efb8638c018cd428b9dd78b7f89e2faf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

efb8638c018cd428b9dd78b7f89e2faf_JaffaCakes118
Size

225KB
MD5

efb8638c018cd428b9dd78b7f89e2faf
SHA1

b057531914d7728e3c80777faefceee1584ed6c4
SHA256

c9dec6a6b0ff76274c56702562ad46ab553a499d045257907cb9195811521f25
SHA512

11d3cae8b7e4fe34a8f62c7040f682a646995f5207a6ce641a5a0d741848a38ffaea722b28dbaa4f98fa4ab9dfc40e6a0deda046a1e1f3adf05d9316ab8ca384
SSDEEP

6144:9vWzEBMsRCoxsYH0WBDFrQ10IzLDS7OoazfU0n3eGYUau3cwj2d8T5ReHmI6:Ugaswb0D80+D3eT6

Score

1^/10

Malware Config

Signatures

Files

efb8638c018cd428b9dd78b7f89e2faf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4e38b9e03b8b2b7fc0d659e4fafa0327

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:b2:d3:c2:21:07:bc:a3:05:4c:66:a7:95:9f:1b:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/09/2009, 00:00

Not After

25/10/2012, 23:59

Subject

CN=Norman ASA,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarter,O=Norman ASA,L=Lysaker,ST=Oslo,C=NO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e3:3a:84:fc:b7:00:f5:da:50:ae:46:cb:5d:93:67:76:c9:e6:ba:5b
Signer

Actual PE Digest

e3:3a:84:fc:b7:00:f5:da:50:ae:46:cb:5d:93:67:76:c9:e6:ba:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSCWriteProviderOrder
WSCInstallProvider
WSCDeinstallProvider
WSCEnumProtocols
WSCGetProviderPath
WSACleanup
WSAStartup

kernel32

CreateDirectoryW
SetFileAttributesW
CreateFileW
SetFilePointer
WriteFile
GetEnvironmentVariableW
GetComputerNameW
GetFileAttributesA
GetModuleFileNameA
FlushFileBuffers
CreateDirectoryA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetFileAttributesW
GetComputerNameA
GetStartupInfoA
MultiByteToWideChar
WideCharToMultiByte
DeviceIoControl
GetSystemDirectoryA
GetSystemDirectoryW
OpenProcess
CreateSemaphoreA
ExpandEnvironmentStringsA
HeapAlloc
HeapFree
HeapCreate
HeapDestroy
CompareStringW
CompareStringA
GetCurrentProcess
GetModuleHandleW
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseMutex
OpenMutexA
CreateMutexA
WaitForMultipleObjects
OpenEventA
UnmapViewOfFile
OpenFileMappingA
GetModuleHandleA
GetVersionExA
CreateFileMappingA
LocalAlloc
MapViewOfFile
lstrcatA
FormatMessageA
LocalFree
OutputDebugStringA
GetCurrentProcessId
CreateThread
Sleep
FreeLibrary
CloseHandle
GetCurrentThreadId
GetModuleFileNameW
SetEvent
CreateEventA
ResetEvent
WaitForSingleObject
LoadLibraryA
GetLastError
GetProcAddress
ExitThread
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
VirtualAlloc
VirtualFree
TlsGetValue
RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
InterlockedDecrement
InterlockedIncrement
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
TlsSetValue
TlsAlloc
SetLastError

advapi32

ControlService
SetKernelObjectSecurity
RegEnumKeyExA
QueryServiceConfigA
CreateServiceA
ChangeServiceConfigA
GetUserNameA
OpenServiceA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
GetUserNameW
StartServiceCtrlDispatcherA
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetServiceStatus
RegisterServiceCtrlHandlerA
DeleteService
OpenSCManagerA
CreateServiceW
OpenServiceW
QueryServiceConfigW
ChangeServiceConfigW
CloseServiceHandle
StartServiceA

psapi

GetModuleFileNameExW
GetModuleFileNameExA

rpcrt4

UuidCreate

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 86KB - Virtual size: 639KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e38b9e03b8b2b7fc0d659e4fafa0327

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

5c:b2:d3:c2:21:07:bc:a3:05:4c:66:a7:95:9f:1b:5fCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

e3:3a:84:fc:b7:00:f5:da:50:ae:46:cb:5d:93:67:76:c9:e6:ba:5bSigner

Headers

File Characteristics

Imports

ws2_32

kernel32

advapi32

psapi

rpcrt4

Sections

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 86KB - Virtual size: 639KB

.rsrc Size: 1KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

5c:b2:d3:c2:21:07:bc:a3:05:4c:66:a7:95:9f:1b:5f
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

e3:3a:84:fc:b7:00:f5:da:50:ae:46:cb:5d:93:67:76:c9:e6:ba:5b
Signer

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 86KB - Virtual size: 639KB

.rsrc
Size: 1KB - Virtual size: 1KB