defe57156ffc0ffe207d4b0bff1e3e99_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

defe57156ffc0ffe207d4b0bff1e3e99_JaffaCakes118
Size

201KB
MD5

defe57156ffc0ffe207d4b0bff1e3e99
SHA1

48a5f2ba299fb9c21a88da43ef4694bb752322e6
SHA256

ec32f381e012eb528763f7018a38e2f2e5a1092f21ba8363d17945fc975a0475
SHA512

bd8993ee85f6843462a3f517463a7bcb1d656f6f1a1b56cbc16b5398ee567e9083f9c4bf212200b2403ae1efe2ff39517c278691b2623185d5823ed67709a406
SSDEEP

3072:X9wQQswjIZqH4BMIQFhyhMMKHt5+PI/ykwYpNt0sivhA1Rt05D:X9BQswjSqH6MfgPSNtKQX0h

Score

1^/10

Malware Config

Signatures

Files

defe57156ffc0ffe207d4b0bff1e3e99_JaffaCakes118
.exe windows:4 windows x86 arch:x86

96951f590cf71a47eb52e29de9465dd0

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:9b:6f:17:2f:48:91:3b:5b:bd:29:2c:a0:ab:77:a3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

29/09/2006, 00:00

Not After

26/10/2009, 23:59

Subject

CN=Norman ASA,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarter,O=Norman ASA,L=Lysaker,ST=Oslo,C=NO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ed:f9:66:ed:d3:54:9c:72:11:4d:25:08:ba:93:5f:c8:2b:57:a0:2c
Signer

Actual PE Digest

ed:f9:66:ed:d3:54:9c:72:11:4d:25:08:ba:93:5f:c8:2b:57:a0:2c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EndUpdateResourceW
EnumTimeFormatsA
GetLogicalDriveStringsW
CreateDirectoryA
IsBadStringPtrA
lstrcatW
DuplicateHandle
ConnectNamedPipe
CompareStringA
GetCalendarInfoW
GetTempPathW
GetOEMCP
GetVersionExA
GetACP
CreatePipe
GetWindowsDirectoryW
CreateFileW
GetLongPathNameW
GlobalDeleteAtom
GetModuleHandleA
FileTimeToLocalFileTime
FindResourceW
CreateEventA
GetProcessHeaps
CreateDirectoryW
EnumTimeFormatsW
GlobalAlloc
GetExitCodeThread
SetErrorMode
GetLogicalDriveStringsA
IsBadReadPtr
MoveFileA
Sleep
CreateFileMappingA
lstrcmp
GetFileType
IsBadWritePtr
HeapCreate
SetCalendarInfoW
DosDateTimeToFileTime
GetSystemDirectoryA
CreateFileMappingA
GetProcAddress
CreateThread
GetNamedPipeInfo
GetMailslotInfo
DeleteAtom
LocalAlloc

user32

RegisterClassW
CharLowerW
LoadCursorW
GetDC
ShowCaret
LoadMenuIndirectW
SetTimer
GetScrollPos
GetDlgItemTextA
TrackPopupMenuEx
GetClassNameA
CreateAcceleratorTableW
SetActiveWindow
SetDlgItemTextA
CallWindowProcW
FindWindowA
DrawTextW
RegisterClassA
MonitorFromPoint
CharNextA
GetSysColorBrush
GetDlgItemTextW
CallWindowProcA
GetClassInfoW
InvalidateRgn
CreateAcceleratorTableA
MessageBoxIndirectA
EnumWindows
InsertMenuItemA
BringWindowToTop
SendDlgItemMessageW
FlashWindow
SetForegroundWindow
DefWindowProcW
wsprintfW
GetDesktopWindow
UpdateWindow
EnableMenuItem
GetClassInfoExA
CharNextW
MessageBoxIndirectW
GetWindowLongW
InsertMenuW
SetWindowTextA
GetSubMenu
PostMessageA
CreateMenu
LoadMenuA
LoadCursorA
GetCaretPos
ClientToScreen

gdi32

GetColorAdjustment
ScaleWindowExtEx
GdiGetBatchLimit
GetObjectType
OffsetRgn
GetEnhMetaFilePixelFormat
GetTextCharacterExtra
CreatePatternBrush
SetPixelV
GetMiterLimit
DeleteDC
Escape
Rectangle
GetTextColor
CreateRectRgn
GetRgnBox

