004347b7576269b6eaa360cb6f4429b9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

004347b7576269b6eaa360cb6f4429b9_JaffaCakes118
Size

65KB
MD5

004347b7576269b6eaa360cb6f4429b9
SHA1

dd44c04cbbc7b76a572e94db27ee313d24ce472f
SHA256

cdc1fb7e34566a7973ce9827764f0658e68e55f047516125f0882b057a0f9e66
SHA512

b07631cbb497198dfaa19a0d8f2cbc6d455bd422d012a47b85233a59fa2da1abcb554e6b152185a3372aed4156904318727906cbc97403d1a382e1fb7cbc1672
SSDEEP

1536:vvVfqzlledc/HrFisKldhRP5XzZNqPz4b6isKldh:vvVfqzlv/LSdRPBzZwWd

Score

1^/10

Malware Config

Signatures

Files

004347b7576269b6eaa360cb6f4429b9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a733117399418d01a86b31d71453d334

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:3d:aa:c8:15:f6:78:99:99:22:3a:80:83:b4:4b:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

25/05/2009, 00:00

Not After

14/07/2012, 23:59

Subject

CN=Sun Microsystems\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Sun Microsystems,O=Sun Microsystems\, Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority - G2+OU=(c) 1998 VeriSign\, Inc. - For authorized use only+OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US

Not Before

01/04/2009, 00:00

Not After

31/03/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILD_~1\jdk6_16\control\build\WINDOW~1\tmp\Activation\com.sun.corba.se.impl.activation\orbd\obj\orbd.pdb

Imports

jli

JLI_ExactVersionId
JLI_JarUnpackFile
JLI_StringDup
JLI_ParseManifest
JLI_ValidVersionString
JLI_AcceptableRelease
JLI_FreeManifest
JLI_MemAlloc
JLI_MemFree

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegEnumKeyA

msvcr71

strcat
strcpy
strcmp
getenv
memset
_iob
fprintf
fclose
fwrite
fread
fopen
strrchr
strspn
printf
fgets
strchr
strerror
_errno
_strnicmp
_putenv
_beginthreadex
_access
_c_exit
_exit
_XcptFilter
_cexit
__p___initenv
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
exit
sprintf
memcpy
strncmp
sscanf
strlen
_stat
strcspn
fflush

kernel32

GetProcAddress
GetExitCodeThread
LoadLibraryA
GetCommandLineA
CreateProcessA
GetModuleHandleA
CloseHandle
FreeLibrary
WaitForSingleObject
GetLastError
FormatMessageA
LocalFree
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameA
GetExitCodeProcess

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a733117399418d01a86b31d71453d334

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0f:3d:aa:c8:15:f6:78:99:99:22:3a:80:83:b4:4b:f5Certificate

Extended Key Usages

Key Usages

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1aCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

jli

advapi32

msvcr71

kernel32

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 188B

.rsrc Size: 40KB - Virtual size: 40KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0f:3d:aa:c8:15:f6:78:99:99:22:3a:80:83:b4:4b:f5
Certificate

2e:ae:b6:82:86:63:fe:d9:75:55:f8:fe:24:f3:3b:1a
Certificate

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 188B

.rsrc
Size: 40KB - Virtual size: 40KB