1070efdd586806b31802bcdd55df85bc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1070efdd586806b31802bcdd55df85bc_JaffaCakes118
Size

26KB
MD5

1070efdd586806b31802bcdd55df85bc
SHA1

83f45c58faa292b3de3352a0f130e6df0033ec95
SHA256

84a65c11a95c3d240b29a657d611b504a2d545e97c5dd58cd908f3736275263e
SHA512

701241b1380c34612d365c4c4a0319095abf7f59da973775ffbe9afff05ccbda9fe2cc5625cc6a53d0d820ec29eb4c769ebefcd8ad9b32d6c35a0af982c198d0
SSDEEP

384:Qz5zhW0PRmA1s+YyrkGbpE0Pch1RfEmitKLtNRvMSpi:u1WcRmcs+YytbO0Pcp8migMP

Score

1^/10

Malware Config

Signatures

Files

1070efdd586806b31802bcdd55df85bc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1c096232beb29c0c356a7dea691a1c57

Code Sign

01:a5
Certificate

Issuer

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Not Before

13/08/1998, 00:29

Not After

13/08/2018, 23:59

Subject

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

21:35:59
Certificate

Issuer

CN=Digisign Server ID (Enrich),OU=457608-K,O=Digicert Sdn. Bhd.,C=MY

Not Before

17/12/2008, 08:55

Not After

17/12/2010, 08:55

Subject

CN=www.flexicorp.jaring.my,OU=JARING,O=JARING Communications Sdn.Bhd.,L=W.Persekutuan,ST=Kuala Lumpur,C=MY,1.2.840.113549.1.9.1=#0c1273797361646d696e406a6172696e672e6d79

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

07:27:14:a9
Certificate

Issuer

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Not Before

17/07/2007, 15:17

Not After

17/07/2012, 15:16

Subject

CN=Digisign Server ID (Enrich),OU=457608-K,O=Digicert Sdn. Bhd.,C=MY

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageCertSign
KeyUsageCRLSign

17:c9:9f:39:fb:14:3d:50:45:14:67:30:19:cd:2d:35:f1:a6:ef:31
Signer

Actual PE Digest

17:c9:9f:39:fb:14:3d:50:45:14:67:30:19:cd:2d:35:f1:a6:ef:31

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpQueryInfoA
InternetReadFile
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
InternetErrorDlg

advapi32

InitializeSecurityDescriptor
RegOpenKeyExA
GetUserNameA
RegQueryValueExA
RegCloseKey
SetSecurityDescriptorDacl

user32

PostThreadMessageA
GetMessageA
GetDesktopWindow

msvcrt

atoi
malloc
exit
fclose
getc
fopen
strrchr
sprintf
_sleep
__CxxFrameHandler
fwrite
strtok
fprintf
strncmp
free
strstr
_strdup
fscanf
strncpy
_snprintf
realloc
fflush
_filelength
_except_handler3
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

iphlpapi

GetAdaptersInfo

shlwapi

PathFileExistsA

kernel32

GetCurrentThreadId
GetLastError
GetComputerNameA
GetProcAddress
GetModuleHandleA
DeleteFileA
GetStartupInfoA
Sleep
GetModuleFileNameA
CreateMutexA

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1c096232beb29c0c356a7dea691a1c57

Code Sign

01:a5Certificate

21:35:59Certificate

Key Usages

07:27:14:a9Certificate

Key Usages

17:c9:9f:39:fb:14:3d:50:45:14:67:30:19:cd:2d:35:f1:a6:ef:31Signer

Headers

File Characteristics

Imports

wininet

advapi32

user32

msvcrt

iphlpapi

shlwapi

kernel32

Sections

.text Size: 12KB - Virtual size: 9KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 8KB

01:a5
Certificate

21:35:59
Certificate

07:27:14:a9
Certificate

17:c9:9f:39:fb:14:3d:50:45:14:67:30:19:cd:2d:35:f1:a6:ef:31
Signer

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 8KB