e3661b92e29dc56f3cbd4e623c1301d3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e3661b92e29dc56f3cbd4e623c1301d3_JaffaCakes118
Size

381KB
MD5

e3661b92e29dc56f3cbd4e623c1301d3
SHA1

21d9d01ccb2ce6cf764d0aaf390c5d3fab550b23
SHA256

31e5ab9625904b9632b310a8462b884f83f5336da9739b762a7d2847e9af8fec
SHA512

e07c1addb92e8acaf1b3d17a15fca94c25b525f4080f7fff3ad949e6335b24fc797ddb330af5cf9426d8b5cd4c95b736e00d370cdc2a704a1ae43ea767651c09
SSDEEP

6144:HRv7OZlopJz5ISky3q3w9B6vGGLT2s3tm+6xSFgOQkfqf9bp:976lopDl4w9B6Oqc+6xIg9kC9bp

Score

1^/10

Malware Config

Signatures

Files

e3661b92e29dc56f3cbd4e623c1301d3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b5b9a3c9f35a81554e2618a8297dca2e

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:01

Not After

25-07-2013 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7e:34:da:62:ee:43:68:f5:d6:09:9f:c4:60:cc:87:41:db:04:51:fe
Signer

Actual PE Digest

7e:34:da:62:ee:43:68:f5:d6:09:9f:c4:60:cc:87:41:db:04:51:fe

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Pstools\Psinfo\Exe\Release\Psinfo.pdb

Imports

pdh

PdhOpenQueryW
PdhAddCounterW
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhCloseQuery

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

netapi32

NetServerEnum
NetApiBufferFree

ws2_32

inet_ntoa
WSAStartup
gethostbyname
gethostname

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetTickCount
CloseHandle
CreateFileW
FreeLibrary
WriteFile
GetStdHandle
FormatMessageA
LoadLibraryExW
GetConsoleScreenBufferInfo
LockResource
SizeofResource
LoadResource
FindResourceW
DeleteFileW
GetSystemDirectoryW
GetComputerNameW
WaitForSingleObject
MultiByteToWideChar
Sleep
GetVersion
GetModuleFileNameW
SetEvent
ConnectNamedPipe
ReadFile
GetDateFormatW
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
LCMapStringA
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetLastError
GetLastError
GetProcAddress
GetCommandLineW
LocalAlloc
LocalFree
LoadLibraryW
SetErrorMode
GetModuleHandleW
GetLogicalDrives
GetVolumeInformationW
GetDriveTypeW
GetDiskFreeSpaceExW
SetFilePointer
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
GetLocaleInfoW
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
GetCurrentProcess
InterlockedExchange
SetConsoleCtrlHandler
FlushFileBuffers
CreateFileA
RtlUnwind
GetConsoleCP
WideCharToMultiByte
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
ExitThread
GetCurrentThreadId
CreateThread
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ExitProcess
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapCreate
HeapDestroy
GetModuleFileNameA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
SetHandleCount
GetFileType
GetStartupInfoA

user32

GetDlgItem
GetSysColorBrush
EndDialog
SetWindowTextW
LoadCursorW
SetCursor
InflateRect
SendMessageW
DialogBoxIndirectParamW

gdi32

SetMapMode
StartDocW
StartPage
EndPage
EndDoc
GetDeviceCaps

comdlg32

PrintDlgW

advapi32

ImpersonateLoggedOnUser
RegEnumKeyW
RegQueryInfoKeyW
RegOpenKeyW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
LogonUserW
RegConnectRegistryW
RevertToSelf
DeleteService
ControlService
OpenSCManagerW
OpenServiceW
StartServiceW
QueryServiceStatus
CreateServiceW
CloseServiceHandle
RegCreateKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5b9a3c9f35a81554e2618a8297dca2e

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:05:a2:30:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

7e:34:da:62:ee:43:68:f5:d6:09:9f:c4:60:cc:87:41:db:04:51:feSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

pdh

version

netapi32

ws2_32

mpr

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

Sections

.text Size: 167KB - Virtual size: 166KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 5KB - Virtual size: 42KB

.rsrc Size: 162KB - Virtual size: 161KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

7e:34:da:62:ee:43:68:f5:d6:09:9f:c4:60:cc:87:41:db:04:51:fe
Signer

.text
Size: 167KB - Virtual size: 166KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 5KB - Virtual size: 42KB

.rsrc
Size: 162KB - Virtual size: 161KB