1348e22616e04e1b4bac69ee99a1f110_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1348e22616e04e1b4bac69ee99a1f110_JaffaCakes118
Size

241KB
MD5

1348e22616e04e1b4bac69ee99a1f110
SHA1

35bc37d2088441b480b0b1adcd39e816903a1f4f
SHA256

8107dd6d136e3232ad7716e633194789d7650fd104aed21a1dbdad3ccae5ad5e
SHA512

e3b2af2a1f53b39794abb3e8e27baa16485e919061271a8e4ade47bc8c56350b9fad020fafa019cef898effccff0fe54456d257de6d88e8866a125abb30e0646
SSDEEP

6144:6fIfP2rhIZgGz8aOf+pNj5rIGraxX9FiALsOZXW6:1OIZ3Bf1IdxX9CJ

Score

1^/10

Malware Config

Signatures

Files

1348e22616e04e1b4bac69ee99a1f110_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a86b4f16fba97eb69e922190ddffd73a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

22:5c:8b:52:64:05:84:16:3e:c1:83:50:17:de:d7:81
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30/01/2007, 00:00

Not After

15/02/2008, 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RD,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
GetAtomNameA
CreateDirectoryA
CreateNamedPipeW
lstrcpynA
OpenMutexA
GetExitCodeThread
GetUserDefaultLangID
CopyFileA
GetWindowsDirectoryA
IsValidLocale
GetLogicalDriveStringsW
GetEnvironmentVariableW
GetModuleHandleA
CopyFileExA
GetLocalTime
SearchPathW
GetSystemDefaultLangID
GetTimeFormatA
GetProcessHeap
GetMailslotInfo
GetUserDefaultLCID
GetCurrentProcess
GetStringTypeW
GetProcessHeaps
lstrcpyn
GetModuleFileNameW
CreateEventW
QueryPerformanceFrequency
ReplaceFileW
SetCurrentDirectoryA
WinExec
QueryPerformanceCounter
GetModuleFileNameA
GlobalAlloc
DosDateTimeToFileTime
SetErrorMode
GetFileAttributesA
LoadLibraryExA
GetTimeFormatW
GlobalDeleteAtom
IsBadWritePtr
GetProcAddress
ExitProcess
LocalAlloc
GetSystemDirectoryA
IsBadStringPtrW
lstrcpy
GetVersionExW
lstrcpyA
FindAtomW
FindResourceW
lstrcmpW
GetLocaleInfoW
GetOEMCP
lstrcmp
LoadLibraryA
DisconnectNamedPipe
FindResourceA
lstrlenW

user32

LoadBitmapA
SendMessageW
SendDlgItemMessageW
EnableWindow
GetSysColorBrush
GetActiveWindow
DestroyCursor
CreateAcceleratorTableW
CopyRect
WaitForInputIdle
CreateWindowExA
CharLowerW
wvsprintfA
LoadCursorA
MessageBeep
LoadBitmapW
InsertMenuItemA
AppendMenuW
SetWindowTextW
RegisterClassW
CheckMenuItem

gdi32

CreateBitmapIndirect
CreateFontIndirectExW
GetStockObject
CreateICW
CreateRectRgn
RemoveFontResourceW
GdiGetBatchLimit
CreateFontA
GetEnhMetaFileW
CreateFontW
GetTextExtentPointW

shell32

StrStrW
StrStrA

version

VerFindFileW
GetFileVersionInfoA

ws2_32

getservbyname
WSAIoctl
bind
getprotobynumber
WSADuplicateSocketW
listen
inet_ntoa
recvfrom
WSAEnumNetworkEvents
closesocket
getservbyport
getsockopt
accept
WSACleanup
WSARecvDisconnect
select

urlmon

URLDownloadToFileW
CoInternetQueryInfo
DllRegisterServer
UrlMkBuildVersion
URLOpenBlockingStreamW

winmm

waveInStop
midiStreamRestart

rasman

RasFreeBuffer
RasDeAllocateRoute

sqlunirl

_ExtractAssociatedIcon_@12
AbortSystemShutdown_
_CopyMetaFile_@8
_MessageBoxIndirect_@4
_StartDoc@8
_GetServiceKeyName_@16
_GetICMProfile_@12
_GetFileVersionInfo_@16
_CreateFileMapping_@24
_CreateMutex_@12
_DefMDIChildProc_@16
_IsCharAlpha_@4
_SetCurrentDirectory_@4

Sections

.BFWp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cjhqyN
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.RiBrbo
Size: 3KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.o
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.f
Size: 3KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wZ
Size: 3KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.yAePk
Size: 1KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.H
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xRL
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.OOUMg
Size: 12KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pVzj
Size: 3KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a86b4f16fba97eb69e922190ddffd73a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

22:5c:8b:52:64:05:84:16:3e:c1:83:50:17:de:d7:81Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

version

ws2_32

urlmon

winmm

rasman

sqlunirl

Sections

.BFWp Size: 4KB - Virtual size: 4KB

.cjhqyN Size: 90KB - Virtual size: 89KB

.RiBrbo Size: 3KB - Virtual size: 411KB

.o Size: 11KB - Virtual size: 11KB

.f Size: 3KB - Virtual size: 321KB

.wZ Size: 3KB - Virtual size: 116KB

.yAePk Size: 1KB - Virtual size: 139KB

.H Size: 4KB - Virtual size: 3KB

.xRL Size: 92KB - Virtual size: 91KB

.OOUMg Size: 12KB - Virtual size: 306KB

.pVzj Size: 3KB - Virtual size: 143KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 1024B - Virtual size: 1024B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

22:5c:8b:52:64:05:84:16:3e:c1:83:50:17:de:d7:81
Certificate

.BFWp
Size: 4KB - Virtual size: 4KB

.cjhqyN
Size: 90KB - Virtual size: 89KB

.RiBrbo
Size: 3KB - Virtual size: 411KB

.o
Size: 11KB - Virtual size: 11KB

.f
Size: 3KB - Virtual size: 321KB

.wZ
Size: 3KB - Virtual size: 116KB

.yAePk
Size: 1KB - Virtual size: 139KB

.H
Size: 4KB - Virtual size: 3KB

.xRL
Size: 92KB - Virtual size: 91KB

.OOUMg
Size: 12KB - Virtual size: 306KB

.pVzj
Size: 3KB - Virtual size: 143KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 1024B - Virtual size: 1024B