eb11bb95b52b57b3bf7c53ae6dbe1f1e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eb11bb95b52b57b3bf7c53ae6dbe1f1e_JaffaCakes118
Size

876KB
MD5

eb11bb95b52b57b3bf7c53ae6dbe1f1e
SHA1

3e58f4bff718942926a71206a93d357b90077593
SHA256

6706a154f4121b99b5170fa4abfb1eb6c7a174cf1d88e581834bf19425ab6113
SHA512

c61da30bb030557f2495898417fa9c242e327034346c1e29f35b1172ad584f1a88478386a375cc795bfc9e3e2536f222cb34bbd6a6ff01c401bed711b4b21023
SSDEEP

24576:0jf2xMa4dWpWWVBcWxJoctbtbTnKpcp96:Gev4dWpHVrztXKpw

Score

1^/10

Malware Config

Signatures

Files

eb11bb95b52b57b3bf7c53ae6dbe1f1e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

97fc2f6bed4fc971a48fc65240f9232c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

3d:49:cd:33:c1:1e:6c:1b:ba:e2:97:1e:37:76:c7:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01/02/2008, 00:00

Not After

31/01/2009, 23:59

Subject

CN=InstallProvider Inc.,O=InstallProvider Inc.,POSTALCODE=DM,STREET=15 Cornwall Street,L=Roseau,ST=Dominica,C=DM

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTapeStatus
_hread
CreateThread
SetFilePointer
LoadLibraryA
IsBadWritePtr
LocalFileTimeToFileTime
FillConsoleOutputAttribute
SetProcessShutdownParameters
Beep
SetVolumeLabelA
DebugActiveProcess
GetFileTime
GetProcessShutdownParameters
GetStdHandle
GetCommandLineA
OpenEventA
InitializeCriticalSection
WriteFileGather
lstrcat
LocalUnlock
ResetEvent
ReleaseSemaphore
GetProcessHeaps
GetFullPathNameA
LocalFree
GetOverlappedResult
GetSystemPowerStatus
GetNumberFormatA
SetEnvironmentVariableA
CreateConsoleScreenBuffer
GetTapeParameters
EnumResourceTypesA
SetupComm
GetNumberOfConsoleMouseButtons
Process32Next
GetVersionExA
FreeLibrary
CompareStringA
lstrcpy
DisconnectNamedPipe
CancelIo
RequestDeviceWakeup
ResumeThread
ExpandEnvironmentStringsA
BackupSeek
SetFileApisToOEM
DeleteFileA
lstrlen
Heap32First
CloseHandle
SetTapeParameters
ReadConsoleOutputA
WaitNamedPipeA
SearchPathA
GetPrivateProfileIntA
SetCommBreak
IsValidCodePage

shlwapi

PathAppendA
SHRegCreateUSKeyA
PathStripToRootA
AssocQueryStringA
StrSpnA
StrRChrIA
StrIsIntlEqualA
StrCSpnA
SHRegWriteUSValueA
StrFormatByteSize64A
PathSearchAndQualifyA
PathIsRelativeA
PathCommonPrefixA
HashData
UrlCombineA
PathFindOnPathA
PathGetDriveNumberA
SHAutoComplete
UrlGetLocationA
SHIsLowMemoryMachine
PathIsUNCA
StrChrIA
SHDeleteValueA
UrlIsOpaqueA
SHRegEnumUSKeyA
PathIsFileSpecA
SHCreateStreamWrapper
ColorHLSToRGB
PathRemoveBlanksA
SHRegOpenUSKeyA
PathFileExistsA
PathQuoteSpacesA

advapi32

AllocateAndInitializeSid

Sections

.jmd
Size: 638KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xsvg
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gpc
Size: 19KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.raxk
Size: 512B - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zgn
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wxong
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vkny
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.szybc
Size: 48KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fqp
Size: 132KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97fc2f6bed4fc971a48fc65240f9232c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

3d:49:cd:33:c1:1e:6c:1b:ba:e2:97:1e:37:76:c7:0bCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

shlwapi

advapi32

Sections

.jmd Size: 638KB - Virtual size: 1.3MB

.xsvg Size: 6KB - Virtual size: 8KB

.gpc Size: 19KB - Virtual size: 27KB

.raxk Size: 512B - Virtual size: 21KB

.zgn Size: 6KB - Virtual size: 15KB

.wxong Size: 512B - Virtual size: 56B

.vkny Size: 512B - Virtual size: 24B

.szybc Size: 48KB - Virtual size: 77KB

.fqp Size: 132KB - Virtual size: 1.7MB

.rsrc Size: 18KB - Virtual size: 20KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

3d:49:cd:33:c1:1e:6c:1b:ba:e2:97:1e:37:76:c7:0b
Certificate

.jmd
Size: 638KB - Virtual size: 1.3MB

.xsvg
Size: 6KB - Virtual size: 8KB

.gpc
Size: 19KB - Virtual size: 27KB

.raxk
Size: 512B - Virtual size: 21KB

.zgn
Size: 6KB - Virtual size: 15KB

.wxong
Size: 512B - Virtual size: 56B

.vkny
Size: 512B - Virtual size: 24B

.szybc
Size: 48KB - Virtual size: 77KB

.fqp
Size: 132KB - Virtual size: 1.7MB

.rsrc
Size: 18KB - Virtual size: 20KB