0a847a4aaea0b0da45ce4f165a974c18_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0a847a4aaea0b0da45ce4f165a974c18_JaffaCakes118
Size

405KB
MD5

0a847a4aaea0b0da45ce4f165a974c18
SHA1

3cb4e2daff054f008d65a8b02c1ec780c99a18b7
SHA256

ca4d4438cd91d8e1b0b96caa5fa7b9fffcd959f506ab5869159cd9a3ecab05d1
SHA512

260c7b3d0eea1064e5170db48d6d67fe454b7f814e07f0e1321b4a5592d29f9196eb5d22998563dbf3a231ac30061c98f75c29b3291f79cbd6c21038fcb3d287
SSDEEP

6144:YHDr9gFOTGzT4zJq7+A8pqRavnHjhf4KmwiF1leu6TPqg/CWdjeKnpgzWec:YjeDT4zgaps8Dhf4Uueu6zqga0iKnB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/exe.exe

Files

0a847a4aaea0b0da45ce4f165a974c18_JaffaCakes118
.cab
03.exe
.exe windows:4 windows x86 arch:x86

10f6bff1d688181874bea006eceea23b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

d8:8d:d4:fe:9f:ce:a3:67:0c:2e:47:34:a8:3c:62:6f
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

14/04/2008, 00:00

Not After

14/04/2009, 23:59

Subject

CN=WMVMedialease Inc.,O=WMVMedialease Inc.,POSTALCODE=BVI,STREET=White Bay 2,L=Road Town,ST=Tortola,C=VG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ShowWindow
MessageBeep
LoadBitmapA
EndPaint
DestroyCaret
DeleteMenu

kernel32

OpenFileMappingA
lstrcpyA
TlsAlloc
RtlUnwind
GetSystemTime
GetPrivateProfileStringA
GetModuleHandleA
CompareStringA
EnterCriticalSection
EnumResourceLanguagesA
EnumResourceNamesA
FlushFileBuffers

oleaut32

SafeArrayCreate
SafeArrayDestroy
SysReAllocString
VarBstrCat
SafeArrayAllocDescriptor
SafeArrayAllocData
OleIconToCursor
OleLoadPicturePath
RevokeActiveObject

Sections

.text
Size: 17KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 340KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
exe.exe
.exe windows:5 windows x86 arch:x86

419c3fe8c1eefea9336b96f74f0951dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

notepad.pdb

Imports

comdlg32

PageSetupDlgW
FindTextW
PrintDlgExW
ChooseFontW
GetFileTitleW
GetOpenFileNameW
ReplaceTextW
CommDlgExtendedError
GetSaveFileNameW

shell32

DragFinish
DragQueryFileW
DragAcceptFiles
ShellAboutW

winspool.drv

GetPrinterDriverW
ClosePrinter
OpenPrinterW

comctl32

CreateStatusWindowW

msvcrt

_XcptFilter
_exit
_c_exit
time
localtime
_cexit
iswctype
_except_handler3
_wtol
wcsncmp
_snwprintf
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
wcsncpy

advapi32

RegQueryValueExW
RegCloseKey
RegCreateKeyW
IsTextUnicode
RegQueryValueExA
RegOpenKeyExA
RegSetValueExW

kernel32

GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetLocalTime
GetUserDefaultLCID
GetDateFormatW
GetTimeFormatW
GlobalLock
GlobalUnlock
GetFileInformationByHandle
CreateFileMappingW
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
LoadLibraryA
GetModuleHandleA
GetStartupInfoA
GlobalFree
GetLocaleInfoW
LocalFree
LocalAlloc
lstrlenW
LocalUnlock
CompareStringW
LocalLock
FoldStringW
CloseHandle
lstrcpyW
ReadFile
CreateFileW
lstrcmpiW
GetCurrentProcessId
GetProcAddress
GetCommandLineW
lstrcatW
FindClose
FindFirstFileW
GetFileAttributesW
lstrcmpW
MulDiv
lstrcpynW
LocalSize
GetLastError
WriteFile
SetLastError
WideCharToMultiByte
LocalReAlloc
FormatMessageW
GetUserDefaultUILanguage
SetEndOfFile
DeleteFileW
GetACP
UnmapViewOfFile
MultiByteToWideChar
MapViewOfFile
UnhandledExceptionFilter

gdi32

EndPage
AbortDoc
EndDoc
DeleteDC
StartPage
GetTextExtentPoint32W
CreateDCW
SetAbortProc
GetTextFaceW
TextOutW
StartDocW
EnumFontsW
GetStockObject
GetObjectW
GetDeviceCaps
CreateFontIndirectW
DeleteObject
GetTextMetricsW
SetBkMode
LPtoDP
SetWindowExtEx
SetViewportExtEx
SetMapMode
SelectObject

user32

GetClientRect
SetCursor
ReleaseDC
GetDC
DialogBoxParamW
SetActiveWindow
GetKeyboardLayout
DefWindowProcW
DestroyWindow
MessageBeep
ShowWindow
GetForegroundWindow
IsIconic
GetWindowPlacement
CharUpperW
LoadStringW
LoadAcceleratorsW
GetSystemMenu
RegisterClassExW
LoadImageW
LoadCursorW
SetWindowPlacement
CreateWindowExW
GetDesktopWindow
GetFocus
LoadIconW
SetWindowTextW
PostQuitMessage
RegisterWindowMessageW
UpdateWindow
SetScrollPos
CharLowerW
PeekMessageW
EnableWindow
DrawTextExW
CreateDialogParamW
GetWindowTextW
GetSystemMetrics
MoveWindow
InvalidateRect
WinHelpW
GetDlgCtrlID
ChildWindowFromPoint
ScreenToClient
GetCursorPos
SendDlgItemMessageW
SendMessageW
CharNextW
CheckMenuItem
CloseClipboard
IsClipboardFormatAvailable
OpenClipboard
GetMenuState
EnableMenuItem
GetSubMenu
GetMenu
MessageBoxW
SetWindowLongW
GetWindowLongW
GetDlgItem
SetFocus
SetDlgItemTextW
wsprintfW
GetDlgItemTextW
EndDialog
GetParent
UnhookWinEvent
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
IsDialogMessageW
PostMessageW
GetMessageW
SetWinEventHook

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10f6bff1d688181874bea006eceea23b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

d8:8d:d4:fe:9f:ce:a3:67:0c:2e:47:34:a8:3c:62:6fCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

user32

kernel32

oleaut32

Sections

.text Size: 17KB - Virtual size: 368KB

.data Size: 17KB - Virtual size: 20KB

.rdata Size: 340KB - Virtual size: 340KB

.idata Size: 1KB - Virtual size: 4KB

419c3fe8c1eefea9336b96f74f0951dd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comdlg32

shell32

winspool.drv

comctl32

msvcrt

advapi32

kernel32

gdi32

user32

Sections

.text Size: 30KB - Virtual size: 29KB

.data Size: 2KB - Virtual size: 6KB

.rsrc Size: 36KB - Virtual size: 35KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

d8:8d:d4:fe:9f:ce:a3:67:0c:2e:47:34:a8:3c:62:6f
Certificate

.text
Size: 17KB - Virtual size: 368KB

.data
Size: 17KB - Virtual size: 20KB

.rdata
Size: 340KB - Virtual size: 340KB

.idata
Size: 1KB - Virtual size: 4KB

.text
Size: 30KB - Virtual size: 29KB

.data
Size: 2KB - Virtual size: 6KB

.rsrc
Size: 36KB - Virtual size: 35KB