f61c31679dce165dd8cf2c775cf15517_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f61c31679dce165dd8cf2c775cf15517_JaffaCakes118
Size

1.3MB
MD5

f61c31679dce165dd8cf2c775cf15517
SHA1

0078319b3c0763ca5e8f2d8580bd80d2f440f223
SHA256

a15f74e66aa3932088ede7caa8e4e9afffdd387427addaf76c59549d1766ce86
SHA512

5f19d09f820a0a947fca7ac4a378be8aa6923511bc45d94cede1a7fc7ec1f647d77efb615927c59eebad182977ac47e941e0af7a758a81fd8beb32f9fe7fa14d
SSDEEP

24576:XK78zjwjzbz2sTb++Rwa7ZKPPQyT3cj7wK/MR5+uv+uW+uh+u8+uK+uHF7FZ+D+q:Xw8ij2sTb++RwWoP4yTtK/MR4FW38GiW

Score

1^/10

Malware Config

Signatures

Files

f61c31679dce165dd8cf2c775cf15517_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0bd94addaea969266fa049c776cb2dad

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:1f:4a:c0:fb:2b:4a:49:93:0f:c1:97:53:ae:e0:4c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/10/2009, 00:00

Not After

22/10/2012, 23:59

Subject

CN=Net Transmit & Receive SL,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Net Transmit & Receive SL,L=Barcelona,ST=Barcelona,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

SetFilePointer
ReadFile
GetVolumeInformationA
GetVersionExA
GetWindowsDirectoryA
GetCurrentProcess
CreateDirectoryA
LocalFree
LocalAlloc
SizeofResource
LockResource
LoadResource
FindResourceA
GetCurrentDirectoryA
GetCurrentProcessId
HeapAlloc
GetProcessHeap
CreateMutexA
ReleaseMutex
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
lstrcpynA
GetLocaleInfoW
GetTimeZoneInformation
lstrcatA
lstrcpyA
CopyFileA
SetFileAttributesA
lstrcmpA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetCurrentThread
EnterCriticalSection
GetSystemDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
LoadLibraryA
GetProcAddress
SetCurrentDirectoryA
GetModuleHandleA
FreeLibrary
CreateEventA
CreateThread
WaitForSingleObject
GetTickCount
lstrlenW
Sleep
TerminateThread
SetEvent
MultiByteToWideChar
DeleteFileA
SetLastError
GetModuleFileNameA
GetVersion
CreateFileA
lstrlenA
WriteFile
CloseHandle
GetLastError
WideCharToMultiByte
GetTempPathA
GetTempFileNameA
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetHandleCount
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetStdHandle
VirtualAlloc
VirtualFree
GetUserDefaultLCID
GetStringTypeA
SetEndOfFile
GetConsoleMode
GetConsoleCP
SetStdHandle
HeapSize
QueryPerformanceFrequency
QueryPerformanceCounter
FormatMessageA
LocalSize
OutputDebugStringA
ExitProcess
GlobalAlloc
GlobalFree
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetLocaleInfoA
HeapFree
HeapReAlloc
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
GetFileType
LCMapStringA
LCMapStringW
GetCPInfo
GetTimeFormatA
GetDateFormatA
CompareStringA
CompareStringW
GetStringTypeW
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
HeapCreate
GetEnvironmentStringsW

user32

InvalidateRect
RegisterClassExA
EnableMenuItem
InsertMenuItemA
CreatePopupMenu
DestroyMenu
LoadAcceleratorsA
SystemParametersInfoA
SetWindowTextA
MessageBoxA
GetDesktopWindow
wsprintfA
GetSystemMetrics
DestroyWindow
CreateWindowExA
GetClassInfoA
LoadIconA
LoadCursorA
RegisterClassA
DefWindowProcA
PostQuitMessage
GetCapture
GetCursorPos
SetForegroundWindow
TrackPopupMenu
FlashWindow
GetMessageA
TranslateAcceleratorA
IsDialogMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
MoveWindow
SetWindowPos
EnableWindow
ShowWindow
SetFocus
UpdateWindow
SendMessageA
PostMessageA
BeginPaint
EndPaint
IntersectRect
TrackMouseEvent
SetCursor
SetCapture
PtInRect
ReleaseCapture
SetWindowLongA
GetWindowLongA
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
SetRectEmpty
KillTimer
SetTimer
SetRect
CallWindowProcA
GetWindowTextW
GetFocus

advapi32

CryptDestroyHash
CreateServiceA
StartServiceA
DeleteService
QueryServiceObjectSecurity
GetSecurityDescriptorDacl
BuildExplicitAccessWithNameA
SetEntriesInAclA
SetServiceObjectSecurity
OpenSCManagerA
CloseServiceHandle
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
FreeSid
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCloseKey
LookupAccountNameA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptReleaseContext

shell32

ShellExecuteA

ole32

CoTaskMemFree

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString

comctl32

InitCommonControlsEx

wsock32

WSAGetLastError
ioctlsocket
inet_addr
gethostbyname
WSAStartup
gethostname

gdi32

CreateFontA
BitBlt
SelectObject
CreateDIBSection
DeleteDC
DeleteObject
CreateCompatibleDC

Sections

.text
Size: 648KB - Virtual size: 647KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 86KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 369KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0bd94addaea969266fa049c776cb2dad

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

14:1f:4a:c0:fb:2b:4a:49:93:0f:c1:97:53:ae:e0:4cCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

comctl32

wsock32

gdi32

Sections

.text Size: 648KB - Virtual size: 647KB

.rdata Size: 176KB - Virtual size: 175KB

.data Size: 86KB - Virtual size: 94KB

.rsrc Size: 369KB - Virtual size: 369KB

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

14:1f:4a:c0:fb:2b:4a:49:93:0f:c1:97:53:ae:e0:4c
Certificate

.text
Size: 648KB - Virtual size: 647KB

.rdata
Size: 176KB - Virtual size: 175KB

.data
Size: 86KB - Virtual size: 94KB

.rsrc
Size: 369KB - Virtual size: 369KB