e0fa9ec683f1763fad0adf7e3ef6a999_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e0fa9ec683f1763fad0adf7e3ef6a999_JaffaCakes118
Size

178KB
MD5

e0fa9ec683f1763fad0adf7e3ef6a999
SHA1

8994d80a92e7c280d325f33219465cb4d3197f85
SHA256

139f8acb11835939ac740b0162cdb5229cd5edad3a3fb71199dc56b70fcf40c9
SHA512

0f721689e3bcb43cc450ff90b6c3a1c838ca8c0d741e2f201770b9e222fd07acfc50e91ce93a2d517b64971b2d64a5ea2ce2abd89eba400a9d5400256a482ed2
SSDEEP

3072:av/rJrj6OjwQYae44t8+FoXfzTwtBztXHuadjWi/67Qnb+jWjVS2vZ:alrjPjwQYN447MzMHZ+anbAqR

Score

1^/10

Malware Config

Signatures

Files

e0fa9ec683f1763fad0adf7e3ef6a999_JaffaCakes118
.exe windows:4 windows x86 arch:x86

caede25e8f289c71732864c46ca10aa9

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

09/04/1996, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:33:7c:9c:9b:95:c7:a6:e9:58:5a:c6:8a:d3:35:71
Certificate

Issuer

OU=VeriSign Commercial Software Publishers CA,O=VeriSign\, Inc.,L=Internet

Not Before

04/10/2001, 00:00

Not After

04/10/2002, 23:59

Subject

CN=British Telecommunications Plc,OU=VeriSign Commercial Software Publishers CA+OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98+OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=BT Advanced Communcations Engineering,O=VeriSign\, Inc.,L=Internet+L=Ipswich,ST=Suffolk,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

f0:e1:d3:b9:64:de:c6:02:41:17:0d:3f:c6:43:17:03:31:a2:37:f8
Signer

Actual PE Digest

f0:e1:d3:b9:64:de:c6:02:41:17:0d:3f:c6:43:17:03:31:a2:37:f8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
Sleep
lstrcpyA
GetLastError
lstrlenA
lstrcatA
GetWindowsDirectoryA
MultiByteToWideChar
CopyFileA
FindResourceA
CreateDirectoryA
lstrcmpA
RemoveDirectoryA
GetFileAttributesA
OutputDebugStringA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
SizeofResource
LoadResource
LockResource
CreateFileA
WriteFile
CloseHandle
GetVersionExA
GetSystemDirectoryA
LCMapStringW
GetCurrentProcess
HeapReAlloc
TerminateProcess
GetStringTypeW
GetStringTypeA
LCMapStringA
DeleteFileA
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
HeapAlloc
HeapFree
GetFileType
ReadFile
SetFilePointer
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
RaiseException
IsBadCodePtr
VirtualAlloc
IsBadWritePtr
HeapSize
SetStdHandle
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsW
WideCharToMultiByte
SetEndOfFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
SetUnhandledExceptionFilter
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr

user32

MessageBoxA
wsprintfA

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA
RegCreateKeyA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

caede25e8f289c71732864c46ca10aa9

Code Sign

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10Certificate

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

0d:33:7c:9c:9b:95:c7:a6:e9:58:5a:c6:8a:d3:35:71Certificate

Key Usages

f0:e1:d3:b9:64:de:c6:02:41:17:0d:3f:c6:43:17:03:31:a2:37:f8Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

Sections

.text Size: 64KB - Virtual size: 61KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 23KB

.rsrc Size: 80KB - Virtual size: 78KB

03:c7:8f:37:db:92:28:df:3c:bb:1a:ad:82:fa:67:10
Certificate

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

0d:33:7c:9c:9b:95:c7:a6:e9:58:5a:c6:8a:d3:35:71
Certificate

f0:e1:d3:b9:64:de:c6:02:41:17:0d:3f:c6:43:17:03:31:a2:37:f8
Signer

.text
Size: 64KB - Virtual size: 61KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 23KB

.rsrc
Size: 80KB - Virtual size: 78KB