fc06c8634d6fa7bcdd7c0743ef0f999d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fc06c8634d6fa7bcdd7c0743ef0f999d_JaffaCakes118
Size

283KB
MD5

fc06c8634d6fa7bcdd7c0743ef0f999d
SHA1

aae6e274fcd7a3a0f34eb8ad4ae5edb17c727df6
SHA256

8e0e9242cc809f141073ce0d749e1c099c98c0bd99acaa257c6077dc307cf3dd
SHA512

0b7fe975cc52a4c134a9491aa8cf6729319d0877998a8772d74fdaa73f824283af9cd4de4d89fb58ce098fdf98bfd67e69e2c1d771925bfb73873dab15dc4ea3
SSDEEP

6144:rQVCWcW3nfISJWCpyvaWr1k36HETxosE6QxQfBxrgolr28l6hU9M:rQpPISJWCIvaW1+1TGhf0bgl8l6hiM

Score

1^/10

Malware Config

Signatures

Files

fc06c8634d6fa7bcdd7c0743ef0f999d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d2f11ae86103e5effa6475dc94b41dc8

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20/01/2010, 00:00

Not After

24/01/2012, 23:59

Subject

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ba:c9:54:b5:bd:00:dc:2a:b3:39:ba:d8:e1:03:73:60:60:1f:bf:2c
Signer

Actual PE Digest

ba:c9:54:b5:bd:00:dc:2a:b3:39:ba:d8:e1:03:73:60:60:1f:bf:2c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumCalendarInfoW
GetDiskFreeSpaceW
GetLocaleInfoA
OpenWaitableTimerA
FindAtomA
FileTimeToDosDateTime
GetTempPathA
lstrcpynA
OpenSemaphoreW
GetCurrentDirectoryW
GetFileAttributesW
GetWindowsDirectoryW
TlsAlloc
QueryPerformanceCounter
CreateEventW
CreateDirectoryW
FindAtomW
ReadDirectoryChangesW
GetEnvironmentVariableW
OpenMutexA
LoadResource
GetFullPathNameA
GetFullPathNameW
lstrcmpA
GetVolumeInformationA
GetTempFileNameW
CompareStringA
GetAtomNameA
CreateSemaphoreW
AddAtomW
EndUpdateResourceA
EnumTimeFormatsA
GetACP
GetProcAddress
CreateMailslotW
OpenProcess
ConnectNamedPipe
lstrcmp
GetCPInfo
Beep

user32

GetDlgItem
UnregisterClassA
LoadMenuA
wsprintfA
InsertMenuA
MoveWindow
GetKeyboardType
AppendMenuW
LoadCursorA
DrawTextA
CopyIcon
DeleteMenu
IsWindowEnabled
ArrangeIconicWindows
PostQuitMessage
SetDlgItemTextW
GetDC
LoadImageW
SetTimer
CloseWindow
GetSubMenu
RegisterClassA
DefFrameProcW
PeekMessageW
SetDlgItemInt
TrackPopupMenu
wvsprintfW
EnumClipboardFormats
ReleaseDC
LoadCursorW
EnumDesktopsW
GetClassNameW
ClientToScreen
GetMenuState
GetCapture
DestroyWindow
UpdateLayeredWindow
EnableMenuItem
DialogBoxParamW
ActivateKeyboardLayout
EmptyClipboard
GetDlgItemTextW
GetKeyState
GetDesktopWindow
GetMenuInfo
LoadIconA

gdi32

RoundRect
GetPolyFillMode
StartDocA
RemoveFontResourceExA
GetBkColor
CopyEnhMetaFileA
GetNearestColor
DPtoLP
GetLayout
EnumObjects
EnumEnhMetaFile
CreateRoundRectRgn
GetMapMode
FillRgn
ResetDCW
SetDCBrushColor

