0489f3941530aaec65c2a9acd5eb8d85_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0489f3941530aaec65c2a9acd5eb8d85_JaffaCakes118
Size

115KB
MD5

0489f3941530aaec65c2a9acd5eb8d85
SHA1

25208f559a531db24c49168a300d17e7f03807e5
SHA256

72932d2a3ca9ed82778a3b7f0b44399323efba2d6e1102c9237536f497813384
SHA512

752302b6d1cf4cda127c4bb0d24b99b3d9946a4632d70d550c1205cec94b1fa959ce192f02fb0aef9102aa907a876685f0b3618a64e9b386278c2f28aebc1218
SSDEEP

1536:L6hPdTy1H7fz35VM9YuNatamqzeTlHjDzVuwNGr8FRu7wyt7uNzZ9dloQP:LsPdTy5nM91athzcrc63uNzZ/loQP

Score

1^/10

Malware Config

Signatures

Files

0489f3941530aaec65c2a9acd5eb8d85_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5478206c5c983253c74345d5fd0ec74b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:00:26:b7:ae:29:96:3b:60:8d:61:91:1b:77:1e:16
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/05/2012, 00:00

Not After

10/08/2015, 23:59

Subject

CN=Beijing Rising Information Technology Corporation Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Rising Information Technology Corporation Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e6:ed:59:56:d5:0e:04:99:ae:91:ee:ba:df:8e:53:d9:20:92:e7:cb
Signer

Actual PE Digest

e6:ed:59:56:d5:0e:04:99:ae:91:ee:ba:df:8e:53:d9:20:92:e7:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\DistributedAutoLink\Temp\CompileOutputDir\reliverav.pdb

Imports

kernel32

GetLocalTime
Sleep
GetCurrentProcessId
GetModuleFileNameA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
WriteFile
SetFilePointer
MoveFileA
DeleteFileA
SetFileAttributesA
CloseHandle
GetFileSize
CreateFileA
GetCurrentThreadId
OutputDebugStringA
GetTickCount
GetLastError
CreateMutexA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiA
CompareStringA
CompareStringW
GetEnvironmentVariableA
lstrcpynA
GetCurrentThread
GetCurrentProcess
SetPriorityClass
GetShortPathNameA
GetModuleHandleA
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
IsBadWritePtr
GetWindowsDirectoryA
WritePrivateProfileStringA
CreateProcessA
OpenMutexA
SetLastError
GetModuleFileNameW
GetWindowsDirectoryW
CopyFileW
GetTempPathA
CancelWaitableTimer
WaitForSingleObject
SetWaitableTimer
CreateWaitableTimerA
CreateDirectoryA
SetFileTime
SystemTimeToFileTime
SetEndOfFile
FlushFileBuffers
FileTimeToSystemTime
FindClose
FindFirstFileA
ReadFile
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeLibrary
lstrcpyA
lstrlenA
lstrcatA
LoadLibraryA
SetThreadPriority
GetProcAddress
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
SetUnhandledExceptionFilter
TerminateProcess
VirtualFree
HeapCreate
GetCPInfo
GetOEMCP
QueryPerformanceCounter
GetCommandLineA
GetDateFormatA
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
ExitProcess
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetFileAttributesA
GetSystemTimeAsFileTime
GetTimeFormatA
SetEnvironmentVariableA

user32

CharUpperA
IsWindow
FindWindowA
SendMessageA

advapi32

RegSetValueExW
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

shell32

ShellExecuteExA
SHChangeNotify

shlwapi

PathSkipRootA
PathRemoveFileSpecA
PathFileExistsA

wininet

HttpSendRequestA
HttpAddRequestHeadersA
HttpQueryInfoA
InternetReadFile
InternetCrackUrlA
InternetSetOptionA
InternetCloseHandle
InternetAttemptConnect
InternetConnectA
HttpOpenRequestA
InternetOpenA

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5478206c5c983253c74345d5fd0ec74b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

41:00:26:b7:ae:29:96:3b:60:8d:61:91:1b:77:1e:16Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

e6:ed:59:56:d5:0e:04:99:ae:91:ee:ba:df:8e:53:d9:20:92:e7:cbSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

shlwapi

wininet

Sections

.text Size: 80KB - Virtual size: 77KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

41:00:26:b7:ae:29:96:3b:60:8d:61:91:1b:77:1e:16
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

e6:ed:59:56:d5:0e:04:99:ae:91:ee:ba:df:8e:53:d9:20:92:e7:cb
Signer

.text
Size: 80KB - Virtual size: 77KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 2KB