fb2b92d00900a52901665ec5e0bdca07_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fb2b92d00900a52901665ec5e0bdca07_JaffaCakes118
Size

105KB
MD5

fb2b92d00900a52901665ec5e0bdca07
SHA1

1621301467443d0c8b616af2126a6b05838af82d
SHA256

85f52727f8de0d44acc6d3c4a83abd08ccbbe64d29072017e5b943a15c5edc0d
SHA512

51d5eefe7cf101c0573e9acc52aa9f063a9d3cfd75467ca4dcc227bd4f1d49b093b778f2cf438a4da566ecf318f75244fac561fbafd0cf074c09df3a111a4ae4
SSDEEP

3072:JZUFuthmo5bKmQ+BZfoRWQOCYdmZ5JAio:JuFzoNQ+zbcamQv

Score

1^/10

Malware Config

Signatures

Files

fb2b92d00900a52901665ec5e0bdca07_JaffaCakes118
.exe windows:3 windows x86 arch:x86

58065b9df8bfcf1176c1454e2b6c2b2c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:ef:4f:72:14:93:67:bc:c7:77:5d:00:00:90:9c:1d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

29-01-2010 00:00

Not After

30-01-2012 23:59

Subject

CN=VIRUSBLOKADA LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=VIRUSBLOKADA LTD.,L=Minsk,ST=none,C=BY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ee:71:2e:6e:74:81:15:0c:31:9f:aa:32:f5:b8:f4:e0:84:d9:e2:f5
Signer

Actual PE Digest

ee:71:2e:6e:74:81:15:0c:31:9f:aa:32:f5:b8:f4:e0:84:d9:e2:f5

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetUserDefaultLCID
GetACP
GetShortPathNameW
GetShortPathNameA
ConnectNamedPipe
GetEnvironmentStringsW
GetHandleInformation
InitializeCriticalSection
GetStartupInfoA
OpenMutexW
SystemTimeToFileTime
VirtualAlloc
DuplicateHandle
ExpandEnvironmentStringsW
HeapAlloc
GetSystemDirectoryW
lstrlenA
FileTimeToSystemTime
SetErrorMode
OpenFile
SetThreadPriority
lstrcpyW
LocalAlloc
GetProcessHeap
SleepEx
ReadDirectoryChangesW
CloseHandle
GetProcessHeap
GetModuleFileNameW
GetModuleHandleA
OpenSemaphoreA
lstrlenW
GlobalDeleteAtom
RemoveDirectoryA
OpenFile
CreateMutexA
GetSystemDefaultLangID
GetExitCodeThread
CreateMailslotW
GetLogicalDriveStringsW

user32

GetFocus
GetClassInfoW
CopyIcon
CopyImage
GetDlgItem
GetWindowTextA
MonitorFromPoint
GetDlgItemTextW
GetDlgItemInt
wsprintfA
InvalidateRect
CopyRect
WinHelpA
GetWindowDC
AppendMenuW
ShowCaret
EndDialog
DefFrameProcW
BringWindowToTop
EnumDesktopsA
CreateMenu
CreateWindowExW
CreateDialogIndirectParamA
wvsprintfW
PeekMessageA
MonitorFromRect
FillRect
GetMenuItemInfoA
DestroyCursor
mouse_event
GetClassInfoExA
GetClientRect
MoveWindow
EnableWindow

gdi32

RoundRect
GetTextExtentExPointW
SetICMProfileA
CopyMetaFileW
CreateDCW
ResetDCA
SetStretchBltMode
PatBlt
Polyline
SetBitmapBits
SetROP2
EnumFontFamiliesW
CreateDIBPatternBrushPt
GetKerningPairsW
LPtoDP
PolylineTo
ExtTextOutA
PlayEnhMetaFile
GetEnhMetaFileA

advapi32

RegDeleteKeyW
RegCreateKeyW

shlwapi

SHCreateThread
PathIsRootW
PathCombineW
ColorHLSToRGB

ole32

OleInitialize

oleaut32

VarDecRound

ws2_32

WSAConnect
listen
WSAEnumProtocolsW

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.code_01
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58065b9df8bfcf1176c1454e2b6c2b2c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

2b:ef:4f:72:14:93:67:bc:c7:77:5d:00:00:90:9c:1dCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

ee:71:2e:6e:74:81:15:0c:31:9f:aa:32:f5:b8:f4:e0:84:d9:e2:f5Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

ole32

oleaut32

ws2_32

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 3KB - Virtual size: 2KB

.code_01 Size: 3KB - Virtual size: 5KB

.rsrc Size: 85KB - Virtual size: 100KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

2b:ef:4f:72:14:93:67:bc:c7:77:5d:00:00:90:9c:1d
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

ee:71:2e:6e:74:81:15:0c:31:9f:aa:32:f5:b8:f4:e0:84:d9:e2:f5
Signer

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 3KB - Virtual size: 2KB

.code_01
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 85KB - Virtual size: 100KB