0ae005d7c67bf0823c9df4925316e2cc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0ae005d7c67bf0823c9df4925316e2cc_JaffaCakes118
Size

14.2MB
MD5

0ae005d7c67bf0823c9df4925316e2cc
SHA1

ba101d42c539b09cfd4dc344142fd0bc3e43cbb3
SHA256

325c741d420d8d2215fd35b5d91e31290ecf11e985cc7fc9a9e44bfe5aae44a8
SHA512

22d591d73e19cb8acf64ba187432816215d8c799742da5ec5cb3bee84d0659da15039b16dc7d35e8b7624a37dc468b5e2f50cba81a2c5d14030cc2d52bdb60b9
SSDEEP

196608:vjOx0QJaaY2rRGWB63dOKM/rG+cSZCGWCGDCg9L8DptEPSeW9b:LqH9Y2rR63PMjG+c4WCG2gB6mo9b

Score

1^/10

Malware Config

Signatures

Files

0ae005d7c67bf0823c9df4925316e2cc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b4e289890cbecd1b96b3d18a833aef7f

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

24:fe:11:7f:25:41:8b:ba:37:c9:99:fe:f1:44:c8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/12/2012, 00:00

Not After

11/12/2014, 23:59

Subject

CN=LULU SOFTWARE LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LULU SOFTWARE LIMITED,L=Ta'Xbiex,ST=XBX,C=MT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:6e:70:fa:b5:da:02:f4:c1:d6:fc:66:d9:15:7b:4d:f1:6c:20:ee
Signer

Actual PE Digest

64:6e:70:fa:b5:da:02:f4:c1:d6:fc:66:d9:15:7b:4d:f1:6c:20:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
SetCurrentDirectoryA
GetExitCodeProcess
GetTempPathA
GetTempFileNameA
HeapFree
IsBadReadPtr
VirtualProtect
GetProcessHeap
HeapAlloc
GetModuleHandleA
VirtualFree
PeekNamedPipe
ReadFile
WaitForSingleObject
Sleep
CloseHandle
CreatePipe
CreateProcessA
VirtualAlloc
LoadLibraryA
GetProcAddress
FreeLibrary
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
GetACP
WideCharToMultiByte
GetModuleFileNameA
GetProfileStringA
WriteProfileStringA
FatalAppExitA
UnmapViewOfFile
GetFileSize
MapViewOfFile
TlsFree
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentThreadId
InterlockedCompareExchange
InterlockedExchange
CreateFileA
GetFileAttributesA
CreateFileMappingA
RaiseException
GetTickCount
GetFullPathNameA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection

user32

ReleaseDC
MessageBoxA
SetRect
MessageBoxW
GetActiveWindow
CopyRect
GetDC

gdi32

GetStockObject
CreateRectRgn
SelectClipRgn
PlayEnhMetaFile
EnumEnhMetaFile
PlayEnhMetaFileRecord
CreateDIBSection
GetObjectA
CloseEnhMetaFile
RealizePalette
CreateEnhMetaFileA
GetDeviceCaps
Rectangle
Escape
GetCurrentObject
PolyBezierTo
MoveToEx
StrokePath
StrokeAndFillPath
GetGlyphOutlineW
StretchDIBits
GetTextFaceA
GetOutlineTextMetricsA
SetTextColor
GetTextExtentPoint32W
DeleteEnhMetaFile
GetEnhMetaFileHeader
GetEnhMetaFileA
CreateCompatibleDC
CreatePalette
SelectObject
DeleteObject
SelectPalette
StartPage
GetTextExtentPoint32A
ExtTextOutW
ExtTextOutA
TextOutA
Polyline
PolylineTo
CloseFigure
SetMapMode
SetWindowOrgEx
SetWindowExtEx
SetViewportExtEx
SetBkMode
SetStretchBltMode
SetBrushOrgEx
GetTextMetricsA
EnumFontFamiliesExA
EnumFontFamiliesA
GetObjectType
BeginPath
SetPolyFillMode
EndPath
SelectClipPath
ExtCreatePen
CreatePen
SetMiterLimit
CreateSolidBrush
SetTextAlign
CreateFontIndirectA
GetCharWidthA
GetCharWidthW
GetGlyphOutlineA
DeleteDC

advapi32

RegQueryInfoKeyA
RegEnumKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegEnumValueA

msvcrt

??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_fileno
_strnicmp
_open
_read
_write
_lseek
_close
_strdup
__dllonexit
_onexit
_exit
_XcptFilter
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_iob
??1type_info@@UAE@XZ
_controlfp
_CxxThrowException
??0exception@@QAE@ABV0@@Z
vfprintf
_CIasin
tmpfile
frexp
ldexp
tmpnam
abort
_unlink
_stricmp
_swab
srand
rand
longjmp
gmtime
_fcloseall
rename
_CIfmod
atol
memchr
modf
_setjmp3
_beginthreadex
remove
__CxxFrameHandler
_EH_prolog
_isctype
fgets
calloc
_except_handler3
strncat
asctime
clock
isalnum
_CIacos
fflush
isalpha
isxdigit
exit
_CIpow
qsort
ungetc
_tempnam
strrchr
getenv
strcspn
fprintf
isupper
tolower
vsprintf
floor
_purecall
ceil
sscanf
isspace
fputc
strncmp
islower
toupper
fgetc
_ftol
isdigit
strncpy
atof
realloc
memmove
strchr
memcpy
fwrite
sprintf
strcmp
wcslen
free
_filelength
memcmp
_tzset
time
localtime
strcat
_makepath
strstr
_fullpath
printf
_splitpath
memset
strtok
atoi
??2@YAPAXI@Z
strcpy
strlen
fopen
fseek
ftell
malloc
fread
fclose

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12.5MB - Virtual size: 12.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4e289890cbecd1b96b3d18a833aef7f

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

24:fe:11:7f:25:41:8b:ba:37:c9:99:fe:f1:44:c8:3aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

64:6e:70:fa:b5:da:02:f4:c1:d6:fc:66:d9:15:7b:4d:f1:6c:20:eeSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcrt

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 124KB - Virtual size: 121KB

.data Size: 12.5MB - Virtual size: 12.5MB

.rsrc Size: 4KB - Virtual size: 1KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

24:fe:11:7f:25:41:8b:ba:37:c9:99:fe:f1:44:c8:3a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

64:6e:70:fa:b5:da:02:f4:c1:d6:fc:66:d9:15:7b:4d:f1:6c:20:ee
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 124KB - Virtual size: 121KB

.data
Size: 12.5MB - Virtual size: 12.5MB

.rsrc
Size: 4KB - Virtual size: 1KB