de8f6024c6b533c79beab773829590f0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

de8f6024c6b533c79beab773829590f0_JaffaCakes118
Size

181KB
MD5

de8f6024c6b533c79beab773829590f0
SHA1

c9d5b9fb185b34f6a65d303241bd72cd908fae55
SHA256

13a27b864d6666b241d388ecc8fe1b5b499aae17c225f65f3ad69b3f31fc2f2c
SHA512

b3b5c0b30e581ec2f9a17aea0142de1d279080a06b40d3602caffe8568d4f935f2deb3c67c0ae37108588ae224cb7d4d9e7e063f0f88c1c8cf63f0579014f952
SSDEEP

3072:4X28pz/xf+aHrPCGFv78iCjEWsgUyGlrVl99UmH/1:4X5z/5XHPFz8JEWTAb9UmH/1

Score

1^/10

Malware Config

Signatures

Files

de8f6024c6b533c79beab773829590f0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3d812c4c97128ca0e08c8dab57ae38e0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/06/2009, 00:00

Not After

02/06/2011, 23:59

Subject

CN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3b:cf:5e:dc:89:3a:2c:bc:a9:16:7f:c7:1a:66:57:0f:4e:0c:f5:ff
Signer

Actual PE Digest

3b:cf:5e:dc:89:3a:2c:bc:a9:16:7f:c7:1a:66:57:0f:4e:0c:f5:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
HeapSize
WriteFile
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetFilePointer
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
HeapAlloc
RaiseException
ExitProcess
GetVersion
GetStartupInfoW
GetModuleHandleA
HeapFree
RtlUnwind
LocalFree
WideCharToMultiByte
GetLastError
GetProcAddress
LoadLibraryA
SetStdHandle
FlushFileBuffers
ReadFile
CloseHandle
LoadLibraryW
DeleteCriticalSection
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
InitializeCriticalSection
lstrcpynA
lstrcpynW
GetVersionExW
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
lstrlenA
DeleteFileW
GetModuleFileNameW
lstrlenW
Sleep
InterlockedIncrement
TerminateProcess
InterlockedDecrement

user32

GetSysColor
GetDlgItem
FillRect
IsChild
GetClassNameW
GetParent
RedrawWindow
GetDesktopWindow
PostQuitMessage
DestroyWindow
UpdateLayeredWindow
GetClientRect
ReleaseDC
GetDC
EqualRect
GetWindowRect
CreateWindowExW
RegisterClassExW
DefWindowProcW
EndPaint
CreateAcceleratorTableW
ReleaseCapture
SetCapture
InvalidateRgn
DrawTextW
SetRectEmpty
MoveWindow
SetCursor
GetFocus
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetWindow
RegisterWindowMessageW
CallWindowProcW
RemoveMenu
PeekMessageW
PtInRect
CreatePopupMenu
GetMenuItemCount
AppendMenuW
GetMenuItemInfoW
DestroyMenu
MessageBeep
IsWindowVisible
SetFocus
LoadStringA
KillTimer
SetLayeredWindowAttributes
InvalidateRect
SetTimer
SendMessageW
MapWindowPoints
IsWindow
TrackPopupMenuEx
GetClassInfoExW
LoadCursorW
wsprintfW
LoadImageW
SystemParametersInfoW
FindWindowW
SetWindowPos
GetMessageW
TranslateMessage
DispatchMessageW
CharNextW
LoadStringW
SetWindowLongW
GetWindowLongW
BeginPaint

gdi32

GetTextExtentPoint32W
StretchBlt
SetBkMode
SetTextColor
GetStockObject
GetObjectW
DeleteObject
DeleteDC
SelectObject
CreateDIBSection
CreateCompatibleDC
CreateFontIndirectW
BitBlt
CreateCompatibleBitmap
GetDeviceCaps
CreateSolidBrush

advapi32

RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteW

ole32

OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal
CoInitialize
OleInitialize
CoUninitialize
OleUninitialize
OleCreate
OleSetContainedObject
OleDraw
CoCreateInstance

oleaut32

LoadRegTypeLi
OleCreateFontIndirect
SysStringLen
SysAllocStringLen
VariantCopy
VariantClear
SysAllocString
SysFreeString
GetErrorInfo

comctl32

InitCommonControlsEx
_TrackMouseEvent
ord17

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d812c4c97128ca0e08c8dab57ae38e0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36Certificate

Extended Key Usages

Key Usages

3b:cf:5e:dc:89:3a:2c:bc:a9:16:7f:c7:1a:66:57:0f:4e:0c:f5:ffSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: 104KB - Virtual size: 103KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 16KB - Virtual size: 17KB

.rsrc Size: 36KB - Virtual size: 34KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36
Certificate

3b:cf:5e:dc:89:3a:2c:bc:a9:16:7f:c7:1a:66:57:0f:4e:0c:f5:ff
Signer

.text
Size: 104KB - Virtual size: 103KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 16KB - Virtual size: 17KB

.rsrc
Size: 36KB - Virtual size: 34KB