1352c738beb40554b9e3b6442bd9a53f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1352c738beb40554b9e3b6442bd9a53f_JaffaCakes118
Size

216KB
MD5

1352c738beb40554b9e3b6442bd9a53f
SHA1

08e1002e0daa1d08f04d335544003c8dccd3ff8f
SHA256

d581e5faec21e0fa6a3baafc481a67d1ad0f43b64944e1c4b3c3fbec7037a8b2
SHA512

e8ef0f09624ee65326dc854fdab40be2ab4885ff8ff314879f2e056803a0cded4594761c3d4daedde0e1de567c717bd9b86e1327a5be429031cbd4b931427091
SSDEEP

6144:WOKNJAg1jsaISih0MTFLXPDxU9z/W4J6+5:ZKNJdjsa1+rPWz+4V5

Score

1^/10

Malware Config

Signatures

Files

1352c738beb40554b9e3b6442bd9a53f_JaffaCakes118
.exe windows:1 windows x86 arch:x86

f3b91a7db5b9d6b53ecc212467248290

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7a:af:d6:99:03:92:6a:49:e3:5d:82:1a:0e:47:05:dd
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20-03-2007 00:00

Not After

19-03-2010 23:59

Subject

CN=IKARUS Software GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IKARUS Software GmbH,ST=Vienna,C=AT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a9:12:85:50:64:47:ba:f8:cf:a7:28:b2:bf:5e:2a:5a:20:05:ce:72
Signer

Actual PE Digest

a9:12:85:50:64:47:ba:f8:cf:a7:28:b2:bf:5e:2a:5a:20:05:ce:72

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GetVersionExA
CreateFileA
LocalAlloc
InterlockedExchange
RaiseException
GetFileSize
SetFilePointer
ReadFile
DisableThreadLibraryCalls
FindClose
lstrcpyA
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetLastError
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource
SizeofResource
SetLastError
WaitForSingleObject
CreateEventA
CreateThread
SetThreadPriority
CloseHandle
SetEvent
GetCurrentProcess
FlushInstructionCache
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
GetCurrentThreadId
lstrlenA
LoadLibraryA
GetProcAddress
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
FindResourceA
LoadResource
LockResource
VirtualAllocEx
lstrcmpA
LoadLibraryExA

gdi32

SelectObject
SaveDC
SetTextColor
GetObjectA
CreateFontIndirectA
RestoreDC
DeleteObject
GetDeviceCaps

user32

CallNextHookEx
GetFocus
IsChild
SetFocus
UnhookWindowsHookEx
SendMessageA
GetDC
UnregisterClassA
SetWindowsHookExA
GetKeyState
TranslateMessage
GetWindowTextA
SetWindowTextA
SetRect
GetMessagePos
MoveWindow
MessageBeep
GetParent
CreateWindowExA
GetWindow
SetWindowContextHelpId
SendDlgItemMessageA
DestroyWindow
DefWindowProcA
WinHelpA
IsIconic
ShowWindow
BringWindowToTop
PostQuitMessage
EnumChildWindows
CreateDialogParamA
EnableWindow
IsDlgButtonChecked
CheckDlgButton
LoadBitmapA
EndDialog
GetWindowLongA
PostMessageA
SetForegroundWindow
IsDialogMessageA
GetWindowRect
SetWindowPos
SetWindowLongA
GetSysColor
LoadCursorA
SetCursor
IsWindowUnicode
GetClientRect
ChildWindowFromPoint
DispatchMessageA

advapi32

RegEnumKeyA
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ole32

CLSIDFromString
CoTaskMemFree
StringFromGUID2
CreateStreamOnHGlobal
CoCreateInstance

wininet

DeleteUrlCacheEntryW
DeleteUrlCacheEntryA

olesvr32

OleRegisterServer
SendDataMsg

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.icode
Size: 6KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3b91a7db5b9d6b53ecc212467248290

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

7a:af:d6:99:03:92:6a:49:e3:5d:82:1a:0e:47:05:ddCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

a9:12:85:50:64:47:ba:f8:cf:a7:28:b2:bf:5e:2a:5a:20:05:ce:72Signer

Headers

File Characteristics

Imports

kernel32

gdi32

user32

advapi32

ole32

wininet

olesvr32

Sections

.text Size: 16KB - Virtual size: 16KB

.bss Size: 512B - Virtual size: 4KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 160KB - Virtual size: 295KB

.icode Size: 6KB - Virtual size: 179KB

.rsrc Size: 18KB - Virtual size: 17KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

7a:af:d6:99:03:92:6a:49:e3:5d:82:1a:0e:47:05:dd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

a9:12:85:50:64:47:ba:f8:cf:a7:28:b2:bf:5e:2a:5a:20:05:ce:72
Signer

.text
Size: 16KB - Virtual size: 16KB

.bss
Size: 512B - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 160KB - Virtual size: 295KB

.icode
Size: 6KB - Virtual size: 179KB

.rsrc
Size: 18KB - Virtual size: 17KB