0635c0eb0a914509d7bf2214d10cb086_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0635c0eb0a914509d7bf2214d10cb086_JaffaCakes118
Size

728KB
MD5

0635c0eb0a914509d7bf2214d10cb086
SHA1

d31e7445c7deb0cde69978a9950af8e576175b2b
SHA256

14af916b79ffd4e24bef9b6879929b92e7658b93eec47c12b240cbac426b53e1
SHA512

2240819aabeb34e89925ce7bfea7fca8d38b4f51c552a457f9fd31439df053a54e8259f03f38ef9b5e29e359064856fb40321031f3839d89674a300d33659995
SSDEEP

12288:3brPF7MvbdKqvC1vbv1rC4IPufV1FYH7LbqjNC4TN7MCb1gyUwgtv9cVskSLlu:rrPJwC1vprDIPufvSH7qJzTdtb1Uu

Score

1^/10

Malware Config

Signatures

Files

0635c0eb0a914509d7bf2214d10cb086_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8fddc9a795d69975aab199723eeb6fb0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03-07-2007 00:00

Not After

02-07-2008 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=R&D,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

kernel32

GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
InitializeCriticalSection
CreateFileA
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
LoadLibraryA
GetCurrentDirectoryA
GetFullPathNameW
LCMapStringW
LCMapStringA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetLastError
GetLastError
CopyFileW
DeleteFileW
GetTempPathW
GetLongPathNameW
CreateFileW
CloseHandle
RemoveDirectoryW
SetCurrentDirectoryW
FindFirstFileW
FindClose
CreateDirectoryW
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
Sleep
HeapSize
ExitProcess
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
DeleteCriticalSection
IsValidCodePage
GetOEMCP
GetStringTypeW
LoadLibraryW
GetACP
GetCPInfo
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
GlobalAlloc
GetCommandLineW
FormatMessageW
GetCurrentThreadId
CreateProcessW
LocalFree
GlobalFree
MoveFileExW
SetFileAttributesW
GetTempFileNameW
InterlockedIncrement
InterlockedCompareExchange
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
Process32FirstW
GetCurrentProcessId
GetVersionExW
GetSystemInfo
Process32NextW
GetModuleHandleW
CreateToolhelp32Snapshot
FlushFileBuffers
GetFileSize
TlsFree
WriteFile
ReadFile
FindNextFileW
CreateMutexW
ReleaseMutex
OpenMutexW
WaitForSingleObject
GetProcAddress
SetFilePointer
FreeLibrary
GetTickCount
GlobalReAlloc
GlobalUnlock
GlobalLock
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
HeapAlloc
HeapFree
HeapReAlloc
GetVersionExA
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue

user32

DestroyAcceleratorTable
GetSystemMetrics
DestroyMenu
RegisterClassExW
LoadCursorW
LoadIconW
DispatchMessageW
TranslateMessage
SetCursor
SetCapture
SetTimer
KillTimer
PostMessageW
ReleaseCapture
GetCursorPos
DrawIconEx
GetClassLongW
CheckDlgButton
GetWindowTextLengthW
EnableWindow
EndDialog
DialogBoxParamW
CreateDialogParamW
DefWindowProcW
RegisterClassW
SetFocus
ScreenToClient
CreateWindowExW
GetSysColor
GetWindowTextW
FillRect
GetScrollInfo
ScrollWindow
GetWindowLongW
SetWindowLongW
SetScrollInfo
BeginPaint
EndPaint
IsDlgButtonChecked
GetSysColorBrush
OffsetRect
SetWindowPos
GetWindowRect
DrawTextW
GetDesktopWindow
PtInRect
SetCursorPos
SetRect
SetWindowRgn
UpdateLayeredWindow
GetCursor
IntersectRect
SubtractRect
MonitorFromPoint
GetMonitorInfoW
RedrawWindow
TrackMouseEvent
CallWindowProcW
InflateRect
InvalidateRect
GetDC
ReleaseDC
GetDlgCtrlID
MoveWindow
GetDlgItem
DestroyWindow
PostQuitMessage
MessageBoxW
SetWindowTextW
GetClientRect
GetMenu
EnableMenuItem
FindWindowW
IsIconic
ShowWindow
SetForegroundWindow
LoadMenuW
SetWindowPlacement
SetMenu
LoadAcceleratorsW
SendMessageW
UpdateWindow
GetMessageW
GetParent
GetClassNameW
TranslateAcceleratorW
IsDialogMessageW
GetWindowPlacement

gdi32

CombineRgn
GetPixel
StretchBlt
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
GetDeviceCaps
SetViewportOrgEx
CreatePen
CreateFontIndirectW
CreateSolidBrush
SelectObject
Rectangle
SetTextColor
SetBkMode
GetTextExtentPointW
OffsetRgn
GetStockObject
ExtCreateRegion
GetObjectW
MoveToEx
LineTo
TextOutW
CreateDIBSection
SetBkColor
SelectClipRgn
DeleteObject
EnumFontFamiliesExW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
ChooseColorW
GetFileTitleW

shell32

SHGetSpecialFolderPathW
DragAcceptFiles
DragFinish
SHFileOperationW
DragQueryFileW

ziplib

UnZip
ZipFolder

imm32

ImmDisableIME

msimg32

GradientFill
TransparentBlt
AlphaBlend

advapi32

BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey

Sections

.text
Size: 548KB - Virtual size: 545KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8fddc9a795d69975aab199723eeb6fb0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

comdlg32

shell32

ziplib

imm32

msimg32

advapi32

Sections

.text Size: 548KB - Virtual size: 545KB

.rdata Size: 128KB - Virtual size: 126KB

.data Size: 16KB - Virtual size: 26KB

.rsrc Size: 24KB - Virtual size: 20KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

07:3f:fb:87:6a:fa:34:33:91:1b:a4:b5:51:43:56:d1
Certificate

.text
Size: 548KB - Virtual size: 545KB

.rdata
Size: 128KB - Virtual size: 126KB

.data
Size: 16KB - Virtual size: 26KB

.rsrc
Size: 24KB - Virtual size: 20KB