eebcb7a6ab8fd5ea49a389544423b177_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eebcb7a6ab8fd5ea49a389544423b177_JaffaCakes118
Size

748KB
MD5

eebcb7a6ab8fd5ea49a389544423b177
SHA1

433086327b460745c53876024a6f9626b91c4519
SHA256

31bab278396218f47fa84d77d192aa7eb0e90e5b016a8b3e3336c5ee7a46b927
SHA512

fc8f58c736f77bacc03c2a63ff8eff26a5239c50e9ad6d5a25edbb2134bb9272a4cebf7525698727fccd52206f26f9a630b5cbf724009678cd7b24291e5c3582
SSDEEP

12288:swE6qS+KnjhoSY+LqqA3V2ABWIE/RDAzxni8l+GECrkpRdWoSeOdDGKDj5cDTIux:sR6qSDLqqENIZ/RkliPGZryRnOoEITIy

Score

1^/10

Malware Config

Signatures

Files

eebcb7a6ab8fd5ea49a389544423b177_JaffaCakes118
.exe windows:4 windows x86 arch:x86

527fca6b068b218fe875bfd27e850980

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:04:62:49:4e:05:65:d5:fa:cb:80:34:ff:15:21:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

30/03/2011, 00:00

Not After

19/04/2014, 23:59

Subject

CN=Exent Technologies Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Exent Technologies Ltd.,L=Petah-Tikva,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
GetExitCodeThread
CreateThread
OutputDebugStringA
GetLastError
CreateEventA
LocalFree
SetFileTime
ReadFile
LocalAlloc
GetFileSize
WriteFile
SetFilePointer
LockResource
LoadResource
SizeofResource
FindResourceA
WaitForSingleObject
CreateFileA
GetModuleFileNameA
GetTempPathA
GetTickCount
GetProcAddress
LoadLibraryW
MultiByteToWideChar
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
FreeLibrary
CloseHandle
IsBadReadPtr
FlushFileBuffers
WideCharToMultiByte
CreateProcessA
LoadLibraryExA
LoadLibraryA
DeleteFileA
CreateDirectoryA
RemoveDirectoryA
MoveFileA
CopyFileA
GetFileAttributesA
FindFirstFileA
FindNextFileA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
CreateProcessW
LoadLibraryExW
GetTempPathW
CreateFileW
DeleteFileW
CreateDirectoryW
RemoveDirectoryW
MoveFileW
CopyFileW
GetFileAttributesW
FindFirstFileW
FindNextFileW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
ReleaseSemaphore
GetVersionExA
CreateSemaphoreA
GetModuleFileNameW
FindClose
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetStdHandle
GetFileType
RtlUnwind
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
RaiseException
InterlockedDecrement
InterlockedIncrement
SetHandleCount
GetStdHandle
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
TerminateProcess
GetCurrentProcess
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW

user32

wsprintfA
SetWindowTextA
LoadIconA
SendMessageA
PostMessageA
DestroyIcon
PostQuitMessage
CreateDialogParamA
FindWindowA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
ShowWindow

shell32

ShellExecuteExA
ShellExecuteA
ShellExecuteExW

comctl32

InitCommonControlsEx

ole32

CoInitialize

version

GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW

Exports

Exports

??0IExentCtlInstaller@@QAE@ABV0@@Z
??0IExentCtlInstaller@@QAE@XZ
??4IExentCtlInstaller@@QAEAAV0@ABV0@@Z
??_7IExentCtlInstaller@@6B@

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 644KB - Virtual size: 643KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

527fca6b068b218fe875bfd27e850980

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

05:04:62:49:4e:05:65:d5:fa:cb:80:34:ff:15:21:e4Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

shell32

comctl32

ole32

version

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 66KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 16KB - Virtual size: 18KB

.rsrc Size: 644KB - Virtual size: 643KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

05:04:62:49:4e:05:65:d5:fa:cb:80:34:ff:15:21:e4
Certificate

.text
Size: 68KB - Virtual size: 66KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 16KB - Virtual size: 18KB

.rsrc
Size: 644KB - Virtual size: 643KB