dfc4a050c64a3415e2d3e7da4afab075_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dfc4a050c64a3415e2d3e7da4afab075_JaffaCakes118
Size

250KB
MD5

dfc4a050c64a3415e2d3e7da4afab075
SHA1

03caea5ef616b2042366b953079aba2810a798a7
SHA256

7a478403e77544d1ec987c7054d4bb4659b44bb8c9a16f1a307bb103afc95b09
SHA512

0fa655748e99b6111f6cb97f258b105f4aa3a6792c18a72ea43295f5e72e9dd6c5359ad67826ff4dac377eddaaf15da1e41e17e4ce6c9bc06b13395d176df0b4
SSDEEP

6144:lt/AKmmMsIHkARu050+v0E0BBAYBu1/F55EGcW9Pk:XoKmmMpHkAA05SE0BBXuZH5llk

Score

1^/10

Malware Config

Signatures

Files

dfc4a050c64a3415e2d3e7da4afab075_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8b8d4415f5ff01a15983fc5e031c14e7

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20/01/2010, 00:00

Not After

24/01/2012, 23:59

Subject

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:ce:d0:f1:d0:34:e9:0d:bf:f6:98:f8:44:0c:e9:5d:83:bb:c6:29
Signer

Actual PE Digest

04:ce:d0:f1:d0:34:e9:0d:bf:f6:98:f8:44:0c:e9:5d:83:bb:c6:29

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
FatalAppExitA
GetDiskFreeSpaceA
lstrcpynW
GetHandleInformation
GetACP
ConnectNamedPipe
ReplaceFileA
FatalAppExitW
SetComputerNameA
SetErrorMode
GetEnvironmentStringsA
SleepEx
CreateSemaphoreA
SearchPathA
lstrlenW
GetCurrentProcess
HeapCreate
VirtualAlloc
GetLastError
GetShortPathNameW
OpenEventA
GetFullPathNameW
GetLocaleInfoW

user32

LoadMenuIndirectW
EnumChildWindows
UnregisterClassW
GetDC
DrawTextW
CreatePopupMenu
DrawIcon
GetClassLongW
GetSysColorBrush
SetWindowPos
InvalidateRect
UnregisterClassA
GetWindowLongW
PostQuitMessage
CreateDialogParamW
wvsprintfA
MonitorFromRect
PeekMessageA
CopyRect
GetWindowRect
FindWindowW
CopyIcon

gdi32

DPtoLP
GdiGetBatchLimit
IntersectClipRect
GetCharWidth32W
GetPath
RestoreDC
GetViewportExtEx
AddFontResourceA
ExtEscape
Escape
EnumICMProfilesW
SetTextAlign
SetStretchBltMode
GetTextAlign
GetAspectRatioFilterEx
GetBoundsRect

advapi32

RegQueryInfoKeyA
RegEnumValueA
ConvertSidToStringSidW
RegOpenKeyA
RegDeleteValueW
RegQueryInfoKeyW
RegEnumValueW

urlmon

HlinkGoBack

inetcomm

EssSecurityLabelEncodeEx
MimeOleGetPropA
MimeEditIsSafeToRun
MimeOleSetBodyPropW
MimeOleSMimeCapRelease
MimeOleSMimeCapsFromDlg
HrGetDisplayNameWithSizeForFile
MimeOleSMimeCapInit

Sections

.e
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.LWJhYO
Size: 1024B - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.a
Size: 2KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cItrh
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fiNbxn
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.d
Size: 1KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.FbyuK
Size: 2KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tNIhR
Size: 1KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Ca
Size: 2KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.S
Size: 1KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc1
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b8d4415f5ff01a15983fc5e031c14e7

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

04:ce:d0:f1:d0:34:e9:0d:bf:f6:98:f8:44:0c:e9:5d:83:bb:c6:29Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

urlmon

inetcomm

Sections

.e Size: 9KB - Virtual size: 9KB

.LWJhYO Size: 1024B - Virtual size: 39KB

.a Size: 2KB - Virtual size: 42KB

.cItrh Size: 4KB - Virtual size: 3KB

.fiNbxn Size: 1KB - Virtual size: 7KB

.d Size: 1KB - Virtual size: 26KB

.FbyuK Size: 2KB - Virtual size: 49KB

.tNIhR Size: 1KB - Virtual size: 34KB

.rsrc Size: 1024B - Virtual size: 592B

.Ca Size: 2KB - Virtual size: 25KB

.S Size: 1KB - Virtual size: 36KB

.rsrc1 Size: 212KB - Virtual size: 212KB

.reloc Size: 1024B - Virtual size: 796B

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

04:ce:d0:f1:d0:34:e9:0d:bf:f6:98:f8:44:0c:e9:5d:83:bb:c6:29
Signer

.e
Size: 9KB - Virtual size: 9KB

.LWJhYO
Size: 1024B - Virtual size: 39KB

.a
Size: 2KB - Virtual size: 42KB

.cItrh
Size: 4KB - Virtual size: 3KB

.fiNbxn
Size: 1KB - Virtual size: 7KB

.d
Size: 1KB - Virtual size: 26KB

.FbyuK
Size: 2KB - Virtual size: 49KB

.tNIhR
Size: 1KB - Virtual size: 34KB

.rsrc
Size: 1024B - Virtual size: 592B

.Ca
Size: 2KB - Virtual size: 25KB

.S
Size: 1KB - Virtual size: 36KB

.rsrc1
Size: 212KB - Virtual size: 212KB

.reloc
Size: 1024B - Virtual size: 796B