0d283bb17c4f0f4a2f49ab89d6fb2fcb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d283bb17c4f0f4a2f49ab89d6fb2fcb_JaffaCakes118
Size

67KB
MD5

0d283bb17c4f0f4a2f49ab89d6fb2fcb
SHA1

05f59ac28179200193ccf87e4e0247630852602b
SHA256

ad211e7fb099d790d4b1a36c0132c1e595fa4caaff30042612550ea73d84d50a
SHA512

da1058cdc1cf42dc8fcc02f6768b18ad622943fc075da32f6ceaf79e266d4c96658c1ab3a7c46ddf71843365550c34cbc62d537466b1a4587d8adb0fcf84e081
SSDEEP

1536:tbZ8anfbf0uBP1imdUfwydikUrzoIYL2FPNbaahbJI:tbZ8anr0uvFdidJg+2FPNfI

Score

1^/10

Malware Config

Signatures

Files

0d283bb17c4f0f4a2f49ab89d6fb2fcb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

26163dd0e1554b53feb580b309160279

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:96:1e:4e:dc:4c:7c:b1:e6:89:b0:89:cd:a0:e7:d4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

29/06/2006, 00:00

Not After

28/06/2009, 23:59

Subject

CN=RITLABS S.R.L.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=RITLABS S.R.L.,L=Chisinau,ST=MD,C=MD

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fa:2d:97:5a:9f:89:b0:b7:3f:ed:76:21:e5:e8:a3:d8:ba:45:2a:3d
Signer

Actual PE Digest

fa:2d:97:5a:9f:89:b0:b7:3f:ed:76:21:e5:e8:a3:d8:ba:45:2a:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
MessageBoxA
CharNextA
CreateWindowExA
WaitForInputIdle
UnregisterClassA
TranslateMessage
SetWindowLongA
RegisterClassA
MessageBoxA
MessageBeep
GetWindowLongA
GetMessageA
GetClassInfoA
DispatchMessageA
DestroyWindow
DefWindowProcA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
VirtualQuery
GetStartupInfoA
GetModuleFileNameA
GetCommandLineA
FreeLibrary
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
WriteFile
WaitForSingleObject
VirtualAlloc
TerminateProcess
SystemTimeToFileTime
SuspendThread
Sleep
SetThreadPriority
SetFilePointer
SetEvent
ResumeThread
ReadFile
LeaveCriticalSection
InitializeCriticalSection
GetSystemTimeAsFileTime
GetModuleHandleA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileTime
GetFileSize
GetFileAttributesA
GetEnvironmentVariableA
GetEnvironmentStringsA
FreeLibrary
FreeEnvironmentStringsA
FormatMessageA
FileTimeToSystemTime
FileTimeToLocalFileTime
EnterCriticalSection
DeleteCriticalSection
CreateProcessA
CreatePipe
CreateFileA
CreateEventA
CloseHandle

wsock32

WSAStartup
WSAGetLastError
gethostbyname
gethostbyaddr
socket
shutdown
send
recv
listen
htons
closesocket
bind
accept

shell32

FindExecutableA

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26163dd0e1554b53feb580b309160279

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

77:96:1e:4e:dc:4c:7c:b1:e6:89:b0:89:cd:a0:e7:d4Certificate

Extended Key Usages

Key Usages

fa:2d:97:5a:9f:89:b0:b7:3f:ed:76:21:e5:e8:a3:d8:ba:45:2a:3dSigner

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

wsock32

shell32

Sections

.text Size: 50KB - Virtual size: 50KB

.itext Size: 512B - Virtual size: 216B

.data Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 10KB

.idata Size: 3KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 3KB - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 512B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

77:96:1e:4e:dc:4c:7c:b1:e6:89:b0:89:cd:a0:e7:d4
Certificate

fa:2d:97:5a:9f:89:b0:b7:3f:ed:76:21:e5:e8:a3:d8:ba:45:2a:3d
Signer

.text
Size: 50KB - Virtual size: 50KB

.itext
Size: 512B - Virtual size: 216B

.data
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 10KB

.idata
Size: 3KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 512B