150dfa3e8bdc14bcf134e4cad9843266_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

150dfa3e8bdc14bcf134e4cad9843266_JaffaCakes118
Size

544KB
MD5

150dfa3e8bdc14bcf134e4cad9843266
SHA1

05c6214dabd5119885b39c5c84587f86b9d435eb
SHA256

61285909f5df649abccd53c14457abce568fb28a2f25b8f81808bef45f487cf3
SHA512

2c6443545738e7baec92cd172e104d4b92471e92bf2f3295e9ea3eb87dc17197941ce82eb06aacbd04e01939c9e3a8d97364f0b9fa4d1e264d128201e46c580e
SSDEEP

12288:y17rl9kiwWeRRik88hcOoSiiOSDKRJ9a3cCk:G7refik88aLSaSDSJ1v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WinRAR.exe

Files

150dfa3e8bdc14bcf134e4cad9843266_JaffaCakes118
.rar
Compressed.dll
.dll windows:4 windows x86 arch:x86

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:69:39:c4:75:d5:3c:1d:70:99:2d:b8:a8:7e:b7:d3
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

10/02/2006, 00:00

Not After

20/02/2008, 23:59

Subject

CN=Macrovision Corporation,OU=ENGINEERING,O=Macrovision Corporation,L=Schaumburg,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4c:cc:69:c3:da:af:78:04:9b:3b:d1:ac:e6:70:25:40:9a:d8:b0:dc
Signer

Actual PE Digest

4c:cc:69:c3:da:af:78:04:9b:3b:d1:ac:e6:70:25:40:9a:d8:b0:dc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WinRAR.exe
.exe windows:4 windows x86 arch:x86

8aed0468cbf97faa2111a733a4406383

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
ord662
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaVarXor
__vbaVarForInit
__vbaCyAdd
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaRefVarAry
_CIsin
ord631
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaCyI2
__vbaStrCmp
__vbaVarTstEq
__vbaR4Str
__vbaCyI4
ord561
__vbaI2I4
DllFunctionCall
__vbaCySub
_adj_fpatan
__vbaStrR8
__vbaRedim
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaVarMul
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaUbound
__vbaVarCat
ord644
_CIlog
__vbaErrorOverflow
__vbaR8Str
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
ord100
__vbaI4Var
ord689
__vbaVarAdd
__vbaAryLock
__vbaFpI4
_CIatan
__vbaAryCopy
__vbaStrMove
__vbaI4Cy
__vbaStrVarCopy
_allmul
_CItan
__vbaAryUnlock
__vbaUI1Var
__vbaVarForNext
_CIexp
__vbaFreeStr

Sections

.text
Size: 444KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
readme.txt

Sharing

General

Malware Config

Signatures

Files

Code Sign

0aCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

03:69:39:c4:75:d5:3c:1d:70:99:2d:b8:a8:7e:b7:d3Certificate

Extended Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

4c:cc:69:c3:da:af:78:04:9b:3b:d1:ac:e6:70:25:40:9a:d8:b0:dcSigner

Headers

File Characteristics

Sections

.text Size: 4KB - Virtual size: 6B

.rsrc Size: 308KB - Virtual size: 307KB

.reloc Size: 4KB - Virtual size: 12B

8aed0468cbf97faa2111a733a4406383

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 444KB - Virtual size: 440KB

.data Size: 4KB - Virtual size: 27KB

.rsrc Size: 4KB - Virtual size: 2KB

0a
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

03:69:39:c4:75:d5:3c:1d:70:99:2d:b8:a8:7e:b7:d3
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

4c:cc:69:c3:da:af:78:04:9b:3b:d1:ac:e6:70:25:40:9a:d8:b0:dc
Signer

.text
Size: 4KB - Virtual size: 6B

.rsrc
Size: 308KB - Virtual size: 307KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 444KB - Virtual size: 440KB

.data
Size: 4KB - Virtual size: 27KB

.rsrc
Size: 4KB - Virtual size: 2KB