042af6d24b0e65d1d1803f139996f6d8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

042af6d24b0e65d1d1803f139996f6d8_JaffaCakes118
Size

392KB
MD5

042af6d24b0e65d1d1803f139996f6d8
SHA1

7668d4d9f6f7d38cc40f73d875e93b1fc4abed4c
SHA256

4fbc7d7351a463579db016e11d3eb253b7e33dd2a080bc56df2ec24119429d98
SHA512

e3c64ac3dc214fe29a4f444f7e13ab48bb1be4d5b8c4b8d2ee08332e52d10ea83e6855a281a6aa7b81dc48e0d2e1d04fef2f84b360462b44923c72d80f5d2d20
SSDEEP

6144:QYSJJDTkVKPNmLPRQyKM6vn1b9V5BC564ubYe5t:QYkJDTkVKPoLPRQyKj/x9V5k8jk

Score

1^/10

Malware Config

Signatures

Files

042af6d24b0e65d1d1803f139996f6d8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1160f0e7ef962b250dee22339438aa2f

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26-01-2010 00:00

Not After

25-01-2013 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ed:c6:6e:66:f2:cb:7b:e6:0c:8c:17:84:dd:34:9c:2b:58:d8:97:7b
Signer

Actual PE Digest

ed:c6:6e:66:f2:cb:7b:e6:0c:8c:17:84:dd:34:9c:2b:58:d8:97:7b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringW
GetCommandLineW
CloseHandle
CreateProcessW
GetLastError
WaitForSingleObject
TerminateProcess
Sleep
SetFileAttributesW
GetFileAttributesW
Process32NextW
lstrlenA
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
MultiByteToWideChar
FindClose
FindNextFileW
FindFirstFileW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
MoveFileExW
SetLastError
CreateDirectoryW
GetModuleFileNameW
GetModuleHandleW
DeleteFileW
lstrlenW
WideCharToMultiByte
GetLongPathNameW
Module32FirstW
GetCurrentProcessId
CreateFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetProcessTimes
GetCurrentProcess
GetCurrentThreadId
GetLocalTime
WriteFile
SetFilePointer
GetPrivateProfileStringW
WritePrivateProfileStringW
ExitProcess
GenerateConsoleCtrlEvent
CopyFileA
CreateDirectoryA
GetFileAttributesA
GetFileSize
FlushFileBuffers
ReadFile
DeleteFileA
CreateFileA
UnlockFileEx
UnlockFile
LockFileEx
LockFile
Module32First
GetVersionExA
GetTickCount
GetSystemTimeAsFileTime
GetProcAddress
LoadLibraryA
SetEndOfFile
Process32Next
Process32First
GetSystemInfo
SleepEx
GetStartupInfoW

user32

MessageBoxW

shell32

SHFileOperationW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitialize

psapi

GetModuleFileNameExA
GetModuleFileNameExW

ws2_32

closesocket
send
WSAStartup
gethostbyname
getsockopt
ntohs
__WSAFDIsSet
select
inet_addr
inet_ntoa
recv
accept
connect
htonl
ntohl
WSACleanup
socket
setsockopt
ioctlsocket
listen
bind
WSAGetLastError
htons

shlwapi

PathFileExistsW

msvcrt

strlen
_wcsicmp
_waccess
memcpy
_snprintf
_snwprintf
wcsstr
wcsrchr
memmove
wcstok
localtime
time
strncpy
free
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
malloc
rand
srand
calloc
_ftol
_stricmp
strchr
strtol
strtod
atof
toupper
mbstowcs
setlocale
wcstombs
tolower
_pctype
_isctype
__mb_cur_max
mktime
fprintf
vfprintf
_vsnprintf
strrchr
__dllonexit
_onexit
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
_controlfp
??2@YAPAXI@Z
_wtoi
memset
_vsnwprintf
_wcslwr
wcsncat
wcslen
wcsncpy
__CxxFrameHandler
wcschr
_strdup
strspn
atoi
memchr
strstr
_errno
asctime
gmtime
_lseeki64
_pipe
_popen
_pclose
getenv
_get_osfhandle
_fullpath
signal
fclose
fflush
fopen
fscanf
_mkdir
_stat
_fstat
_iob
sprintf
_strnicmp
_utime
_close
_open

winmm

timeSetEvent
timeBeginPeriod
timeGetDevCaps
timeKillEvent

Sections

.text
Size: 192KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

I
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1160f0e7ef962b250dee22339438aa2f

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

ed:c6:6e:66:f2:cb:7b:e6:0c:8c:17:84:dd:34:9c:2b:58:d8:97:7bSigner

Headers

File Characteristics

Imports

kernel32

user32

shell32

ole32

psapi

ws2_32

shlwapi

msvcrt

winmm

Sections

.text Size: 192KB - Virtual size: 189KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 60KB - Virtual size: 65KB

.idata Size: 8KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 5KB

I Size: 92KB - Virtual size: 92KB

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

ed:c6:6e:66:f2:cb:7b:e6:0c:8c:17:84:dd:34:9c:2b:58:d8:97:7b
Signer

.text
Size: 192KB - Virtual size: 189KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 60KB - Virtual size: 65KB

.idata
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 5KB

I
Size: 92KB - Virtual size: 92KB