f0c444649c14fcbd1465a115904ab307_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f0c444649c14fcbd1465a115904ab307_JaffaCakes118
Size

137KB
MD5

f0c444649c14fcbd1465a115904ab307
SHA1

181e63e664b2b9dd96290e0d4911e212a30f46fb
SHA256

4a74371f296b82588b6302bb60e903a49ff896240e59208bc835ec18da1224f9
SHA512

9bfd94b99f56b95a8b1450ea69623c7982d7f34a22467deb84e67002397d7915ff5dba57ce69fbad1fdeb1ded7a162962016d2a0defe0c2a223bc4e0978d29db
SSDEEP

3072:9K/NuKug4i5tCrlnAOnzmdWVsEZoI/7RgkJ7cvDWrsDCtpZio:qug4iWr/z3rZlJmyADC3Zv

Score

1^/10

Malware Config

Signatures

Files

f0c444649c14fcbd1465a115904ab307_JaffaCakes118
.exe windows:3 windows x86 arch:x86

e2f9e8b51a954f79006f95658a99bf6c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:ef:4f:72:14:93:67:bc:c7:77:5d:00:00:90:9c:1d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

29/01/2010, 00:00

Not After

30/01/2012, 23:59

Subject

CN=VIRUSBLOKADA LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=VIRUSBLOKADA LTD.,L=Minsk,ST=none,C=BY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:bf:10:ab:b4:03:89:7e:d2:6d:10:54:77:46:8d:da:9b:d0:93:3a
Signer

Actual PE Digest

10:bf:10:ab:b4:03:89:7e:d2:6d:10:54:77:46:8d:da:9b:d0:93:3a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForMultipleObjects
GetLongPathNameW
AddAtomW
OpenWaitableTimerA
CreateNamedPipeA
GetCalendarInfoA
GetAtomNameA
OpenMutexA
lstrcmpW
FindResourceW
GetFullPathNameA
ReadDirectoryChangesW
CreateFileMappingA
GetMailslotInfo
LoadLibraryW
lstrlen
GetCalendarInfoW
GetSystemDirectoryA
GetTempPathW
GetWindowsDirectoryW
DuplicateHandle
GetVersionExA
GetComputerNameA
GetCurrentDirectoryA
CreateSemaphoreA
CreateMutexA
lstrcmpiW
GetLogicalDriveStringsW
lstrcatW
SearchPathA
GetModuleFileNameW
CompareFileTime
SetCalendarInfoW
FatalAppExitA
GetSystemInfo
GetNumberFormatA
GetVersionExW
GetDiskFreeSpaceA
GetThreadPriority
WaitForSingleObject
TlsAlloc
FileTimeToDosDateTime
CopyFileA
GetModuleHandleA
CreateNamedPipeW
EnumTimeFormatsA
lstrcpynW
GetLogicalDriveStringsA
EndUpdateResourceW
GetUserDefaultLCID
GetShortPathNameW
GetProcAddress

user32

GetCaretPos
GetClassInfoW
UnregisterClassW
UpdateWindow
CheckDlgButton
CreateWindowExW
GetKeyboardType
GetClassLongW
CheckMenuItem
AdjustWindowRect
CreatePopupMenu
GetCursorPos
GetSysColor
GetActiveWindow
LoadMenuIndirectW
EnumDesktopsA
wvsprintfA
CloseWindow
CharPrevA
SetWindowPos
SetActiveWindow
MonitorFromRect
GetMenuItemCount
SetDlgItemTextW
GetWindowDC
DestroyMenu
GetMenuItemInfoA
GetSysColorBrush
IsWindowEnabled
GetActiveWindow
GetDlgItemTextA
GetClassNameW
PostQuitMessage
AnimateWindow
DrawTextW
UnregisterClassA
GetClientRect
IsIconic
EnumWindows
DefFrameProcA
wsprintfW
EndDialog
OffsetRect
GetWindowTextLengthW
GetClassInfoA

