fbaf6e9fbe82f67b7f544f0971dc8e76_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fbaf6e9fbe82f67b7f544f0971dc8e76_JaffaCakes118
Size

241KB
MD5

fbaf6e9fbe82f67b7f544f0971dc8e76
SHA1

4e6559e4a0dc3f71824e2d740bdeffee5e949535
SHA256

e570f54cd1145a805a1ea836e173754135d6e0fddf781dcca4e1feb7384a41b6
SHA512

8a0926039c1186b61b06fe12b9ac6dbfd98e36c6acfefe629d47402626b92a2c2b80a2c431e5eee4b47e44500bda621255e8b7d054f2c56129ab93758fb4b9d8
SSDEEP

6144:Z3AyZmgKCd74RZMVxXY9iSKNC+sRKMcWdRFySMZvmX:Z31oNCiRZ0XjlNjswMpPFyS1

Score

1^/10

Malware Config

Signatures

Files

fbaf6e9fbe82f67b7f544f0971dc8e76_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a8368431071706472e7a5ed92ea45dfa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:a4:e3:40:b4:70:b6:9b:40:99:8f:7d:c4:94:d9:97
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24/11/2008, 00:00

Not After

06/01/2011, 23:59

Subject

CN=Trusteer,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Trusteer,L=Tel-Aviv,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c3:d3:52:4c:2b:5a:09:97:92:56:55:3d:4b:e5:e3:72:39:25:75:bf
Signer

Actual PE Digest

c3:d3:52:4c:2b:5a:09:97:92:56:55:3d:4b:e5:e3:72:39:25:75:bf

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FatalAppExitA
OpenEventW
SleepEx
GetModuleHandleA
lstrlen
CreateMailslotA
GetModuleFileNameA
GetEnvironmentVariableW
ExitProcess
ExpandEnvironmentStringsW
GetNumberFormatA
GetDateFormatW
CreateSemaphoreA
GetModuleHandleW
OpenMutexW
ReplaceFileA
CreateNamedPipeW
FindResourceW
GetModuleFileNameW
GetCurrentThread
SetLocaleInfoW
SystemTimeToFileTime
GetExitCodeProcess
GetHandleInformation
GetLogicalDrives
ReadDirectoryChangesW
SetCurrentDirectoryA
lstrcpynA
GetFileAttributesW
LocalAlloc
RemoveDirectoryW
GetLogicalDriveStringsA
CreatePipe
GetSystemDefaultLCID
GetCurrentProcess
GetStringTypeW
SetLocaleInfoA
GlobalGetAtomNameW
GetTempFileNameW
GetCalendarInfoW
GetCurrentDirectoryW
GetSystemInfo
GetSystemDirectoryW
lstrcatA
lstrlenA
GetProcAddress
GetTickCount
GetProcessHeap
EnumDateFormatsA
ExpandEnvironmentStringsA
SetCurrentDirectoryW
GetEnvironmentStringsA
GetOEMCP
GlobalGetAtomNameA
CreateMutexW
GetEnvironmentStringsW
lstrcmpA
GetLastError
SearchPathA
GetAtomNameA
CopyFileExA
GetTimeFormatW
IsValidLocale
MoveFileW
IsBadWritePtr
FindAtomW
GetStartupInfoW
QueryPerformanceCounter
OpenSemaphoreA
GetAtomNameW
GetUserDefaultLCID
OpenMutexA
SetCalendarInfoA
CreateDirectoryW
GetExpandedNameA
ReplaceFileW
GetLongPathNameW
IsBadStringPtrW
lstrcmp
FindAtomA
EnumTimeFormatsA
SetUnhandledExceptionFilter
lstrcpyW
GetSystemDefaultLangID
FindResourceA
TlsAlloc
CreateEventW
Beep
GetThreadPriority
CreateMutexA
GetDateFormatA
GetLocaleInfoA
IsValidCodePage
GlobalDeleteAtom
LoadLibraryExA
OpenWaitableTimerW
lstrcmpi
WaitForMultipleObjects
MulDiv
EnumCalendarInfoW
AddAtomA
HeapCreate
WaitForSingleObject
GetComputerNameA
GetWindowsDirectoryW
CopyFileA
FileTimeToLocalFileTime
DisconnectNamedPipe
CreateDirectoryA

user32

LoadImageA
InvalidateRgn
RegisterWindowMessageA
CreateWindowExA
wsprintfA
CreateDialogIndirectParamW
CopyRect
PeekMessageW
ShowCaret
GetCaretPos
IsDlgButtonChecked

shell32

SHBrowseForFolderW
StrCmpNW
SHGetFolderLocation
StrRChrIW
ShellExecuteA
SHCreateDirectory
SHBrowseForFolder
StrRChrIA
StrRStrW
SHGetFolderPathW

ole32

CoCreateInstance
CoGetCurrentProcess
OleCreate
CoCreateInstanceEx
OleCreateEx
IsValidIid
CoDeactivateObject
OleInitialize

version

GetFileVersionInfoSizeW
VerLanguageNameA
VerFindFileA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoA
VerInstallFileW

printui

RegisterPrintNotify
bFolderRefresh

crypt32

I_CryptGetTls
CryptSignMessage
CertGetEnhancedKeyUsage
CertEnumCertificateContextProperties
CryptQueryObject
CertFreeCTLContext
CryptMsgVerifyCountersignatureEncoded
I_CryptGetAsn1Encoder
CertFreeCRLContext
CertFindChainInStore
CryptSignHashU

Sections

.uO
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ZYkAdE
Size: 2KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Z
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.JJcT
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.g
Size: 1KB - Virtual size: 419KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.z
Size: 4KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.AkgS
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mrsuZ
Size: 13KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SPR
Size: 2KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8368431071706472e7a5ed92ea45dfa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

31:a4:e3:40:b4:70:b6:9b:40:99:8f:7d:c4:94:d9:97Certificate

Extended Key Usages

Key Usages

c3:d3:52:4c:2b:5a:09:97:92:56:55:3d:4b:e5:e3:72:39:25:75:bfSigner

Headers

File Characteristics

Imports

kernel32

user32

shell32

ole32

version

printui

crypt32

Sections

.uO Size: 8KB - Virtual size: 8KB

.ZYkAdE Size: 2KB - Virtual size: 40KB

.Z Size: 90KB - Virtual size: 90KB

.JJcT Size: 1024B - Virtual size: 4KB

.i Size: 12KB - Virtual size: 12KB

.g Size: 1KB - Virtual size: 419KB

.z Size: 4KB - Virtual size: 24KB

.AkgS Size: 88KB - Virtual size: 88KB

.mrsuZ Size: 13KB - Virtual size: 39KB

.SPR Size: 2KB - Virtual size: 143KB

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 1024B - Virtual size: 1024B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

31:a4:e3:40:b4:70:b6:9b:40:99:8f:7d:c4:94:d9:97
Certificate

c3:d3:52:4c:2b:5a:09:97:92:56:55:3d:4b:e5:e3:72:39:25:75:bf
Signer

.uO
Size: 8KB - Virtual size: 8KB

.ZYkAdE
Size: 2KB - Virtual size: 40KB

.Z
Size: 90KB - Virtual size: 90KB

.JJcT
Size: 1024B - Virtual size: 4KB

.i
Size: 12KB - Virtual size: 12KB

.g
Size: 1KB - Virtual size: 419KB

.z
Size: 4KB - Virtual size: 24KB

.AkgS
Size: 88KB - Virtual size: 88KB

.mrsuZ
Size: 13KB - Virtual size: 39KB

.SPR
Size: 2KB - Virtual size: 143KB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 1024B - Virtual size: 1024B