f664449ba88a98ab15f1537b93f65a46_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f664449ba88a98ab15f1537b93f65a46_JaffaCakes118
Size

330KB
MD5

f664449ba88a98ab15f1537b93f65a46
SHA1

d623c3317ae3707f533efe8ff7820059dfe59111
SHA256

d0477682dcd6894924faa6ab24280fc51cb5161437e85466f2a4d7d2128e3fa6
SHA512

caad93f4cd22d490433d6043febf5bfeb60b6bf522a4bae328c5ad866dcd749d85b36ff2e800ad3614205d3ec3a9a86be495c63ef7620abf2c08ba10be7a8c57
SSDEEP

6144:CxYOD9JuLzaU+tnumlPycI5cKkqnqqDLuYJ3wKANH:CvJuUtnuwycDKjqqnuGhAN

Score

1^/10

Malware Config

Signatures

Files

f664449ba88a98ab15f1537b93f65a46_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d50dcd30d720727787c920750abcc838

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:a4:a0:cc:44:84:43:c2:88:a2:2a:91:d7:f8:21:26
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/03/2011, 00:00

Not After

13/04/2014, 23:59

Subject

CN=AnchorFree Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AnchorFree Inc,L=Sunnyvale,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

88:76:c4:5d:62:47:c9:52:ed:24:d8:81:77:29:3c:31:aa:b8:f7:cb
Signer

Actual PE Digest

88:76:c4:5d:62:47:c9:52:ed:24:d8:81:77:29:3c:31:aa:b8:f7:cb

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

winmm

mixerClose
mixerGetControlDetailsA
mixerGetLineControlsA
mixerGetLineInfoA
mixerOpen
mixerSetControlDetails

advapi32

ChangeServiceConfig2A
CloseServiceHandle
ControlService
CreateServiceA
DeleteService
DeregisterEventSource
InitializeSecurityDescriptor
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegCloseKey
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExA
RegEnumKeyExW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegSetValueExW
RegisterEventSourceA
RegisterServiceCtrlHandlerExA
ReportEventA
SetSecurityDescriptorDacl
SetServiceStatus
StartServiceA
StartServiceCtrlDispatcherA

iphlpapi

GetAdaptersInfo
GetIpAddrTable
GetIpForwardTable

kernel32

CloseHandle
CompareFileTime
CopyFileA
CopyFileW
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileW
CreateProcessA
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FormatMessageA
FreeLibrary
GetCurrentProcess
GetCurrentThreadId
GetFileSize
GetFileTime
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessTimes
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersionExA
GetVolumeInformationA
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LocalFree
MoveFileA
MultiByteToWideChar
OpenEventA
OutputDebugStringA
OutputDebugStringW
Process32First
Process32Next
PulseEvent
ReadFile
ResetEvent
SetConsoleCtrlHandler
SetEvent
SetFileAttributesA
SetFilePointer
SetFileTime
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrlenA

msvcrt

_close
_fdopen
_lseek
_mkdir
_open
_read
_setmode
_stat
_strdup
_stricmp
_strnicmp
_unlink
_write
__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_iob
_isctype
_mkdir
_onexit
_pctype
_setmode
_snprintf
_snwprintf
_splitpath
_stat
_stricmp
_strnicmp
_vsnprintf
_vsnwprintf
_winmajor
_wstat
abort
atexit
atoi
calloc
clock
ctime
exit
fclose
fflush
fgetc
fgets
fopen
fprintf
fputc
fread
free
fseek
ftell
fwrite
getenv
gmtime
isalnum
isspace
localeconv
localtime
malloc
memcmp
memcpy
memmove
memset
mktime
printf
putchar
puts
rand
realloc
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strftime
strlen
strncat
strncmp
strncpy
strrchr
strstr
strtok
strtol
swprintf
time
tolower
ungetc
vfprintf
wcscat
wcscmp
wcscpy
wcslen
wcsncpy

shell32

SHGetFolderPathA

user32

GetSystemMetrics

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
gethostname
htonl
htons
ioctlsocket
listen
ntohl
ntohs
recv
select
send
socket

libcurl

curl_easy_cleanup
curl_easy_init
curl_easy_perform
curl_easy_setopt
curl_formadd
curl_formfree
curl_global_cleanup
curl_global_init
curl_slist_append
curl_slist_free_all

Sections

.text
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 38KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d50dcd30d720727787c920750abcc838

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

68:a4:a0:cc:44:84:43:c2:88:a2:2a:91:d7:f8:21:26Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

88:76:c4:5d:62:47:c9:52:ed:24:d8:81:77:29:3c:31:aa:b8:f7:cbSigner

Headers

File Characteristics

Imports

winmm

advapi32

iphlpapi

kernel32

msvcrt

shell32

user32

ws2_32

libcurl

Sections

.text Size: 266KB - Virtual size: 266KB

.data Size: 4KB - Virtual size: 4KB

.rdata Size: 37KB - Virtual size: 37KB

/4 Size: 512B - Virtual size: 220B

.bss Size: - Virtual size: 38KB

.idata Size: 7KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 12KB - Virtual size: 12KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

68:a4:a0:cc:44:84:43:c2:88:a2:2a:91:d7:f8:21:26
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

88:76:c4:5d:62:47:c9:52:ed:24:d8:81:77:29:3c:31:aa:b8:f7:cb
Signer

.text
Size: 266KB - Virtual size: 266KB

.data
Size: 4KB - Virtual size: 4KB

.rdata
Size: 37KB - Virtual size: 37KB

/4
Size: 512B - Virtual size: 220B

.bss
Size: - Virtual size: 38KB

.idata
Size: 7KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 12KB - Virtual size: 12KB