advapi32

RegCreateKeyW
RegQueryInfoKeyA
RegEnumValueW
RegDeleteKeyW
RegQueryValueA
RegCreateKeyExA
RegDeleteValueW

comctl32

DestroyPropertySheetPage
ImageList_DrawEx
ImageList_GetBkColor
DllGetVersion
ImageList_Draw

ole32

CoCreateInstance
CLSIDFromString
CreateErrorInfo
CoGetCurrentProcess
CoGetClassVersion

oleaut32

VarI8FromUI1
VarUI2FromI4
VarI1FromDisp
VarI2FromUI2
VarBstrFromDate
VarSub
VarUI2FromDisp

setupapi

SetupFreeSourceListW
SetupGetFileCompressionInfoExW
CM_Connect_MachineW
SetupDiGetCustomDevicePropertyA
SetupDiClassNameFromGuidW
SetupInitDefaultQueueCallback
CM_Create_DevNode_ExA

urlmon

UrlMkBuildVersion
CoInternetCompareUrl
CoInternetGetSecurityUrl
URLOpenStreamA
ObtainUserAgentString
DllInstall
CreateAsyncBindCtxEx
URLDownloadToFileW
IsLoggingEnabledW
GetClassURL
IsValidURL
ReleaseBindInfo
RegisterBindStatusCallback
DllRegisterServerEx
CoGetClassObjectFromURL
RegisterMediaTypeClass
CopyBindInfo
URLDownloadToCacheFileW
CDLGetLongPathNameA
CreateURLMoniker

winspool.drv

EndDocPrinter
DeletePrinterConnectionA
DeletePrintProcessorA
GetDefaultPrinterW
AddPrinterDriverExW
WritePrinter
AddJobW
GetFormW

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Y
Size: 512B - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qR
Size: 1KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zD
Size: 5KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.AfKcN
Size: 2KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bDZdzz
Size: 1024B - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.I
Size: 1KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.FwB
Size: 1024B - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gXr
Size: 512B - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Sr
Size: 1KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96951f590cf71a47eb52e29de9465dd0

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

56:9b:6f:17:2f:48:91:3b:5b:bd:29:2c:a0:ab:77:a3Certificate

Extended Key Usages

Key Usages

ed:f9:66:ed:d3:54:9c:72:11:4d:25:08:ba:93:5f:c8:2b:57:a0:2cSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

comctl32

ole32

oleaut32

setupapi

urlmon

winspool.drv

Sections

.text Size: 11KB - Virtual size: 11KB

.Y Size: 512B - Virtual size: 38KB

.qR Size: 1KB - Virtual size: 23KB

.zD Size: 5KB - Virtual size: 52KB

.AfKcN Size: 2KB - Virtual size: 18KB

.bDZdzz Size: 1024B - Virtual size: 37KB

.I Size: 1KB - Virtual size: 31KB

.data Size: 9KB - Virtual size: 8KB

.FwB Size: 1024B - Virtual size: 47KB

.gXr Size: 512B - Virtual size: 31KB

.Sr Size: 1KB - Virtual size: 109KB

.rsrc Size: 162KB - Virtual size: 162KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

56:9b:6f:17:2f:48:91:3b:5b:bd:29:2c:a0:ab:77:a3
Certificate

ed:f9:66:ed:d3:54:9c:72:11:4d:25:08:ba:93:5f:c8:2b:57:a0:2c
Signer

.text
Size: 11KB - Virtual size: 11KB

.Y
Size: 512B - Virtual size: 38KB

.qR
Size: 1KB - Virtual size: 23KB

.zD
Size: 5KB - Virtual size: 52KB

.AfKcN
Size: 2KB - Virtual size: 18KB

.bDZdzz
Size: 1024B - Virtual size: 37KB

.I
Size: 1KB - Virtual size: 31KB

.data
Size: 9KB - Virtual size: 8KB

.FwB
Size: 1024B - Virtual size: 47KB

.gXr
Size: 512B - Virtual size: 31KB

.Sr
Size: 1KB - Virtual size: 109KB

.rsrc
Size: 162KB - Virtual size: 162KB