fd5bb62af41f91f23fe361ef0d6e3f47_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fd5bb62af41f91f23fe361ef0d6e3f47_JaffaCakes118
Size

206KB
MD5

fd5bb62af41f91f23fe361ef0d6e3f47
SHA1

23b55272a8ab8df148628f354eb19237c5f95823
SHA256

f7e7c87ae8e12ce8637a320b82aae148cca3522accea526790a56c1e361febc1
SHA512

48157cca23b1b50008753b86e7f78f928d586e383d244077ea7b8426b852d21e31705d7df7259c0aa60c6edcbeeb12a7fac39c93d60a95f0a6fa7db624fba2d8
SSDEEP

6144:Z8m8ZQxowfp0cQjxveQxIbGUEwVF0dQE3s:+UowecuWQCbGUEc2m

Score

1^/10

Malware Config

Signatures

Files

fd5bb62af41f91f23fe361ef0d6e3f47_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0ae72b2e4e83fb9ac8e5a1a3a7d91317

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/09/2006, 00:00

Not After

18/12/2009, 23:59

Subject

CN=Agnitum Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Agnitum Ltd.,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

20:7d:a5:6a:dd:18:c5:5e:5e:0c:7f:7c:54:db:62:11:72:5e:e0:da
Signer

Actual PE Digest

20:7d:a5:6a:dd:18:c5:5e:5e:0c:7f:7c:54:db:62:11:72:5e:e0:da

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DisconnectNamedPipe
GetFileType
RaiseException
GetEnvironmentStringsA
GetStartupInfoW
MultiByteToWideChar
SetLocaleInfoW
WaitForMultipleObjects
Beep
LoadResource
GetPriorityClass
CreateFileMappingW
GetProcAddress
GetModuleHandleA
IsValidLocale
GetStringTypeW
SetPriorityClass
GetWindowsDirectoryW
RemoveDirectoryW
IsDebuggerPresent
GetEnvironmentVariableW
CreateFileW
CreateMailslotW
SleepEx
BeginUpdateResourceW
OpenMutexA
InitializeCriticalSection
CreatePipe
lstrcpynA
OpenWaitableTimerW
EnumCalendarInfoA
SearchPathW
OpenSemaphoreW
OpenProcess

user32

GetForegroundWindow
SendMessageW
CheckRadioButton
AppendMenuW
SetWindowTextA
SetWindowLongW
FlashWindow
GetClassLongW
ActivateKeyboardLayout
DefDlgProcW
SetFocus
MoveWindow
GetCaretPos
GetWindowTextA
FrameRect
GetDC
CharLowerA
GetClientRect
EnumWindows
DestroyIcon
GetSysColorBrush
GetClassInfoA
LoadImageW
GetWindowTextLengthW
TrackPopupMenuEx
ClientToScreen
LoadMenuW
CreatePopupMenu
DefFrameProcA
InsertMenuItemW
GetDC
GetAsyncKeyState
GetSystemMetrics
GetMenuItemCount
DestroyMenu
GetDlgItemTextW
FindWindowA
OffsetRect

gdi32

GetLogColorSpaceW
PtInRegion
AngleArc
GetGlyphIndicesW
GetCharABCWidthsA
StartPage
CreateCompatibleDC
SetBrushOrgEx
SetWindowExtEx
CreateDIBPatternBrushPt
SetStretchBltMode
DeleteDC
GetNearestColor
SetDeviceGammaRamp
GetTextCharacterExtra
GetViewportOrgEx
PlayEnhMetaFile

advapi32

RegCreateKeyExW
RegCreateKeyA
RegCreateKeyExA

oleaut32

VarBoolFromUI1
VarR4FromStr
VarI1FromUI4
VarI4FromStr
SafeArrayUnlock
SafeArrayCreateVector
DispGetIDsOfNames

sqlunirl

_EnumDisplaySettings_@12
_PageSetupDlg_@4
_ExpandEnvironmentStrings_@12
_RegSetValueEx_@24
_GetEnvironmentStrings_@4
_GetClassInfo@12
_GlobalAddAtom_@4
_CallWindowProc@20
_GetUserName@8
_FindWindow_@8
_GetClassName_@12
_RegOpenKeyEx_@20
_QueryServiceLockStatus_@16
_RegDeleteKey_@8
_NDdeSetTrustedShare_@12
_SetWindowText@8
_RegConnectRegistry_@12
_lstrcmp_@8
_GetCharABCWidths_@16

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.E
Size: 2KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.KO
Size: 2KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.N
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sJe
Size: 1024B - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zehKD
Size: 3KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.p
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.BgDu
Size: 1024B - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.W
Size: 1KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sLR
Size: 512B - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 950B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ae72b2e4e83fb9ac8e5a1a3a7d91317

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6Certificate

Extended Key Usages

Key Usages

20:7d:a5:6a:dd:18:c5:5e:5e:0c:7f:7c:54:db:62:11:72:5e:e0:daSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

oleaut32

sqlunirl

Sections

.text Size: 12KB - Virtual size: 12KB

.E Size: 2KB - Virtual size: 14KB

.KO Size: 2KB - Virtual size: 17KB

.N Size: 512B - Virtual size: 8KB

.sJe Size: 1024B - Virtual size: 28KB

.zehKD Size: 3KB - Virtual size: 41KB

.p Size: 1024B - Virtual size: 6KB

.BgDu Size: 1024B - Virtual size: 36KB

.data Size: 9KB - Virtual size: 8KB

.W Size: 1KB - Virtual size: 45KB

.sLR Size: 512B - Virtual size: 139KB

.rsrc Size: 165KB - Virtual size: 164KB

.reloc Size: 1024B - Virtual size: 950B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6
Certificate

20:7d:a5:6a:dd:18:c5:5e:5e:0c:7f:7c:54:db:62:11:72:5e:e0:da
Signer

.text
Size: 12KB - Virtual size: 12KB

.E
Size: 2KB - Virtual size: 14KB

.KO
Size: 2KB - Virtual size: 17KB

.N
Size: 512B - Virtual size: 8KB

.sJe
Size: 1024B - Virtual size: 28KB

.zehKD
Size: 3KB - Virtual size: 41KB

.p
Size: 1024B - Virtual size: 6KB

.BgDu
Size: 1024B - Virtual size: 36KB

.data
Size: 9KB - Virtual size: 8KB

.W
Size: 1KB - Virtual size: 45KB

.sLR
Size: 512B - Virtual size: 139KB

.rsrc
Size: 165KB - Virtual size: 164KB

.reloc
Size: 1024B - Virtual size: 950B