0b29b35b2e6b1019a81773cb767abc9a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b29b35b2e6b1019a81773cb767abc9a_JaffaCakes118
Size

239KB
MD5

0b29b35b2e6b1019a81773cb767abc9a
SHA1

6c2a66aa12e8353ecf8d802dcc0f4487af2b8b31
SHA256

2615854144f131fb142d7df9765e4dd33c74316fba012a897b7daa7014d3cf99
SHA512

7aa3f1189ffd314a7a29dc7944fecc32a83a8577388f5538925908a6d9c2b3ccc69918c102f834dab781d09002a6ec7cbc1c9ad29a13abfd6048912162a023e6
SSDEEP

6144:SbjdRHBfts4zN9uVgWYzZJbGGy5+23oYEFuup6jVf/:SbjdRE4zjse/qGuEFXQ/

Score

1^/10

Malware Config

Signatures

Files

0b29b35b2e6b1019a81773cb767abc9a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6798ece444f7bc66880bb20fb76e16df

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:94:d7:39:bc:82:c7:14:9e:be:00:e2:c8:d7:be:f6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

18/05/2010, 00:00

Not After

16/02/2011, 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RD,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d4:ae:ed:1e:48:15:9b:f2:31:3a:0e:56:cb:1a:76:47:2f:d5:3e:45
Signer

Actual PE Digest

d4:ae:ed:1e:48:15:9b:f2:31:3a:0e:56:cb:1a:76:47:2f:d5:3e:45

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
GetLogicalDriveStringsW
IsDebuggerPresent
GetCalendarInfoA
GetVersionExW
SetLocaleInfoW
GetTempFileNameA
QueryPerformanceFrequency
lstrlen
FatalAppExitA
TlsAlloc
LoadLibraryExA
SetErrorMode
BeginUpdateResourceW
GetFullPathNameA
FindAtomW
BeginUpdateResourceA
GetUserDefaultLCID
GetLocaleInfoA
GetThreadPriority
SetCalendarInfoW
GetTempPathW
lstrlenW
lstrcpyA
GetLastError
GetTimeFormatA
FileTimeToDosDateTime
GetVersion
IsBadReadPtr
GetAtomNameW
SearchPathW
GetProcAddress
GetWindowsDirectoryA
Sleep
LoadLibraryA
GetModuleFileNameW
AddAtomW
OpenEventA
GetTimeFormatW
CreateDirectoryA
GetCurrentProcessId
lstrcpynA
GetEnvironmentVariableW
FileTimeToSystemTime
SetCurrentDirectoryA
RemoveDirectoryW
GetExitCodeProcess
GetMailslotInfo
lstrcmpA
GetStartupInfoA
GetFileAttributesA
GetThreadLocale
OpenSemaphoreW
Beep

user32

DialogBoxParamA
GetIconInfo
keybd_event
GetKeyState
OpenClipboard
CreateDialogParamW
SendMessageW
LoadMenuA
CreateDialogIndirectParamW
CreatePopupMenu
CreateDesktopA
GetMenuStringA
EnableMenuItem
SetFocus
LoadBitmapA
RegisterClassA
GetScrollPos
GetClassInfoExW
GetCapture
GetKeyboardLayout
AdjustWindowRect
LoadMenuW
RegisterClassExA
LoadImageW
CreateWindowExA
MoveWindow
SetWindowLongW
GetDlgItemInt
SetTimer
SendDlgItemMessageW
SetWindowTextA
RegisterWindowMessageA

gdi32

CreateBitmapIndirect
SelectBrushLocal
CreateICW
GetEnhMetaFilePixelFormat
AddFontResourceA
CreateFontIndirectA
ExtCreateRegion
CreateRectRgn

shell32

SHGetDiskFreeSpaceA
StrNCmpIA
SHGetDiskFreeSpaceExA
Shell_NotifyIconW
ExtractAssociatedIconExW
SHCreateDirectory

ws2_32

WSADuplicateSocketW
select
WSARecvDisconnect
WSAGetLastError
WSACloseEvent
gethostbyname
WSAIoctl
ioctlsocket
WSAEnumProtocolsA
send
WSAEventSelect
getprotobynumber
WSAStartup
getsockname
getsockopt
htonl

crypt32

I_CryptReleaseLruEntry
I_CryptEnumMatchingLruEntries
CertAddEncodedCRLToStore
I_CryptGetAsn1Decoder
CertRegisterPhysicalStore
PFXExportCertStore
CertNameToStrW

Sections

.xI
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dcTm
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.X
Size: 1024B - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kzWoj
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.GBdqEq
Size: 512B - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.GmuDc
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.EAFo
Size: 1KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stUSff
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.WouSA
Size: 11KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JHi
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.F
Size: 1024B - Virtual size: 479KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6798ece444f7bc66880bb20fb76e16df

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:94:d7:39:bc:82:c7:14:9e:be:00:e2:c8:d7:be:f6Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

d4:ae:ed:1e:48:15:9b:f2:31:3a:0e:56:cb:1a:76:47:2f:d5:3e:45Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ws2_32

crypt32

Sections

.xI Size: 6KB - Virtual size: 5KB

.dcTm Size: 90KB - Virtual size: 90KB

.X Size: 1024B - Virtual size: 273KB

.kzWoj Size: 12KB - Virtual size: 12KB

.GBdqEq Size: 512B - Virtual size: 424KB

.GmuDc Size: 3KB - Virtual size: 10KB

.EAFo Size: 1KB - Virtual size: 340KB

.stUSff Size: 92KB - Virtual size: 91KB

.WouSA Size: 11KB - Virtual size: 249KB

.JHi Size: 5KB - Virtual size: 76KB

.F Size: 1024B - Virtual size: 479KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 1KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:94:d7:39:bc:82:c7:14:9e:be:00:e2:c8:d7:be:f6
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

d4:ae:ed:1e:48:15:9b:f2:31:3a:0e:56:cb:1a:76:47:2f:d5:3e:45
Signer

.xI
Size: 6KB - Virtual size: 5KB

.dcTm
Size: 90KB - Virtual size: 90KB

.X
Size: 1024B - Virtual size: 273KB

.kzWoj
Size: 12KB - Virtual size: 12KB

.GBdqEq
Size: 512B - Virtual size: 424KB

.GmuDc
Size: 3KB - Virtual size: 10KB

.EAFo
Size: 1KB - Virtual size: 340KB

.stUSff
Size: 92KB - Virtual size: 91KB

.WouSA
Size: 11KB - Virtual size: 249KB

.JHi
Size: 5KB - Virtual size: 76KB

.F
Size: 1024B - Virtual size: 479KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 1KB - Virtual size: 1KB