eba2fd281aa332640152599e8becfdf2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eba2fd281aa332640152599e8becfdf2_JaffaCakes118
Size

257KB
MD5

eba2fd281aa332640152599e8becfdf2
SHA1

6873f9b4700cec21377f9f74e6561edcac4d5241
SHA256

53ac338135f0097ba0afe854941897f1d5bec82a8aae6397952b26d2aba3f5d6
SHA512

0315039b397a63c96201f94f48b1fbed25a635fe2f6ce68b5c9cf2f2af40c2a494921522850961f4b77e3cb60013e7dc727c8f405844e86b9fdb5fc4175976d0
SSDEEP

6144:DEMi22zmkOUr2n3+VtKcWiYVDRYIhvKg88p:4Mi22SkOsVtKcWiYuA

Score

1^/10

Malware Config

Signatures

Files

eba2fd281aa332640152599e8becfdf2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2195332d504ebf111f526b686de7f3e9

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:e2:99:00:6f:7a:e2:5e:06:2b:1a:7a:06:7f:c5:48
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

05/04/2006, 00:00

Not After

13/04/2009, 23:59

Subject

CN=CyberLink,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CyberLink,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f7:15:9d:20:a2:78:c0:e7:d6:c1:61:50:96:1c:6b:9e:4a:d0:38:95
Signer

Actual PE Digest

f7:15:9d:20:a2:78:c0:e7:d6:c1:61:50:96:1c:6b:9e:4a:d0:38:95

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
GetCurrentThreadId
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetVersionExA
InitializeCriticalSection
InterlockedIncrement
LeaveCriticalSection
LockFile
LockFileEx
MultiByteToWideChar
ReadFile
SetEndOfFile
SetFilePointer
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
UnlockFile
WideCharToMultiByte
WriteFile

msvcrt

_iob
atoi
free
isalnum
isdigit
isspace
isxdigit
localtime
malloc
memcpy
memset
realloc
sprintf
strcat
strcmp
strcpy
strncmp
strncpy
tolower
toupper

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_function
sqlite3_create_function16
sqlite3_data_count
sqlite3_db_handle
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_mprintf
sqlite3_open
sqlite3_open16
sqlite3_prepare
sqlite3_prepare16
sqlite3_progress_handler
sqlite3_reset
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_snprintf
sqlite3_step
sqlite3_thread_cleanup
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_vmprintf

Sections

.text
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 448B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2195332d504ebf111f526b686de7f3e9

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

79:e2:99:00:6f:7a:e2:5e:06:2b:1a:7a:06:7f:c5:48Certificate

Extended Key Usages

Key Usages

f7:15:9d:20:a2:78:c0:e7:d6:c1:61:50:96:1c:6b:9e:4a:d0:38:95Signer

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 241KB - Virtual size: 240KB

.data Size: 512B - Virtual size: 248B

.bss Size: - Virtual size: 448B

.edata Size: 3KB - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

79:e2:99:00:6f:7a:e2:5e:06:2b:1a:7a:06:7f:c5:48
Certificate

f7:15:9d:20:a2:78:c0:e7:d6:c1:61:50:96:1c:6b:9e:4a:d0:38:95
Signer

.text
Size: 241KB - Virtual size: 240KB

.data
Size: 512B - Virtual size: 248B

.bss
Size: - Virtual size: 448B

.edata
Size: 3KB - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB