ee702697678035626ed75f89fa7bcdb5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ee702697678035626ed75f89fa7bcdb5_JaffaCakes118
Size

262KB
MD5

ee702697678035626ed75f89fa7bcdb5
SHA1

8f3a29e20470462d2cf1f66bcc14b6d90ebfc605
SHA256

08bd4c6afb3cf682b949bc4b1853a2e98b14d37569dd61d21724e6cc0c75ef53
SHA512

e23981d512c2892097d502cd9da929a34e9f2e824ccaaca5cb7c11bccb425f6a33247db042fb9cf9eb323e99909647312687234220ba759ab7014e81b2abffae
SSDEEP

6144:lqCbbe+R6SjMbnysLWN682NCYRDXlcTwgLnJF8UF7w68q5:pbe+IlbnBiNHYDVYwgLJFNF

Score

1^/10

Malware Config

Signatures

Files

ee702697678035626ed75f89fa7bcdb5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2fcdd769df6e3b8cfa2779323dbb9076

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29-01-1996 00:00

Not After

01-08-2028 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20-01-2010 00:00

Not After

24-01-2012 23:59

Subject

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f3:e9:16:07:07:24:3a:b2:65:b5:0f:80:95:20:03:a6:55:0a:c9:4d
Signer

Actual PE Digest

f3:e9:16:07:07:24:3a:b2:65:b5:0f:80:95:20:03:a6:55:0a:c9:4d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMailslotA
lstrcmp
SetPriorityClass
GetProcAddress
OpenEventW
CreateSemaphoreW
GetLastError
LoadLibraryA
GetWindowsDirectoryA
VirtualAlloc
GetCurrentThreadId
IsBadCodePtr

user32

GetCapture
DestroyMenu
SendMessageW
UpdateWindow
CreateWindowExA
GetFocus
GetClassInfoW
DefWindowProcW
GetDlgItem
GetMenuItemID
ArrangeIconicWindows
GetWindowTextW
CreateAcceleratorTableW
GetDC
EnumChildWindows
EnumDesktopWindows
GetAsyncKeyState
GetMenuStringW
MoveWindow
CharUpperW
EnableWindow
SetCursorPos
GetCaretPos
GetWindowRect
GetKeyState
PeekMessageA
InvalidateRgn
GetWindowTextA
TrackPopupMenu
GetMenuItemInfoW
CheckMenuItem

gdi32

GetRandomRgn
MoveToEx
BitBlt
SetBitmapDimensionEx
StartPage
GetColorSpace
PolylineTo
EnumEnhMetaFile
GetCharABCWidthsFloatA
SetAbortProc
ExtEscape
PatBlt
AddFontResourceW
GetDCPenColor
CreateDIBSection
SetViewportExtEx
SetMiterLimit
CopyEnhMetaFileW

advapi32

RegOpenKeyExW
RegRestoreKeyW
RegOpenKeyExA
RegReplaceKeyW
RegEnumValueW

opengl32

glBegin

ws2_32

WSACleanup
WSAEnumNetworkEvents
gethostbyname
select
getprotobynumber
bind
recv
connect
WSASendTo

Sections

.GKPTv
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wLBIa
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.b
Size: 1024B - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Dl
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HbgW
Size: 1KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.axiPP
Size: 512B - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VguY
Size: 2KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.MrZmI
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.T
Size: 1KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pEn
Size: 2KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.peO
Size: 1024B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.QyoMA
Size: 1024B - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2fcdd769df6e3b8cfa2779323dbb9076

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

f3:e9:16:07:07:24:3a:b2:65:b5:0f:80:95:20:03:a6:55:0a:c9:4dSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

opengl32

ws2_32

Sections

.GKPTv Size: 10KB - Virtual size: 11KB

.wLBIa Size: 1024B - Virtual size: 17KB

.b Size: 1024B - Virtual size: 35KB

.Dl Size: 4KB - Virtual size: 3KB

.HbgW Size: 1KB - Virtual size: 33KB

.axiPP Size: 512B - Virtual size: 39KB

.VguY Size: 2KB - Virtual size: 32KB

.MrZmI Size: 2KB - Virtual size: 3KB

.T Size: 1KB - Virtual size: 13KB

.pEn Size: 2KB - Virtual size: 32KB

.peO Size: 1024B - Virtual size: 12KB

.QyoMA Size: 1024B - Virtual size: 44KB

.rsrc Size: 222KB - Virtual size: 222KB

.reloc Size: 1024B - Virtual size: 806B

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

f3:e9:16:07:07:24:3a:b2:65:b5:0f:80:95:20:03:a6:55:0a:c9:4d
Signer

.GKPTv
Size: 10KB - Virtual size: 11KB

.wLBIa
Size: 1024B - Virtual size: 17KB

.b
Size: 1024B - Virtual size: 35KB

.Dl
Size: 4KB - Virtual size: 3KB

.HbgW
Size: 1KB - Virtual size: 33KB

.axiPP
Size: 512B - Virtual size: 39KB

.VguY
Size: 2KB - Virtual size: 32KB

.MrZmI
Size: 2KB - Virtual size: 3KB

.T
Size: 1KB - Virtual size: 13KB

.pEn
Size: 2KB - Virtual size: 32KB

.peO
Size: 1024B - Virtual size: 12KB

.QyoMA
Size: 1024B - Virtual size: 44KB

.rsrc
Size: 222KB - Virtual size: 222KB

.reloc
Size: 1024B - Virtual size: 806B