f6ae0dba57eb2c71aff7016be618922b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f6ae0dba57eb2c71aff7016be618922b_JaffaCakes118
Size

161KB
MD5

f6ae0dba57eb2c71aff7016be618922b
SHA1

20bf53d3ac72dd84aed8dc94f9b66dc078508b49
SHA256

e8307e1d777b843d286b7c91b081252610c1cce62aea8a4593e0c766a4049047
SHA512

467cdf867f585c17bed0e613300c8d58a223ab5eb5f39a028d12d9cf0c35a0e273711b992a714162fc44c7fae79538b492b17d257cab362e9039f469458c776c
SSDEEP

3072:R/XOOZ6V6IW5Y61RwPQEiWOAY1nbUuS0xXFOfZlNp3pHt/:R/eO+ki63tVOY1NnVOhPp3pHt/

Score

1^/10

Malware Config

Signatures

Files

f6ae0dba57eb2c71aff7016be618922b_JaffaCakes118
.exe windows:0 windows x86 arch:x86

3c67d7f24142092e57e2be414f1f8dcb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:44:68:3e:8f:d5:c1:e3:94:85:de:55:8e:87:77:79
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

05/08/2009, 00:00

Not After

18/08/2010, 23:59

Subject

CN=Immunet Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Immunet Corporation,L=Woodside,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:1e:47:7b:0b:35:f3:a4:04:09:da:80:bb:42:de:db:60:c9:9b:4a
Signer

Actual PE Digest

b9:1e:47:7b:0b:35:f3:a4:04:09:da:80:bb:42:de:db:60:c9:9b:4a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_onexit
srand
wcsncat
_cexit
exit
_acmdln
_controlfp
wcsncpy
_c_exit
_wcsicmp
__getmainargs
_wcsnicmp
fflush
fopen
__dllonexit
vfprintf
_initterm
_vsnprintf
__setusermatherr
fputs
_XcptFilter
swprintf
wcslen
__set_app_type
fclose
_exit
wcstok

kernel32

CreateTimerQueue
_lwrite
SetConsoleCP
HeapAlloc
GetDefaultCommConfigW
VerifyVersionInfoA
OpenEventW
GetConsoleAliasExesA
UnmapViewOfFile
SetEvent
lstrcpyn
GetModuleHandleA
FindResourceW
RtlCaptureContext
GetStdHandle
TermsrvAppInstallMode
QueryPerformanceCounter
GetLongPathNameW
GetCurrentProcess
GetModuleHandleW
GetBinaryType
lstrcpyW
GetThreadLocale
GetSystemDefaultLangID
GetProcessHeap
GetCommConfig
ReadConsoleOutputCharacterW
SetLastError
VirtualAlloc
SetUnhandledExceptionFilter
ReleaseMutex
GenerateConsoleCtrlEvent
RemoveLocalAlternateComputerNameW
CreateToolhelp32Snapshot
EnterCriticalSection
HeapSize
GetConsoleCommandHistoryLengthW
InitializeCriticalSection
LeaveCriticalSection
TerminateProcess
HeapFree
GetTickCount
GetLogicalDrives
GetLastError
EnumResourceTypesA
CreateActCtxW
SetFileAttributesW
CreateFileMappingW
VirtualLock
DeleteFileW
BaseFlushAppcompatCache
GetSystemTimeAsFileTime
Sleep
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
lstrcpyA
EnumCalendarInfoW
CreateProcessW
InitAtomTable
GetSystemWindowsDirectoryW
MapViewOfFile
SetFileApisToANSI
GetExitCodeThread
GetWriteWatch
CreateEventW
GetConsoleCommandHistoryW
LocalAlloc
UpdateResourceW
AttachConsole
GetStartupInfoA
OpenProfileUserMapping
SetFirmwareEnvironmentVariableW
GetCurrentProcessId
DebugBreak
SetConsoleMaximumWindowSize
WaitForMultipleObjects
GetDateFormatA
Process32NextW
FindFirstFileExW
WaitForSingleObject
IsValidCodePage
GetTapeStatus
UnhandledExceptionFilter
GlobalSize
CloseHandle
ReadConsoleA
GetCommandLineW
GetConsoleKeyboardLayoutNameW
PulseEvent
FlushConsoleInputBuffer
SetSystemPowerState
SetConsoleHardwareState
OpenFileMappingW
ReadDirectoryChangesW
SetComputerNameExA
GetProfileSectionW
TerminateThread
FreeLibrary
HeapFree
GetTimeZoneInformation
CreateMutexW
SetConsoleOS2OemFormat
GetDefaultCommConfigA
GetVersionExW
SetHandleCount

