0bb428c53032759dc653f21ecb46d6a7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0bb428c53032759dc653f21ecb46d6a7_JaffaCakes118
Size

832KB
MD5

0bb428c53032759dc653f21ecb46d6a7
SHA1

101006c5b74c7e04e3540204fe61c3e47bb45522
SHA256

7a88ccf7eb88c2fc30cc33207569e1ea208fc09e8345d8e4f4e836f3686029e9
SHA512

720f3ac990b6faeef38df77b486937b93a8fd2ae23409f191aaeaceedc35690e6eaf63b08124a16dddefa75df5956eed00b81448e902d5a070288677e540bb37
SSDEEP

12288:Ph8vj9/HnDOCoOYdW/RcvVEJYkz154BfpEu1HpXXBPIvlkx8+MQSlJeooG:pitnHo5WpKENYfCoJXXBPItka+MQSDea

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ANT_Simple_V.1.8.1.exe

Files

0bb428c53032759dc653f21ecb46d6a7_JaffaCakes118
.zip
ANT_Simple_V.1.8.1.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.EXE
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 485KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MAIN
Size: 146KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ftd2xx.dll
.dll windows:4 windows x86 arch:x86

4574e69e25d5d69cc6b0978b50a59ae2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

12:9a:44:25:f7:33:1f:03:49:48:12:4b:4d:3a:ea:c8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15-08-2006 00:00

Not After

30-09-2007 23:59

Subject

CN=Future Technology Devices International Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Future Technology Devices International Ltd,L=Glasgow,ST=Scotland,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

da:70:cb:e4:f3:ab:cc:63:af:d6:56:d7:ac:2b:27:2a:66:9b:7e:d1
Signer

Actual PE Digest

da:70:cb:e4:f3:ab:cc:63:af:d6:56:d7:ac:2b:27:2a:66:9b:7e:d1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Development\cdm2_2_4\d2xxdll\Release\FTD2XX.pdb

Imports

setupapi

SetupDiSetClassInstallParamsA
SetupDiDestroyDeviceInfoList
CM_Get_Device_ID_ExA
SetupDiClassNameFromGuidExA
SetupDiGetClassDescriptionExA
CM_Locate_DevNode_ExA
CM_Reenumerate_DevNode_Ex
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceRegistryPropertyA
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsA
SetupDiClassGuidsFromNameExA
SetupDiCreateDeviceInfoListExA
SetupDiGetClassDevsExA
SetupDiOpenDeviceInfoA
SetupDiGetDeviceInfoListDetailA
SetupDiEnumDeviceInfo

kernel32

GetConsoleOutputCP
WriteConsoleA
SetFilePointer
SetStdHandle
HeapSize
FlushFileBuffers
LoadLibraryA
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
InitializeCriticalSection
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
LocalFree
FormatMessageA
WriteConsoleW
GetCurrentProcess
GetLastError
lstrlenA
lstrcpyA
DeviceIoControl
ReadFile
WriteFile
CreateFileA
GetOverlappedResult
CancelIo
lstrcmpiA
lstrcpynA
Sleep
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetLocaleInfoW
SetEndOfFile
CompareStringA
CompareStringW
CloseHandle
TlsAlloc
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
GetProcAddress
GetModuleHandleA
TlsGetValue
SetEnvironmentVariableA
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
ExitProcess
FatalAppExitA
RaiseException
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
RtlUnwind
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetModuleFileNameA
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetTimeFormatA

user32

CharNextA
CharPrevA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
InitiateSystemShutdownExA
RegQueryValueExA

Exports

Exports

FT_Close
FT_ClrDtr
FT_ClrRts
FT_CreateDeviceInfoList
FT_CyclePort
FT_EE_Program
FT_EE_ProgramEx
FT_EE_Read
FT_EE_ReadEx
FT_EE_UARead
FT_EE_UASize
FT_EE_UAWrite
FT_EraseEE
FT_GetBitMode
FT_GetDeviceInfo
FT_GetDeviceInfoDetail
FT_GetDeviceInfoList
FT_GetDriverVersion
FT_GetEventStatus
FT_GetLatencyTimer
FT_GetLibraryVersion
FT_GetModemStatus
FT_GetQueueStatus
FT_GetStatus
FT_IoCtl
FT_ListDevices
FT_Open
FT_OpenEx
FT_Purge
FT_Read
FT_ReadEE
FT_Reload
FT_Rescan
FT_ResetDevice
FT_ResetPort
FT_RestartInTask
FT_SetBaudRate
FT_SetBitMode
FT_SetBreakOff
FT_SetBreakOn
FT_SetChars
FT_SetDataCharacteristics
FT_SetDeadmanTimeout
FT_SetDivisor
FT_SetDtr
FT_SetEventNotification
FT_SetFlowControl
FT_SetLatencyTimer
FT_SetResetPipeRetryCount
FT_SetRts
FT_SetTimeouts
FT_SetUSBParameters
FT_SetWaitMask
FT_StopInTask
FT_W32_CancelIo
FT_W32_ClearCommBreak
FT_W32_ClearCommError
FT_W32_CloseHandle
FT_W32_CreateFile
FT_W32_EscapeCommFunction
FT_W32_GetCommMask
FT_W32_GetCommModemStatus
FT_W32_GetCommState
FT_W32_GetCommTimeouts
FT_W32_GetLastError
FT_W32_GetOverlappedResult
FT_W32_PurgeComm
FT_W32_ReadFile
FT_W32_SetCommBreak
FT_W32_SetCommMask
FT_W32_SetCommState
FT_W32_SetCommTimeouts
FT_W32_SetupComm
FT_W32_WaitCommEvent
FT_W32_WriteFile
FT_WaitOnMask
FT_Write
FT_WriteEE

Sections

.text
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.EXE Size: - Virtual size: 1.3MB

DATA Size: 485KB - Virtual size: 488KB

.MAIN Size: 146KB - Virtual size: 148KB

4574e69e25d5d69cc6b0978b50a59ae2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

12:9a:44:25:f7:33:1f:03:49:48:12:4b:4d:3a:ea:c8Certificate

Extended Key Usages

Key Usages

da:70:cb:e4:f3:ab:cc:63:af:d6:56:d7:ac:2b:27:2a:66:9b:7e:d1Signer

Headers

File Characteristics

PDB Paths

Imports

setupapi

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 148KB - Virtual size: 144KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 988B

.reloc Size: 8KB - Virtual size: 6KB

.EXE
Size: - Virtual size: 1.3MB

DATA
Size: 485KB - Virtual size: 488KB

.MAIN
Size: 146KB - Virtual size: 148KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

12:9a:44:25:f7:33:1f:03:49:48:12:4b:4d:3a:ea:c8
Certificate

da:70:cb:e4:f3:ab:cc:63:af:d6:56:d7:ac:2b:27:2a:66:9b:7e:d1
Signer

.text
Size: 148KB - Virtual size: 144KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 988B

.reloc
Size: 8KB - Virtual size: 6KB