0699a39f8e94c834b0aa356e9092c2ef_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0699a39f8e94c834b0aa356e9092c2ef_JaffaCakes118
Size

65KB
MD5

0699a39f8e94c834b0aa356e9092c2ef
SHA1

e653b7e7004350ab94bddd98b40d86f0f9418ce0
SHA256

76595a7db99f8b9d90f423a0b833c4d04a67c432ddd5ab65cc0f69a2ac44cd36
SHA512

59eeced73a92e8aaf28dfa24474fa5b9ae7874a3bb0491bf825fd9357ff42a453ac94269942f834662224df0cff908330a463dcdb7e18729eba41ec8cb773bac
SSDEEP

768:Cz3Mfz6JrSM+h9ooJlZ6jtvhrJ+D+B0eLqSft8kjMiJ38KQCVULWQbCi:jz65YrxZ67rJWktVaiJ38+VUaECi

Score

1^/10

Malware Config

Signatures

Files

0699a39f8e94c834b0aa356e9092c2ef_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b1c84e6836e0f576436b4de2b8b1dbec

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19/11/2009, 00:00

Not After

18/11/2012, 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ba:55:4e:e1:4e:6e:c2:c3:46:45:f6:56:36:37:d9:d0:54:c0:ef:d3
Signer

Actual PE Digest

ba:55:4e:e1:4e:6e:c2:c3:46:45:f6:56:36:37:d9:d0:54:c0:ef:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2614
ord861
ord924
ord858
ord939
ord2818
ord537
ord540
ord823
ord860
ord825
ord535
ord800

msvcrt

__RTDynamicCast
wcslen
_wtol
atoi
_mbsicmp
__p___argc
__p___argv
_strdup
isalnum
isspace
strtoul
memcmp
memset
_itoa
_strnicmp
free
malloc
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_mbscmp
sprintf
__CxxFrameHandler
_mbsnicmp
_mbsspn
_mbscspn
strlen
memcpy
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_mbsnbcpy
_acmdln
_stricmp

kernel32

GetTempPathA
lstrlenW
GetTempFileNameA
GetProcAddress
LoadLibraryA
lstrcpyA
CreateProcessA
GetEnvironmentVariableA
OutputDebugStringA
GetLastError
MultiByteToWideChar
lstrlenA
FreeLibrary
GetStartupInfoA
Sleep
GetModuleHandleA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
CopyFileA
WideCharToMultiByte

user32

CharNextA
TranslateMessage
DispatchMessageA
wsprintfA
IsWindow
PostMessageA
EndDialog
PostQuitMessage
DefWindowProcA
CreateWindowExA
ShowWindow
UpdateWindow
LoadCursorA
RegisterClassExA
GetMessageA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA

shell32

ShellExecuteA

ole32

CoTaskMemAlloc
CreateBindCtx
CoTaskMemFree
CoInitialize

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString

urlmon

RegisterBindStatusCallback
RevokeBindStatusCallback
CreateURLMoniker

msvcp60

??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ

wininet

InternetCrackUrlA

shlwapi

StrStrIW
PathFindExtensionA
PathFindFileNameA
PathAppendA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1c84e6836e0f576436b4de2b8b1dbec

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65Certificate

Extended Key Usages

Key Usages

ba:55:4e:e1:4e:6e:c2:c3:46:45:f6:56:36:37:d9:d0:54:c0:ef:d3Signer

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

urlmon

msvcp60

wininet

shlwapi

version

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 940B

.rsrc Size: 16KB - Virtual size: 14KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

ba:55:4e:e1:4e:6e:c2:c3:46:45:f6:56:36:37:d9:d0:54:c0:ef:d3
Signer

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 940B

.rsrc
Size: 16KB - Virtual size: 14KB