11df7115ece2db15f6da4536b2dc414c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

11df7115ece2db15f6da4536b2dc414c_JaffaCakes118
Size

137KB
MD5

11df7115ece2db15f6da4536b2dc414c
SHA1

a3e16f5cf3e3a6ca6d7ccfbef1eefe91e16e4095
SHA256

b6ca61d31285ec2ab490dd0296562daf4382e26f355a009c007a686678888889
SHA512

b06935b129665f4313695e910551e51b60078623dd785d2c3185d1e508fc350679874d72c39b0171fefb9c9085c7ee2f172f40f8122316d31aa56229e01eff5f
SSDEEP

3072:URrxPedXjf5V9gYdz1ljuOwJ3kMqx/yP:ylPO5pd5lhwaKP

Score

1^/10

Malware Config

Signatures

Files

11df7115ece2db15f6da4536b2dc414c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a60e52d4fd6817ac47b4c8963f7b2cae

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:94:d7:39:bc:82:c7:14:9e:be:00:e2:c8:d7:be:f6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

18/05/2010, 00:00

Not After

16/02/2011, 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RD,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:ce:fb:4e:03:dd:05:dd:3a:79:63:d8:40:83:bf:92:a8:7d:65:da
Signer

Actual PE Digest

2d:ce:fb:4e:03:dd:05:dd:3a:79:63:d8:40:83:bf:92:a8:7d:65:da

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventA
DosDateTimeToFileTime
OpenFile
CreateNamedPipeA
GetModuleHandleA
FindAtomW
EnumTimeFormatsA
CopyFileA
OpenEventW
SetEvent
OpenSemaphoreW
SearchPathW
OpenMutexW
IsValidCodePage
DisconnectNamedPipe
TlsAlloc
GetDiskFreeSpaceA
OpenWaitableTimerA
GetPriorityClass
lstrcpy
GlobalAlloc
GetStartupInfoA
lstrcmp
GetEnvironmentVariableA
CreateMutexW
VirtualAlloc
GetLocaleInfoW
GetUserDefaultLangID

user32

GetCursorPos
InsertMenuA
GetClassLongW
GetDC
FindWindowA
GetPropA
EnumDesktopWindows
GetParent
GetDlgItemTextW
CreateIcon
DrawTextA
LoadIconA

gdi32

CreateCompatibleBitmap
OffsetWindowOrgEx
SelectClipRgn
SetICMProfileW
SelectClipPath
SetDeviceGammaRamp
SetMetaFileBitsEx
ExtFloodFill

advapi32

RegDeleteKeyA
RegReplaceKeyW
RegCreateKeyW
RegEnumValueA
RegEnumKeyW

shlwapi

SHCreateThread
PathAddBackslashA
PathCompactPathA

comctl32

DPA_Create
ImageList_SetImageCount
FlatSB_SetScrollRange

ole32

CoGetDefaultContext
CoInitialize
OleUninitialize

oleaut32

VarI8FromDisp

version

GetFileVersionInfoA

ws2_32

send
getservbyname
getprotobyname
inet_addr

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.code_01
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.3O13
Size: 2KB - Virtual size: 33KB

IMAGE_SCN_MEM_READ

.67TIji
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jKA
Size: 2KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a60e52d4fd6817ac47b4c8963f7b2cae

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:94:d7:39:bc:82:c7:14:9e:be:00:e2:c8:d7:be:f6Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

2d:ce:fb:4e:03:dd:05:dd:3a:79:63:d8:40:83:bf:92:a8:7d:65:daSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

comctl32

ole32

oleaut32

version

ws2_32

Sections

.text Size: 12KB - Virtual size: 11KB

.code_01 Size: 4KB - Virtual size: 10KB

.3O13 Size: 2KB - Virtual size: 33KB

.67TIji Size: 3KB - Virtual size: 4KB

.jKA Size: 2KB - Virtual size: 26KB

.rdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 103KB - Virtual size: 103KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:94:d7:39:bc:82:c7:14:9e:be:00:e2:c8:d7:be:f6
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

2d:ce:fb:4e:03:dd:05:dd:3a:79:63:d8:40:83:bf:92:a8:7d:65:da
Signer

.text
Size: 12KB - Virtual size: 11KB

.code_01
Size: 4KB - Virtual size: 10KB

.3O13
Size: 2KB - Virtual size: 33KB

.67TIji
Size: 3KB - Virtual size: 4KB

.jKA
Size: 2KB - Virtual size: 26KB

.rdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 103KB - Virtual size: 103KB