f6c9647107f06eaaf8d1ebbab0db781a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f6c9647107f06eaaf8d1ebbab0db781a_JaffaCakes118
Size

236KB
MD5

f6c9647107f06eaaf8d1ebbab0db781a
SHA1

cb81cbd1d0cbc8cdf4b490e602ddd2066900a1af
SHA256

b1cbe9fd19d2c2eaf7335c3aa2d43bfc7b6dee6dd56c4ad765c796fe024db79e
SHA512

a2e0681f6e5b60bbe25ed40225ce6484b900b049eeefe141c4586e0ede273cc6ef5d7c43625e72452350e295e0d838572ecbc279817369412b09de589cf2ad0d
SSDEEP

3072:NV+Xkc1c7FNmJPnfdsck8RG+xuDMsDWss3dK83GMJBjwrX/qdjfKAqHzBuixFUqY:NVP7fKlQIpp3GMUrv8jfnCzBuwFlEd

Score

1^/10

Malware Config

Signatures

Files

f6c9647107f06eaaf8d1ebbab0db781a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

768f3d8c4e672f2fe05745db9261c5bf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:b2:d3:c2:21:07:bc:a3:05:4c:66:a7:95:9f:1b:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/09/2009, 00:00

Not After

25/10/2012, 23:59

Subject

CN=Norman ASA,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarter,O=Norman ASA,L=Lysaker,ST=Oslo,C=NO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:67:53:73:de:b4:04:47:a8:e5:d6:5a:44:5c:84:85:1b:ae:e0:ee
Signer

Actual PE Digest

6d:67:53:73:de:b4:04:47:a8:e5:d6:5a:44:5c:84:85:1b:ae:e0:ee

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLogicalDriveStringsW
GetEnvironmentVariableW
OpenSemaphoreA
SearchPathA
QueryPerformanceFrequency
OpenEventW
lstrcpyn
GetLogicalDrives
OpenWaitableTimerW
CreatePipe
lstrlenA
GlobalGetAtomNameW
IsBadReadPtr
GetFileAttributesW
GetDiskFreeSpaceW
CreateMutexA
GetCurrentThread
GetTempFileNameW
GetDateFormatA
SetCalendarInfoW
GetSystemDirectoryA
GetTempPathW
GetLogicalDriveStringsA
GetProcAddress
GetWindowsDirectoryA
lstrcmp
GetUserDefaultLangID
GetCalendarInfoA
lstrlenW
GetVersion
LoadResource
GetTimeFormatA
GetFileAttributesA
FreeLibrary
GlobalAlloc
MulDiv
CreateSemaphoreW
lstrcmpi
ExitProcess
LoadLibraryExA
CreateNamedPipeA
GetTempFileNameA
GetShortPathNameA
GetModuleFileNameW
RemoveDirectoryA
GetThreadPriority
GetVolumeInformationA
GetLocalTime
ConnectNamedPipe
GetVolumeInformationW
Sleep

user32

PeekMessageA
OffsetRect
SetActiveWindow
IsWindow
CharUpperA
CreateAcceleratorTableW
SendDlgItemMessageW
SetDlgItemInt
SetCursor
LoadBitmapA
GetMenuItemID
LoadMenuIndirectA
ActivateKeyboardLayout
RegisterClassW
CopyRect
AppendMenuA
GetCapture
GetSystemMetrics
SetDlgItemTextA
MessageBoxW
SendDlgItemMessageA
GetForegroundWindow
LoadMenuA
ShowCursor
WaitForInputIdle
CopyIcon
RegisterClassA
GetClassInfoExA
SetTimer
TrackPopupMenuEx
LoadImageA
wsprintfA
MessageBoxIndirectW

gdi32

CreatePalette
CreateDIBSection
CreateFontIndirectA
DeleteObject
RemoveFontResourceW
CreateScalableFontResourceW
CreateFontW
CreateBitmap
CreateFontA
CreateHatchBrush
CreateICA

advapi32

NotifyChangeEventLog
SetSecurityDescriptorSacl
SystemFunction022
CryptEnumProviderTypesW
OpenServiceW
AddAuditAccessAce
CryptContextAddRef
GetAccessPermissionsForObjectW
CredWriteDomainCredentialsA
LsaQueryInfoTrustedDomain
WriteEncryptedFileRaw
OpenBackupEventLogA
LsaLookupPrivilegeName
DuplicateEncryptionInfoFile
WmiSetSingleItemA
LsaCreateTrustedDomainEx
RegEnumKeyExW
GetLocalManagedApplicationData
AllocateLocallyUniqueId
CreateProcessWithLogonW
WmiCloseBlock

shell32

StrRChrIW
ExtractAssociatedIconA

comdlg32

PrintDlgExW
PageSetupDlgA
GetFileTitleW
FindTextW
GetOpenFileNameW
GetSaveFileNameA
FindTextA
ReplaceTextW
PrintDlgExA
ChooseFontW

setupapi

InstallHinfSectionW
CMP_GetServerSideDeviceInstallFlags
SetupUninstallOEMInfW

ws2_32

recvfrom
htonl
gethostbyaddr
inet_ntoa
getpeername
inet_addr
WSAIoctl
send
WSAEnumNetworkEvents
WSACloseEvent
htons
WSACreateEvent
connect
getsockopt

winmm

CloseDriver
midiInReset
mixerGetNumDevs
waveOutSetPlaybackRate
waveInUnprepareHeader
waveInGetDevCapsA
joyConfigChanged
sndPlaySoundW
PlaySound
timeGetSystemTime

inetcomm

MimeOleGetRelatedSection
MimeOleCreateHashTable

Sections

.RWK
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BTxjpv
Size: 4KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jJjB
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aGm
Size: 4KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Zrl
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.jNjo
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.QKo
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eXb
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.I
Size: 1024B - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

768f3d8c4e672f2fe05745db9261c5bf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

5c:b2:d3:c2:21:07:bc:a3:05:4c:66:a7:95:9f:1b:5fCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

6d:67:53:73:de:b4:04:47:a8:e5:d6:5a:44:5c:84:85:1b:ae:e0:eeSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comdlg32

setupapi

ws2_32

winmm

inetcomm

Sections

.RWK Size: 3KB - Virtual size: 3KB

.BTxjpv Size: 4KB - Virtual size: 47KB

.jJjB Size: 91KB - Virtual size: 90KB

.aGm Size: 4KB - Virtual size: 61KB

.Zrl Size: 12KB - Virtual size: 12KB

.jNjo Size: 4KB - Virtual size: 8KB

.QKo Size: 92KB - Virtual size: 92KB

.eXb Size: 9KB - Virtual size: 17KB

.I Size: 1024B - Virtual size: 463KB

.rsrc Size: 8KB - Virtual size: 7KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

5c:b2:d3:c2:21:07:bc:a3:05:4c:66:a7:95:9f:1b:5f
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

6d:67:53:73:de:b4:04:47:a8:e5:d6:5a:44:5c:84:85:1b:ae:e0:ee
Signer

.RWK
Size: 3KB - Virtual size: 3KB

.BTxjpv
Size: 4KB - Virtual size: 47KB

.jJjB
Size: 91KB - Virtual size: 90KB

.aGm
Size: 4KB - Virtual size: 61KB

.Zrl
Size: 12KB - Virtual size: 12KB

.jNjo
Size: 4KB - Virtual size: 8KB

.QKo
Size: 92KB - Virtual size: 92KB

.eXb
Size: 9KB - Virtual size: 17KB

.I
Size: 1024B - Virtual size: 463KB

.rsrc
Size: 8KB - Virtual size: 7KB