13561278a40bcfc7cdcb92f90bbf044f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

13561278a40bcfc7cdcb92f90bbf044f_JaffaCakes118
Size

117KB
MD5

13561278a40bcfc7cdcb92f90bbf044f
SHA1

ee916652a8917b0a67205b3172ed1b79df41fab5
SHA256

ae7c643b2c13c61a6cb578bffa3f71c396ac036402430d6c352643745d35f7bb
SHA512

657e0463fe35d762bd46fee99f1e5bd7bf1e05ef5dd4d82a9e3b28b60d6c8a8a0a034318797ba08f01476f4ec447081a28a2b6760c94978e1948c81f4212418e
SSDEEP

3072:t4kHtEN476CHd6kqr8h26jEGcWmrjy7zb4/r:ekHt+4GCHd6Z8RjYjyXor

Score

1^/10

Malware Config

Signatures

Files

13561278a40bcfc7cdcb92f90bbf044f_JaffaCakes118
.exe windows:1 windows x86 arch:x86

826c190f07bd1f4c41749a101e4f1273

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:0f:11:f1:24:a7:3b:de:cc:41:25:98:45:a8:a7:73
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/04/2010, 00:00

Not After

09/04/2011, 23:59

Subject

CN=TrustPort,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TrustPort,L=Brno,ST=Morava,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

12:fa:20:fe:a8:2a:0d:b8:f1:ef:7c:33:b4:de:cc:83:a7:a2:90:10
Signer

Actual PE Digest

12:fa:20:fe:a8:2a:0d:b8:f1:ef:7c:33:b4:de:cc:83:a7:a2:90:10

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAlloc
EnumTimeFormatsW
SetEvent
CreateFileMappingA
CreateNamedPipeW
GetNamedPipeInfo
ReadDirectoryChangesW
GetSystemDefaultLangID
GetCPInfo
GetTempFileNameA
GetTickCount
FindResourceA
CreateMutexW
LocalFree
CompareStringW
IsBadWritePtr
GetCurrentProcess
lstrlen
VirtualAlloc
GetStringTypeA
IsBadStringPtrA
GetThreadLocale
LoadLibraryA
SetCurrentDirectoryW
ConnectNamedPipe
IsDebuggerPresent
GetNumberFormatA
GetVolumeInformationW
FileTimeToLocalFileTime
CopyFileA
GetOEMCP
GetWindowsDirectoryA
GetEnvironmentStringsW
MoveFileA
WaitForSingleObject
lstrcmpi
lstrcmp
GetLongPathNameW
GetSystemInfo
GetDiskFreeSpaceW

user32

CharUpperA
CallWindowProcA
GetSystemMetrics
GetWindowLongA
SetWindowRgn
CopyAcceleratorTableA
DestroyCursor
RegisterClassExW
GetCaretPos
FindWindowA
FindWindowW
CallWindowProcW
DrawIcon
LoadMenuIndirectW
EnableMenuItem
GetMenuStringA
DestroyMenu
mouse_event
GetClassLongW
ArrangeIconicWindows
wvsprintfW
CheckRadioButton
InsertMenuW
IsWindow
IsDlgButtonChecked
GetMenuItemInfoA
LoadMenuA
EnumDesktopsW
EnumDesktopWindows
GetDlgItemTextW
CheckMenuItem
SetDlgItemTextW
SetCursor
CreateDialogIndirectParamW
GetDlgItem

gdi32

CreateScalableFontResourceA
GetGlyphOutlineW
EqualRgn
CopyMetaFileA
RemoveFontResourceExW
SetWindowOrgEx
PolylineTo
ColorMatchToTarget
AddFontResourceW
GetEnhMetaFileA
GetCharWidthFloatA
RemoveFontMemResourceEx
GetTextColor
TranslateCharsetInfo
CreateFontIndirectExA

advapi32

RegQueryInfoKeyW
RegQueryValueExW

shell32

StrRStrIA
StrChrA
Shell_NotifyIcon
ShellExecuteExW
StrNCmpA
DuplicateIcon
SHBrowseForFolder
StrStrIA

comdlg32

GetFileTitleW

opengl32

glColor4fv
glGetTexParameteriv
glTexCoord1dv
glRectd
glGetDoublev
glClearStencil
glGetTexEnviv
glVertex4dv

winmm

auxSetVolume
mciGetDeviceIDA
mciSendStringW

crypt32

I_CryptUnregisterSmartCardStore
RegQueryInfoKeyU
CertVerifyValidityNesting
CertFindSubjectInCTL
I_CryptGetOssGlobal
CertAddEncodedCertificateToSystemStoreA
CertFindCRLInStore
CertAddEncodedCertificateToStore
CryptEncryptMessage
CertRegisterSystemStore
CertRemoveStoreFromCollection

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.9)
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.`
Size: 1024B - Virtual size: 39KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.!?
Size: 1024B - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.|{G0
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.7{
Size: 1024B - Virtual size: 26KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.={44R@
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

826c190f07bd1f4c41749a101e4f1273

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:0f:11:f1:24:a7:3b:de:cc:41:25:98:45:a8:a7:73Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

12:fa:20:fe:a8:2a:0d:b8:f1:ef:7c:33:b4:de:cc:83:a7:a2:90:10Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comdlg32

opengl32

winmm

crypt32

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 3KB

.9) Size: 1024B - Virtual size: 3KB

.` Size: 1024B - Virtual size: 39KB

.!? Size: 1024B - Virtual size: 23KB

.|{G0 Size: 11KB - Virtual size: 10KB

.7{ Size: 1024B - Virtual size: 26KB

.={44R@ Size: 1024B - Virtual size: 2KB

.rsrc Size: 73KB - Virtual size: 73KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:0f:11:f1:24:a7:3b:de:cc:41:25:98:45:a8:a7:73
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

12:fa:20:fe:a8:2a:0d:b8:f1:ef:7c:33:b4:de:cc:83:a7:a2:90:10
Signer

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 3KB

.9)
Size: 1024B - Virtual size: 3KB

.`
Size: 1024B - Virtual size: 39KB

.!?
Size: 1024B - Virtual size: 23KB

.|{G0
Size: 11KB - Virtual size: 10KB

.7{
Size: 1024B - Virtual size: 26KB

.={44R@
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 73KB - Virtual size: 73KB