da3b94ac9e6dbdbb88c84819a33fc680_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

da3b94ac9e6dbdbb88c84819a33fc680_JaffaCakes118
Size

263KB
MD5

da3b94ac9e6dbdbb88c84819a33fc680
SHA1

92d611fd217babc9d14831ca637128ba9d177ef9
SHA256

0768c8a7de1114a2f2a87f4ac82f2bf5ff635b0836f252db3e4e742daaa6995d
SHA512

acfceab04ae76d14d319d0ce1a989bf6f4f4bc166bf9eb22b5ed538b578602bb53ab701f3a5da55273d3089e613c5a7ae045dabf19ea8f28a974507e1fccd4ba
SSDEEP

6144:hHw5ZGVhkfpf5w1ihCAEaHTsWGLPN9jOsa0uxii:hGZykBfe1iIAlHIbPjbuxz

Score

1^/10

Malware Config

Signatures

Files

da3b94ac9e6dbdbb88c84819a33fc680_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8cfd66194c968dba6efc87087fa9f289

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

29:ab:bf:b3:04:a7:81:82:9f:d1:e6:2c:77:3a:4a:ff
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

14-06-2006 00:00

Not After

15-07-2009 23:59

Subject

CN=Sun Microsystems\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Sun Microsystems,O=Sun Microsystems\, Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
CreateSemaphoreW
MultiByteToWideChar
CreateEventA
GetCalendarInfoA
MoveFileW
GetProcAddress
FindAtomA
GetCurrentDirectoryW
lstrcat
CreateMailslotA
GetAtomNameA
HeapCreate
DisconnectNamedPipe
OpenMutexW
EnumDateFormatsW
CreateEventW
ReplaceFileA
GetEnvironmentStringsA
GetTickCount
GetTempPathW
LoadLibraryA
GetStringTypeA
GetShortPathNameA
GetVersionExW
BeginUpdateResourceA
ExpandEnvironmentStringsA
GetCurrentProcess
RaiseException
GetOEMCP
GetUserDefaultLCID
ConnectNamedPipe
GetVersionExA
OpenFile
GetLogicalDriveStringsW
WinExec
LocalFree
SetComputerNameW
GetLongPathNameA
GetCurrentThread
GetExpandedNameW
WaitForSingleObject
GetVolumeInformationA
CopyFileExA
GlobalAlloc
SearchPathA
SetUnhandledExceptionFilter
GetNumberFormatA
GetACP
RemoveDirectoryA
OpenMutexA
GetVersion
GetSystemDirectoryW
SetCurrentDirectoryW
IsBadCodePtr
OpenEventW
CreateNamedPipeW
GetModuleHandleA

user32

GetTopWindow
GetCaretPos
keybd_event
InsertMenuA
PeekMessageW
GetClassInfoExW
WinHelpA
GetKeyboardLayout
GetForegroundWindow
GetFocus
CreateMenu
AppendMenuA
WaitForInputIdle
DialogBoxParamA
PeekMessageA
CreateAcceleratorTableA
LoadImageW
GetDesktopWindow
LoadMenuA
DestroyMenu
PostMessageW
wsprintfA
ActivateKeyboardLayout
CharNextA
SetCursor
GetMenuStringW
WaitMessage
CreateWindowExW
GetActiveWindow
GetIconInfo
CharUpperW
LoadBitmapA
SendDlgItemMessageW
ShowCursor
RegisterClassExW
GetMenuItemCount
GetCapture
GetMenuInfo
GetActiveWindow
PostMessageA
EmptyClipboard

comdlg32

ReplaceTextA

ole32

OleLoad

oleaut32

CreateTypeLib2
VarMonthName
VarCyAdd
VarR4FromI8
VarSub

setupapi

CM_Get_Depth_Ex
pSetupStringTableLookUpString
pSetupStringTableInitialize
SetupGetFileCompressionInfoA
SetupQueryInfOriginalFileInformationW

winmm

mmioAscend
waveOutGetID
mciGetDeviceIDFromElementIDW
mmioSetInfo
mciGetDriverData
mciExecute
mciGetDeviceIDW
midiInPrepareHeader
joy32Message
DriverCallback
waveOutWrite

olecli32

ErrClose
ErrExecute

Sections

.T
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.t
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qNYMl
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xEw
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ROe
Size: 5KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.N
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.n
Size: 3KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.c
Size: 4KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8cfd66194c968dba6efc87087fa9f289

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

29:ab:bf:b3:04:a7:81:82:9f:d1:e6:2c:77:3a:4a:ffCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

ole32

oleaut32

setupapi

winmm

olecli32

Sections

.T Size: 5KB - Virtual size: 5KB

.t Size: 10KB - Virtual size: 10KB

.qNYMl Size: 106KB - Virtual size: 106KB

.xEw Size: 8KB - Virtual size: 11KB

.ROe Size: 5KB - Virtual size: 271KB

.N Size: 107KB - Virtual size: 106KB

.n Size: 3KB - Virtual size: 34KB

.c Size: 4KB - Virtual size: 363KB

.rsrc Size: 7KB - Virtual size: 6KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

29:ab:bf:b3:04:a7:81:82:9f:d1:e6:2c:77:3a:4a:ff
Certificate

.T
Size: 5KB - Virtual size: 5KB

.t
Size: 10KB - Virtual size: 10KB

.qNYMl
Size: 106KB - Virtual size: 106KB

.xEw
Size: 8KB - Virtual size: 11KB

.ROe
Size: 5KB - Virtual size: 271KB

.N
Size: 107KB - Virtual size: 106KB

.n
Size: 3KB - Virtual size: 34KB

.c
Size: 4KB - Virtual size: 363KB

.rsrc
Size: 7KB - Virtual size: 6KB