CascadeChildWindows
DestroyCaret
GetWindowModuleFileNameW
wvsprintfW
SendDlgItemMessageA
InSendMessage
TranslateMessage
IMPSetIMEW
DestroyReasons
FindWindowW
ChangeDisplaySettingsExW
GetProgmanWindow
LoadCursorFromFileW
IsWindowUnicode
RecordShutdownReason
GetAppCompatFlags
GrayStringA
SetWinEventHook
CreateSystemThreads
GetDialogBaseUnits
GetTabbedTextExtentA
DragObject
GetProcessWindowStation
RegisterClipboardFormatW
LoadLocalFonts
MapVirtualKeyA
GetWindowRgn
SetSysColors
LoadMenuIndirectA
DrawStateW
InsertMenuItemA
CreateCursor
IsCharUpperA
LockWindowUpdate
CreateDesktopW
SetWindowLongA
RegisterDeviceNotificationA
GetClientRect
EndDeferWindowPos
DestroyCursor
PostThreadMessageW
SetMenuItemInfoW

ntmarta

AccConvertAccessToSD
AccConvertSDToAccess
AccProvHandleSetAccessRights
AccLookupAccountTrustee
AccLookupAccountName

Sections

.mV
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.P
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ZqQ
Size: 1KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bngabU
Size: 127KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Wqivz
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.K
Size: 10KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.XWVSQ
Size: 2KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.iQZ
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e903147a09573ec4400af662d45f0062

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3dCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

b8:7e:95:f4:46:3a:16:37:92:30:38:52:6f:34:78:13:15:a1:f5:e0Signer

Headers

File Characteristics

Imports

dsuiext

msimg32

comsvcs

keymgr

modemui

compstui

kbdbene

msutb

gpedit

kernel32

user32

ntmarta

Sections

.mV Size: 2KB - Virtual size: 1KB

.P Size: 23KB - Virtual size: 23KB

.ZqQ Size: 1KB - Virtual size: 13KB

.bngabU Size: 127KB - Virtual size: 210KB

.Wqivz Size: 4KB - Virtual size: 4KB

.K Size: 10KB - Virtual size: 46KB

.XWVSQ Size: 2KB - Virtual size: 27KB

.iQZ Size: 3KB - Virtual size: 7KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 3KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3d
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

b8:7e:95:f4:46:3a:16:37:92:30:38:52:6f:34:78:13:15:a1:f5:e0
Signer

.mV
Size: 2KB - Virtual size: 1KB

.P
Size: 23KB - Virtual size: 23KB

.ZqQ
Size: 1KB - Virtual size: 13KB

.bngabU
Size: 127KB - Virtual size: 210KB

.Wqivz
Size: 4KB - Virtual size: 4KB

.K
Size: 10KB - Virtual size: 46KB

.XWVSQ
Size: 2KB - Virtual size: 27KB

.iQZ
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 3KB - Virtual size: 4KB