user32

GetDC
ReleaseDC
BeginPaint
GetSystemMetrics
DefWindowProcW
GetDesktopWindow
SendDlgItemMessageW
MessageBoxW
GetWindowThreadProcessId
RegisterClassW
PostMessageW
GetWindowLongW
LoadIconW
LoadCursorW
SendMessageW
IsWindow
SetForegroundWindow
GetParent
GetClassNameW
EndDialog
SetWindowLongW
SetWindowPos
EnableWindow
UnregisterClassW
SystemParametersInfoW
LoadStringW
DialogBoxParamW
GetClientRect
EnumWindows
GetWindowRect
EndPaint
InvalidateRgn

winmm

mixerGetID
timeGetTime
waveInGetDevCapsA
waveOutSetVolume
waveOutGetVolume
waveOutGetDevCapsA
waveInGetDevCapsW
waveOutGetDevCapsW
PlaySoundW

ole32

StringFromGUID2
CoUninitialize
CoCreateInstance
CoInitializeEx

advapi32

RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegFlushKey

gdi32

CreateSolidBrush
DeleteObject
CreatePen
MoveToEx
LineTo
Rectangle
GetStockObject
GetDeviceCaps
CreateFontIndirectW
SelectObject

dsound

ord1

comctl32

ord17
CreatePropertySheetPageW

msi

MsiConfigureProductExW
MsiPreviewBillboardA
MsiReinstallProductW
MsiGetFeatureUsageA
MsiSourceListClearAllW
MsiProvideComponentA
MsiGetShortcutTargetW
MsiDetermineApplicablePatchesA
MsiOpenPackageW
MsiCreateTransformSummaryInfoA
MsiEnumComponentQualifiersA
MsiInstallProductW
MsiReinstallFeatureA
DllGetClassObject
MsiSourceListClearMediaDiskW
MsiSourceListClearSourceW
MsiViewGetColumnInfo
MsiSetExternalUIW
MsiEnumProductsExW
MsiQueryFeatureStateFromDescriptorW
MsiGetProductPropertyA
MsiSourceListForceResolutionExW
MsiGetProductInfoExA
MsiGetFeatureUsageW
MsiAdvertiseProductA
MsiCreateRecord
MsiAdvertiseScriptW
MsiSummaryInfoGetPropertyCount
MsiEvaluateConditionW
MsiLoadStringW
MsiApplyMultiplePatchesA
MsiEnumPatchesA
MsiOpenDatabaseA
MsiEnumRelatedProductsA
MsiDatabaseIsTablePersistentA
MsiRecordSetStreamA

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.k
Size: 2KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BBfPCE
Size: 1KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c67d7f24142092e57e2be414f1f8dcb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1e:44:68:3e:8f:d5:c1:e3:94:85:de:55:8e:87:77:79Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

b9:1e:47:7b:0b:35:f3:a4:04:09:da:80:bb:42:de:db:60:c9:9b:4aSigner

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

winmm

ole32

advapi32

gdi32

dsound

comctl32

msi

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 7KB - Virtual size: 6KB

.k Size: 2KB - Virtual size: 35KB

.data Size: 11KB - Virtual size: 103KB

.BBfPCE Size: 1KB - Virtual size: 49KB

.rsrc Size: 106KB - Virtual size: 106KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1e:44:68:3e:8f:d5:c1:e3:94:85:de:55:8e:87:77:79
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

b9:1e:47:7b:0b:35:f3:a4:04:09:da:80:bb:42:de:db:60:c9:9b:4a
Signer

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 7KB - Virtual size: 6KB

.k
Size: 2KB - Virtual size: 35KB

.data
Size: 11KB - Virtual size: 103KB

.BBfPCE
Size: 1KB - Virtual size: 49KB

.rsrc
Size: 106KB - Virtual size: 106KB