advapi32

RegCreateKeyExW
RegCreateKeyA
RegOpenKeyA
RegDeleteValueW
RegOpenKeyExA

shell32

SHGetFileInfoA

shlwapi

SHGetValueA

oleaut32

VariantChangeTypeEx
SafeArrayGetDim
VarDecFromI2
VarBstrFromBool
VarR8FromBool

opengl32

glVertex3iv
glRasterPos4d
glVertex3i
glFogfv
wglGetProcAddress
glRasterPos2dv
glIndexPointer
glNormal3dv
glTexEnvfv
glPopName
glTexCoord4iv
glVertex3dv
glTexCoord4s
glIndexub

urlmon

CompareSecurityIds
CreateAsyncBindCtxEx
GetMarkOfTheWeb
CreateFormatEnumerator
URLDownloadW
CDLGetLongPathNameA
URLDownloadToCacheFileA
CoInternetGetSecurityUrl
URLOpenPullStreamW
PrivateCoInstall
URLDownloadToCacheFileW

winmm

waveOutGetPitch

sqlunirl

_MessageBoxEx_@20
_CreateMailslot_@16
_VkKeyScanEx_@8
_GetCurrentHwProfile_@4
_GetWindowTextLength@4
_IsCharLower_@4
_CreateStatusWindow_@16
_RemoveFontResource_@4
_GetVolumeInformation_@32
_ClearEventLog_@8
_RegCreateKeyEx_@36
_WriteConsoleInput_@16
_QueryServiceConfig_@16
_GetClassInfo@12
newMultiByteFromWideCharSize
_CommDlg_OpenSave_GetSpec@12
_CharToOem_@8
_LoadImage_@24
_GetCommandLine_@0
_RegisterClassEx_@4
_GetModuleFileName@12

wsock32

accept
WSASetBlockingHook
GetAddressByNameA
getsockname
GetTypeByNameW
inet_addr

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itcOXE
Size: 512B - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gX
Size: 1024B - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wXjPSi
Size: 1KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qItkO
Size: 5KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.iSoDRS
Size: 2KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CA
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aS
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kVa
Size: 2KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fAa
Size: 1KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.uD
Size: 1024B - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2f11ae86103e5effa6475dc94b41dc8

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

ba:c9:54:b5:bd:00:dc:2a:b3:39:ba:d8:e1:03:73:60:60:1f:bf:2cSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

oleaut32

opengl32

urlmon

winmm

sqlunirl

wsock32

Sections

.text Size: 10KB - Virtual size: 10KB

.itcOXE Size: 512B - Virtual size: 35KB

.gX Size: 1024B - Virtual size: 34KB

.wXjPSi Size: 1KB - Virtual size: 14KB

.qItkO Size: 5KB - Virtual size: 50KB

.iSoDRS Size: 2KB - Virtual size: 31KB

.CA Size: 2KB - Virtual size: 7KB

.data Size: 16KB - Virtual size: 16KB

.aS Size: 2KB - Virtual size: 19KB

.kVa Size: 2KB - Virtual size: 9KB

.fAa Size: 1KB - Virtual size: 32KB

.uD Size: 1024B - Virtual size: 204KB

.rsrc Size: 229KB - Virtual size: 228KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

ba:c9:54:b5:bd:00:dc:2a:b3:39:ba:d8:e1:03:73:60:60:1f:bf:2c
Signer

.text
Size: 10KB - Virtual size: 10KB

.itcOXE
Size: 512B - Virtual size: 35KB

.gX
Size: 1024B - Virtual size: 34KB

.wXjPSi
Size: 1KB - Virtual size: 14KB

.qItkO
Size: 5KB - Virtual size: 50KB

.iSoDRS
Size: 2KB - Virtual size: 31KB

.CA
Size: 2KB - Virtual size: 7KB

.data
Size: 16KB - Virtual size: 16KB

.aS
Size: 2KB - Virtual size: 19KB

.kVa
Size: 2KB - Virtual size: 9KB

.fAa
Size: 1KB - Virtual size: 32KB

.uD
Size: 1024B - Virtual size: 204KB

.rsrc
Size: 229KB - Virtual size: 228KB