f6efca86eed02cbc816471db75c10a8c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f6efca86eed02cbc816471db75c10a8c_JaffaCakes118
Size

66KB
MD5

f6efca86eed02cbc816471db75c10a8c
SHA1

2cd5aa77aa45b389ff02b769a2d3c2f3dca290d3
SHA256

8987f0684ed6bd6a0b4b40788db8c3cff8d575d647267407eb1d38d006686483
SHA512

00774296d3390b4de3fe425d559a489512b30d275e8941bf8adb8bd3a80326df49505d9897be40fe4a31412b2ccce3ac00f40903f369efaaba628fa6515e195b
SSDEEP

768:6sz3Mfz6JrSM+h9ooJlZ6jtvhrJ+I+BqeLqSft8kjMiJ38KQCVtLWQbC5n:6xz65YrxZ67rJhknVaiJ38+VtaECt

Score

1^/10

Malware Config

Signatures

Files

f6efca86eed02cbc816471db75c10a8c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b1c84e6836e0f576436b4de2b8b1dbec

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19/11/2009, 00:00

Not After

18/11/2012, 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b3:c0:85:54:c2:cf:5d:ff:69:af:c0:c7:32:17:2d:e3:15:5c:4c:b4
Signer

Actual PE Digest

b3:c0:85:54:c2:cf:5d:ff:69:af:c0:c7:32:17:2d:e3:15:5c:4c:b4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2614
ord861
ord924
ord858
ord939
ord2818
ord537
ord540
ord823
ord860
ord825
ord535
ord800

msvcrt

__RTDynamicCast
wcslen
_wtol
atoi
_mbsicmp
__p___argc
__p___argv
_strdup
isalnum
isspace
strtoul
memcmp
memset
_itoa
_strnicmp
free
malloc
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_mbscmp
sprintf
__CxxFrameHandler
_mbsnicmp
_mbsspn
_mbscspn
strlen
memcpy
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_mbsnbcpy
_acmdln
_stricmp

kernel32

GetTempPathA
lstrlenW
GetTempFileNameA
GetProcAddress
LoadLibraryA
lstrcpyA
CreateProcessA
GetEnvironmentVariableA
OutputDebugStringA
GetLastError
MultiByteToWideChar
lstrlenA
FreeLibrary
GetStartupInfoA
Sleep
GetModuleHandleA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
CopyFileA
WideCharToMultiByte

user32

CharNextA
TranslateMessage
DispatchMessageA
wsprintfA
IsWindow
PostMessageA
EndDialog
PostQuitMessage
DefWindowProcA
CreateWindowExA
ShowWindow
UpdateWindow
LoadCursorA
RegisterClassExA
GetMessageA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA

shell32

ShellExecuteA

ole32

CoTaskMemAlloc
CreateBindCtx
CoTaskMemFree
CoInitialize

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString

urlmon

RegisterBindStatusCallback
RevokeBindStatusCallback
CreateURLMoniker

msvcp60

??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ

wininet

InternetCrackUrlA

shlwapi

StrStrIW
PathFindExtensionA
PathFindFileNameA
PathAppendA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1c84e6836e0f576436b4de2b8b1dbec

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65Certificate

Extended Key Usages

Key Usages

b3:c0:85:54:c2:cf:5d:ff:69:af:c0:c7:32:17:2d:e3:15:5c:4c:b4Signer

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

urlmon

msvcp60

wininet

shlwapi

version

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 940B

.rsrc Size: 16KB - Virtual size: 14KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

b3:c0:85:54:c2:cf:5d:ff:69:af:c0:c7:32:17:2d:e3:15:5c:4c:b4
Signer

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 940B

.rsrc
Size: 16KB - Virtual size: 14KB