gdi32

GetArcDirection
PolyPolyline
SetAbortProc
GetICMProfileW
GetViewportExtEx
CreatePalette
DeleteObject
CreateEllipticRgn
SetBkColor
SetROP2
GetMiterLimit
OffsetClipRgn
SetMetaFileBitsEx
IntersectClipRect
GetMetaFileA
SetTextCharacterExtra
ScaleViewportExtEx
RectInRegion
CreatePolyPolygonRgn
PlayEnhMetaFile

advapi32

RegRestoreKeyA
RegQueryMultipleValuesW
RegDeleteKeyW
RegQueryMultipleValuesA
RegReplaceKeyW
RegDeleteValueW
RegOpenKeyA

shell32

SHGetFolderPathA
StrChrIA
SHCreateDirectory
StrRStrIA
StrRStrIW
StrStrIA

shlwapi

ColorRGBToHLS
StrSpnW
SHDeleteKeyW
SHRegDuplicateHKey
StrCSpnIW
SHOpenRegStream2A

comctl32

ShowHideMenuCtl
ImageList_LoadImage
DrawStatusTextA
CreateStatusWindow
ImageList_SetImageCount
ImageList_Create
DestroyPropertySheetPage

ole32

IsValidIid
CoDosDateTimeToFileTime
CoDisconnectObject
CoGetInstanceFromFile
CoGetClassObject
OleCreate
StringFromCLSID

oleaut32

VarBoolFromR8
VarR8FromUI4
VarDecFromR4
VarR4FromUI8
VarI2FromI8
QueryPathOfRegTypeLib
VarDateFromR4

ws2_32

getpeername
recvfrom
htonl
connect
WSAIoctl
select
WSAAccept
htonl

urlmon

HlinkSimpleNavigateToString
URLOpenStreamA
CopyBindInfo
CoInternetGetProtocolFlags
RegisterMediaTypeClass
UrlMkSetSessionOption
URLDownloadToFileA

winspool.drv

EnumFormsW
EXTDEVICEMODE
StartDocDlgW
DeviceCapabilitiesA
DeleteMonitorW
AddPortExW
SetFormW
ConfigurePortW
ScheduleJob
AddPortExA

inetcomm

CreateSMTPTransport
MimeEditViewSource
HrAttachDataFromBodyPart
HrDoAttachmentVerb
MimeOleGetDefaultCharset
MimeOleGenerateCID
MimeOleGetInternat
MimeOleCreateMessage

wsock32

send
ntohl
GetAddressByNameA
getsockopt
getpeername
WSASetBlockingHook
connect

crypt32

CertCreateSelfSignCertificate
CertSaveStore
CertCompareCertificateName
CryptMsgVerifyCountersignatureEncodedEx
CryptMsgControl
I_CryptCreateLruEntry

Sections

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 1KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 22KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2f9e8b51a954f79006f95658a99bf6c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

2b:ef:4f:72:14:93:67:bc:c7:77:5d:00:00:90:9c:1dCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

10:bf:10:ab:b4:03:89:7e:d2:6d:10:54:77:46:8d:da:9b:d0:93:3aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

comctl32

ole32

oleaut32

ws2_32

urlmon

winspool.drv

inetcomm

wsock32

crypt32

Sections

.rdata Size: 17KB - Virtual size: 17KB

.rdata Size: 6KB - Virtual size: 6KB

.edata Size: 1KB - Virtual size: 39KB

.rdata Size: 1024B - Virtual size: 22KB

.data Size: 11KB - Virtual size: 15KB

.edata Size: 1024B - Virtual size: 8KB

.rsrc Size: 89KB - Virtual size: 88KB

.reloc Size: 1024B - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

2b:ef:4f:72:14:93:67:bc:c7:77:5d:00:00:90:9c:1d
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

10:bf:10:ab:b4:03:89:7e:d2:6d:10:54:77:46:8d:da:9b:d0:93:3a
Signer

.rdata
Size: 17KB - Virtual size: 17KB

.rdata
Size: 6KB - Virtual size: 6KB

.edata
Size: 1KB - Virtual size: 39KB

.rdata
Size: 1024B - Virtual size: 22KB

.data
Size: 11KB - Virtual size: 15KB

.edata
Size: 1024B - Virtual size: 8KB

.rsrc
Size: 89KB - Virtual size: 88KB

.reloc
Size: 1024B - Virtual size: 4KB