de72802383cd6a11a807c04c7f124100_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

de72802383cd6a11a807c04c7f124100_JaffaCakes118
Size

998KB
MD5

de72802383cd6a11a807c04c7f124100
SHA1

72f78636e2429ee77bf8c28387aee03816063a1d
SHA256

b4a4e02f823f3547f6a5ad9968c85f19d4af79067f473a816e93fee9d9a36e57
SHA512

0b9da0904b1f39a099e242a47f38304ae5458b0ffb9cab03e4d9ba8c8fbe49cd8a4c93dd744ba741005ca51dc27d63d1a3bfef5a3f428cbf03f125a2ef229599
SSDEEP

24576:7Xgm/tTrlOCqSuD7VN84FKjWrOhGIErdCn9:0mVTcC3aVN83q8G1r8

Score

1^/10

Malware Config

Signatures

Files

de72802383cd6a11a807c04c7f124100_JaffaCakes118
.exe windows:5 windows x86 arch:x86

01880f940325d97e6c6b1f746735ee12

Code Sign

06:47:ef:a2:54:f9:a0:b8:2a:42:e7:d7:76:71:16:09
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/10/2010, 00:00

Not After

26/10/2011, 23:59

Subject

CN=Arcadeweb LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Arcadeweb LLC,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

rpcrt4

UuidToStringA
UuidCreate

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

CreateProcessA
WinExec
GetComputerNameA
GetVolumeInformationA
GetTickCount
GetCurrentProcessId
HeapReAlloc
SetFilePointer
GetModuleHandleA
GetCurrentProcess
GlobalMemoryStatusEx
GetDiskFreeSpaceExA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
TerminateProcess
MultiByteToWideChar
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
GetLocaleInfoA
HeapSize
RtlUnwind
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEndOfFile
SetStdHandle
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetHandleCount
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
RaiseException
FreeLibrary
WaitForSingleObject
CreateThread
WritePrivateProfileStringA
GetFileAttributesA
GetExitCodeProcess
SetCurrentDirectoryA
GetCurrentDirectoryA
Sleep
GetTempPathA
GetVersionExA
ExitProcess
CreateMutexA
LoadLibraryA
GetProcAddress
lstrcmpiA
lstrcmpA
GetPrivateProfileStringA
lstrlenA
lstrcatA
lstrcpynA
lstrcpyA
HeapFree
WriteFile
DeleteFileA
GetProcessHeap
HeapAlloc
CreateDirectoryA
ReadFile
GetFileSize
CreateFileA
GetModuleFileNameA
CloseHandle
GetLastError
LocalFree
LocalAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
GetCommandLineA
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
GetFileType
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime

user32

CreateWindowExA
DefWindowProcA
GetWindowLongA
GetDC
GetClientRect
PostQuitMessage
SendMessageA
GetMessageA
DispatchMessageA
ExitWindowsEx
GetParent
LoadIconA
RedrawWindow
ShowWindow
IsWindow
SystemParametersInfoA
GetWindowTextLengthA
CheckRadioButton
PostMessageA
GetWindowTextA
IsDlgButtonChecked
GetFocus
UpdateWindow
SetCursor
DestroyWindow
LoadCursorA
MessageBoxA
FillRect
GetWindowRect
GetDlgCtrlID
GetDlgItem
EnableWindow
SetWindowTextA
EndPaint
RegisterClassExA
GetWindowDC
BeginPaint
DrawFocusRect
SetWindowLongA
InvalidateRect
ReleaseDC
IsDialogMessageA
SetForegroundWindow
FindWindowA
SetFocus
TranslateMessage

gdi32

CreateDIBitmap
DeleteObject
DeleteDC
BitBlt
GetObjectA
CreateCompatibleDC
CreateSolidBrush
SetBkColor
SetTextColor
SelectObject
TextOutA
CreateFontA
SetBkMode
GetStockObject

advapi32

AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueA
CheckTokenMembership
OpenProcessToken
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
FreeSid
SetFileSecurityA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclA

shell32

ShellExecuteExA
SHGetFolderPathA
ShellExecuteA
SHGetSpecialFolderPathA

ole32

CoTaskMemAlloc

shlwapi

PathFileExistsA
AssocQueryStringA
StrNCatA
StrToIntA
wnsprintfA
StrStrA
StrStrIA

Sections

.text
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 798KB - Virtual size: 807KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01880f940325d97e6c6b1f746735ee12

Code Sign

06:47:ef:a2:54:f9:a0:b8:2a:42:e7:d7:76:71:16:09Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

rpcrt4

version

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 143KB - Virtual size: 143KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 798KB - Virtual size: 807KB

.rsrc Size: 5KB - Virtual size: 5KB

06:47:ef:a2:54:f9:a0:b8:2a:42:e7:d7:76:71:16:09
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 143KB - Virtual size: 143KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 798KB - Virtual size: 807KB

.rsrc
Size: 5KB - Virtual size: 5KB