ffbad8d6236fa6353e71726444d8209e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ffbad8d6236fa6353e71726444d8209e_JaffaCakes118
Size

264KB
MD5

ffbad8d6236fa6353e71726444d8209e
SHA1

f888de2ee66253c7c69c0cf0fa665d074f7915cc
SHA256

9e6a25e4dee9f25e1c2977ab3da35de040bf91d9f76a74cad0b2440a3e13f1d9
SHA512

25db5719bdf1d9a06206d5ca2f123cbf378c1f9decd70eb1792279ee03c380f4644c5c1f5f595e19a706b83b6eff647a0ea02c7189c579f44395e711ea39d6e1
SSDEEP

6144:X/JdISJWCpyvaWr1k36HETxosE6QxQfBxrgolr28l6hU9S:vJdISJWCIvaW1+1TGhf0bgl8l6hiS

Score

1^/10

Malware Config

Signatures

Files

ffbad8d6236fa6353e71726444d8209e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

46d15ce95132ba58114d1b4af8cf892a

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20/01/2010, 00:00

Not After

24/01/2012, 23:59

Subject

CN=BITDEFENDER LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BITDEFENDER LLC,L=Fort Lauderdale,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dd:de:b9:90:bd:c4:fe:d6:43:74:ac:3b:e3:fe:83:4c:27:c8:59:f3
Signer

Actual PE Digest

dd:de:b9:90:bd:c4:fe:d6:43:74:ac:3b:e3:fe:83:4c:27:c8:59:f3

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
ExitProcess
OpenFile
MulDiv
GetTempFileNameA
GetFullPathNameA
CopyFileExA
GetProcAddress
FindAtomW
GetLastError
SetComputerNameW

user32

EmptyClipboard
WinHelpA
CreateAcceleratorTableW
DialogBoxParamA
GetKeyState
GetFocus
GetMenuItemRect
GetMenu
EnumDesktopWindows
SetCursorPos
IsWindow
TrackPopupMenu
CharUpperW
EndMenu
CreateAcceleratorTableA
LoadIconW
GetMenuStringA
EnumChildWindows
GetDlgItemTextW
GetMenuStringW
GetDC
ArrangeIconicWindows
MessageBoxIndirectA
LoadMenuIndirectW
ActivateKeyboardLayout
LoadMenuA
BringWindowToTop
GetCapture
CreateDialogParamA
GetActiveWindow
CreateDialogParamW
CharUpperA
SetMenu
FindWindowW
WaitMessage
DefDlgProcA
InsertMenuW
LoadImageA
IsWindowEnabled
CreateMenu
SendDlgItemMessageA
PeekMessageW

gdi32

RestoreDC
LPtoDP
StretchDIBits
GetDCOrgEx
SetBitmapDimensionEx
AngleArc
GetGraphicsMode
CreateBitmapIndirect
OffsetWindowOrgEx
GetGlyphOutlineA

advapi32

RegQueryValueW
RegCreateKeyExA
RegRestoreKeyW

opengl32

glPixelZoom
glColor3s
glTexCoord4i
glTexCoord4s
glIsTexture
glInitNames
glLineWidth
glGetTexEnvfv

urlmon

BindAsyncMoniker
RegisterBindStatusCallback
CoInternetCompareUrl
CreateURLMonikerEx
URLDownloadToFileW

winspool.drv

DeletePrinter
OpenPrinterA

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ORFPGq
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dPz
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hf
Size: 1024B - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.auCle
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.JtMaq
Size: 1KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jNlvjB
Size: 1024B - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.roSqR
Size: 2KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jZRVJr
Size: 1024B - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46d15ce95132ba58114d1b4af8cf892a

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

dd:de:b9:90:bd:c4:fe:d6:43:74:ac:3b:e3:fe:83:4c:27:c8:59:f3Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

opengl32

urlmon

winspool.drv

Sections

.text Size: 12KB - Virtual size: 11KB

.ORFPGq Size: 512B - Virtual size: 4KB

.dPz Size: 1KB - Virtual size: 4KB

.hf Size: 1024B - Virtual size: 41KB

.auCle Size: 2KB - Virtual size: 12KB

.JtMaq Size: 1KB - Virtual size: 22KB

.jNlvjB Size: 1024B - Virtual size: 28KB

.roSqR Size: 2KB - Virtual size: 30KB

.data Size: 5KB - Virtual size: 4KB

.jZRVJr Size: 1024B - Virtual size: 275KB

.rsrc Size: 228KB - Virtual size: 227KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:2d:d6:1a:35:e6:5d:f6:29:97:01:ff:9b:e5:ca:44
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

dd:de:b9:90:bd:c4:fe:d6:43:74:ac:3b:e3:fe:83:4c:27:c8:59:f3
Signer

.text
Size: 12KB - Virtual size: 11KB

.ORFPGq
Size: 512B - Virtual size: 4KB

.dPz
Size: 1KB - Virtual size: 4KB

.hf
Size: 1024B - Virtual size: 41KB

.auCle
Size: 2KB - Virtual size: 12KB

.JtMaq
Size: 1KB - Virtual size: 22KB

.jNlvjB
Size: 1024B - Virtual size: 28KB

.roSqR
Size: 2KB - Virtual size: 30KB

.data
Size: 5KB - Virtual size: 4KB

.jZRVJr
Size: 1024B - Virtual size: 275KB

.rsrc
Size: 228KB - Virtual size: 227KB