eb7a47e380309d159fc48e22d98670cb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eb7a47e380309d159fc48e22d98670cb_JaffaCakes118
Size

136KB
MD5

eb7a47e380309d159fc48e22d98670cb
SHA1

ca76ba0cf39409c06bc6c4a22434ac993cef9e28
SHA256

59af9102ab553df2383e30c4343c55af965565eb11d495371077a607f92308b3
SHA512

ccd9ec2fe187e155a5e25624144bdb99bc6a563cf5f3037b0ea9e451406332684a4e19a060a736d3e8867d3d59ce34be9242dd1dbb5140f4696b2a05991631bb
SSDEEP

3072:eGqJ6oj5hzsp5j+b0anYnszDVtKx34pTLk:enJ6oj5hQPabnYnfxgM

Score

1^/10

Malware Config

Signatures

Files

eb7a47e380309d159fc48e22d98670cb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

70ffcb9b5f3bf78ee258414bd1bb553a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:27:9b:4b:d6:5d
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

26/03/2010, 15:56

Not After

26/03/2013, 15:56

Subject

CN=F-Secure Corporation,O=F-Secure Corporation,L=Helsinki,ST=Finland,C=FI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:06:0b:b7:95:bb:ab:61:e1:10:25:f1:7f:48:e6:6b:f5:0e:f2:75
Signer

Actual PE Digest

25:06:0b:b7:95:bb:ab:61:e1:10:25:f1:7f:48:e6:6b:f5:0e:f2:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\hudsonwork\workspace\Client_Security_FSMA\8.21\output\bin\FSHOTFIX.pdb

Imports

fsma32

_FSMASetMessageData@12
_FSMAGetResponseDataSize@4
_FSMADeleteMessage@4
_FSMAGetResponseData@12
_FSMASendMessage@16
_FSMACreateMessage@4
_FSMAUnregisterModule@4
_FSMAUninitialize@0
_FSMAInitialize@8
_FSMARegisterModule@8

fspmapi

DfpGetTableDimensions
DfpCreatePolicyTable
DfpGetCellInt
DfpGetCellStringA
DfpGetCellValue
FchUnpackPolicyGetPackage
DfpCreatePolicyOID
FchGetPackedOIDSize
FchGetPackedOID
DfpGetStringA
DfpCreatePolicyVar
DfpSetOID
DfpClose

gdi32

CreateFontIndirectA
DeleteObject

kernel32

DeleteFileA
FindFirstFileA
FreeLibrary
GetLocalTime
GetModuleFileNameA
GetTempPathA
GetPrivateProfileStringA
GetVersionExA
SetEvent
CreateDirectoryA
LoadLibraryA
CreateFileA
ResetEvent
CreateEventA
GetPrivateProfileIntA
GetExitCodeProcess
SetLastError
CreateThread
CreateProcessA
GetStartupInfoA
GetModuleHandleA
GetProcAddress
TerminateProcess
OpenProcess
HeapAlloc
FindNextFileA
GetProcessHeap
SetEndOfFile
SetFilePointer
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapSize
InitializeCriticalSection
HeapReAlloc
VirtualAlloc
GetLocaleInfoA
Sleep
GetStringTypeW
SetEnvironmentVariableA
CloseHandle
GetCurrentProcess
GetLastError
FindClose
HeapFree
RemoveDirectoryA
WaitForSingleObject
ReadFile
CompareStringA
CompareStringW
GetPrivateProfileSectionNamesA
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
RtlUnwind
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
WideCharToMultiByte
GetTimeZoneInformation
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
RaiseException
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings

user32

wsprintfA
SetWindowPos
GetSystemMetrics
MessageBoxA
LoadStringA
EndDialog
EnableWindow
GetDlgItem
GetWindowRect
GetWindowLongA
EnumWindows
SendMessageTimeoutA
GetWindowThreadProcessId
DialogBoxParamA
SetWindowLongA
SetDlgItemTextA
SendDlgItemMessageA
SetWindowTextA
ExitWindowsEx

advapi32

AdjustTokenPrivileges
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA

shell32

ShellExecuteA

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70ffcb9b5f3bf78ee258414bd1bb553a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:1e:44:a5:e2:4eCertificate

Key Usages

04:00:00:00:00:01:23:9e:0f:ac:b3Certificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:27:9b:4b:d6:5dCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:1e:44:a5:ec:beCertificate

Key Usages

61:0b:7f:6b:00:00:00:00:00:19Certificate

Key Usages

25:06:0b:b7:95:bb:ab:61:e1:10:25:f1:7f:48:e6:6b:f5:0e:f2:75Signer

Headers

File Characteristics

PDB Paths

Imports

fsma32

fspmapi

gdi32

kernel32

user32

advapi32

shell32

Sections

.text Size: 76KB - Virtual size: 73KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 20KB - Virtual size: 19KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

01:00:00:00:00:01:27:9b:4b:d6:5d
Certificate

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

25:06:0b:b7:95:bb:ab:61:e1:10:25:f1:7f:48:e6:6b:f5:0e:f2:75
Signer

.text
Size: 76KB - Virtual size: 73KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 20KB - Virtual size: 19KB