f596dd1aead697ee3e246b79d7c589f1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f596dd1aead697ee3e246b79d7c589f1_JaffaCakes118
Size

70KB
MD5

f596dd1aead697ee3e246b79d7c589f1
SHA1

f36a85b27782aec5923506e791a94bd6d00f4dc8
SHA256

2fa05f082a73e6b61a31f788f9c156c7df8a8dfbdd8f3d5879643d0f7296dc32
SHA512

52495a54712bbd0c071e48107cb6034ef0439eef30ae5881d56c60e831f268977e29cf6aa5a24c23c3e675c5ce5c6ce939dc464bbd30593e63ae4f1077a3ba4b
SSDEEP

1536:zYYYYYYYYYYYYYbxFJBDYYYU2gX1CCTI5m52fpkXJm5Z:zYYYYYYYYYYYYYbvXDYYYU2gX1CCGZp7

Score

1^/10

Malware Config

Signatures

Files

f596dd1aead697ee3e246b79d7c589f1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

54164f58df2a452f35c52cd43a4cb48d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:3a:64:81:8c:1e:08:6b:1b:15:ae:e6:3f:a0:54:a2
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/06/2008, 00:00

Not After

11/06/2011, 23:59

Subject

CN=Sun Microsystems\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Sun Microsystems\, Inc.,L=Menlo Park,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

24:b5:93:c8:49:8e:7e:76:0a:c3:75:af:22:f8:5d:e7:d4:11:6b:4a
Signer

Actual PE Digest

24:b5:93:c8:49:8e:7e:76:0a:c3:75:af:22:f8:5d:e7:d4:11:6b:4a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tinderbox\win-3.2\out\win.x86\release\obj\VBoxHeadless\VBoxHeadless.pdb

Imports

user32

TranslateMessage
DispatchMessageW
PeekMessageW
UnregisterClassA
GetMessageW
PostThreadMessageW
UnregisterClassW
MsgWaitForMultipleObjects

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree
StringFromIID

oleaut32

SysStringLen
SysFreeString
LoadTypeLi
SysAllocStringLen
GetErrorInfo
SetErrorInfo
LoadRegTypeLi
SysAllocString

vboxrt

RTStrToUtf16
RTUtf16Free
RTUuidIsNull
RTPrintf
RTEnvGet
RTUuidClear
RTUuidFromUtf16
RTUuidToUtf16
??1MiniString@iprt@@UAE@XZ
?compare@MiniString@iprt@@QBEHPBDW4CaseSensitivity@12@@Z
RTUtf16LocaleICmp
RTUtf16Cmp
RTUtf16ToUtf8
RTLdrGetSymbol
RTR3InitAndSUPLib
RTCritSectDelete
RTMemFree
RTCritSectEnter
SUPR3HardenedLdrLoadAppPriv
RTStrPrintf
RTProcSelf
??4MiniString@iprt@@QAEAAV01@PBD@Z
RTStrToLower
RTStrToUpper
?jolt@MiniString@iprt@@QAEXXZ
RTPathStripTrailingSlash
RTPathStripFilename
RTPathStripExt
RTMemRealloc
RTMemTmpFree
RTStrFormatV
RTMemTmpAllocZ
RTErrConvertFromWin32
RTThreadSelf
??0MiniString@iprt@@QAE@PBD@Z
??0MiniString@iprt@@QAE@ABV01@@Z
?c_str@MiniString@iprt@@QBEPBDXZ
RTPathFilename
RTPathAbs
RTDirCreateFullPath
RTDirExists
RTPathAppend
RTPathUserHome
RTEnvGetEx
RTStrFree
RTStrAPrintfV
RTThreadNativeSelf
RTSemRWCreateEx
RTSemRWDestroy
RTSemRWIsWriteOwner
RTSemRWRequestWrite
RTSemRWReleaseWrite
RTSemRWRequestRead
RTSemRWReleaseRead
RTSemRWGetWriteRecursion
RTCritSectInitEx
RTGetOptPrintError
RTBldCfgVersion
RTBldCfgRevisionStr
RTGetOpt
RTGetOptInit
RTCritSectInit
RTMemAllocZ
RTCritSectLeave
RTEnvUnset

msvcr71

realloc
memset
exit
__security_error_handler
??0exception@@QAE@XZ
_except_handler3
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
??3@YAXPAX@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
strtoul
_errno
free
??_V@YAXPAX@Z
__CxxFrameHandler
??2@YAPAXI@Z
strchr
??_U@YAPAXI@Z
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
strncpy
__p___initenv
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_purecall
memmove

kernel32

ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
InterlockedIncrement
GetLastError
CloseHandle
GetCurrentThreadId
GetCurrentProcess
GetCurrentThread
DuplicateHandle
GetVersionExA
GetModuleHandleA
lstrlenW
EnterCriticalSection
GetModuleFileNameW
LeaveCriticalSection
InterlockedDecrement
GetSystemTimeAsFileTime
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Exports

Exports

TrustedMain

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

54164f58df2a452f35c52cd43a4cb48d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

69:3a:64:81:8c:1e:08:6b:1b:15:ae:e6:3f:a0:54:a2Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

24:b5:93:c8:49:8e:7e:76:0a:c3:75:af:22:f8:5d:e7:d4:11:6b:4aSigner

Headers

File Characteristics

PDB Paths

Imports

user32

ole32

oleaut32

vboxrt

msvcr71

kernel32

advapi32

msvcp71

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

69:3a:64:81:8c:1e:08:6b:1b:15:ae:e6:3f:a0:54:a2
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

24:b5:93:c8:49:8e:7e:76:0a:c3:75:af:22:f8:5d:e7:d4:11:6b:4a
Signer

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 1KB