General

Malware Config

Signatures

Files

• 138b5cc8e7dcd60fbdb99898982ed606_JaffaCakes118

  .exe windows:5 windows x86 arch:x86

  e0657f98e7da40eb9553ce9a7219693b

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  07-06-2005 08:09

  Not After

  30-05-2020 10:48

  Subject

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb

  Certificate

  Issuer

  CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

  Not Before

  24-08-2011 00:00

  Not After

  30-05-2020 10:48

  Subject

  CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  7a:bd:e8:29:d4:24:4a:da:77:ee:42:c7:a7:0c:0f:a3

  Certificate

  Issuer

  CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  30-07-2012 00:00

  Not After

  30-07-2013 23:59

  Subject

  CN=ReSoft LTD.,O=ReSoft LTD.,POSTALCODE=64356,STREET=4th Hanevi'im,L=Tel Aviv,ST=Israel,C=IL

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  42:41:f9:9a:3f:7d:8f:5d:e1:03:91:70:e7:a8:c5:ee:10:06:01:ee

  Signer

  Actual PE Digest

  42:41:f9:9a:3f:7d:8f:5d:e1:03:91:70:e7:a8:c5:ee:10:06:01:ee

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  rpcrt4

  UuidToStringW

  kernel32

  GetCommandLineW

  Sleep

  ReleaseMutex

  OutputDebugStringW

  CreateToolhelp32Snapshot

  Process32FirstW

  Process32NextW

  TerminateProcess

  FindFirstFileW

  WinExec

  FindClose

  RemoveDirectoryW

  GetCurrentProcess

  LocalAlloc

  CopyFileW

  MoveFileW

  GetTempFileNameW

  SetEndOfFile

  CreateFileW

  SetCurrentDirectoryW

  CreateMutexW

  GetVersionExW

  GetFileAttributesW

  FindResourceA

  CreateDirectoryW

  GetTempPathW

  CreateProcessW

  FreeLibrary

  WaitForSingleObject

  DeleteFileW

  CloseHandle

  GetProcAddress

  LoadLibraryW

  SizeofResource

  LockResource

  LoadResource

  GetLastError

  MultiByteToWideChar

  GlobalFree

  LocalFree

  GetCurrentProcessId

  FindNextFileW

  GetProcessHeap

  SetEnvironmentVariableA

  SetStdHandle

  WriteConsoleW

  IsValidLocale

  EnumSystemLocalesA

  GetTickCount

  GetLocaleInfoA

  GetUserDefaultLCID

  HeapSize

  InterlockedExchange

  LoadLibraryA

  RaiseException

  InterlockedIncrement

  InterlockedDecrement

  WideCharToMultiByte

  InterlockedCompareExchange

  GetStringTypeW

  InitializeCriticalSection

  DeleteCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  HeapFree

  GetCPInfo

  HeapReAlloc

  HeapAlloc

  GetCommandLineA

  HeapSetInformation

  GetStartupInfoW

  SetFileAttributesW

  RtlUnwind

  CompareStringW

  LCMapStringW

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  IsProcessorFeaturePresent

  HeapCreate

  GetLocaleInfoW

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetModuleHandleW

  SetLastError

  GetCurrentThreadId

  ExitProcess

  WriteFile

  GetStdHandle

  GetModuleFileNameW

  GetACP

  GetOEMCP

  IsValidCodePage

  GetConsoleCP

  GetConsoleMode

  SetHandleCount

  InitializeCriticalSectionAndSpinCount

  GetFileType

  SetFilePointer

  ReadFile

  FlushFileBuffers

  GetModuleFileNameA

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  user32

  wsprintfW

  advapi32

  RegQueryInfoKeyW

  RegDeleteValueW

  RegSetValueExW

  RegCreateKeyExW

  RegDeleteKeyW

  RegCloseKey

  RegQueryValueExW

  RegOpenKeyExW

  RegEnumValueW

  shell32

  CommandLineToArgvW

  ShellExecuteExW

  ole32

  CoCreateGuid

  version

  GetFileVersionInfoW

  GetFileVersionInfoSizeW

  VerQueryValueW

  urlmon

  URLDownloadToFileW

  Sections

  .text

  Size: 251KB - Virtual size: 250KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 61KB - Virtual size: 60KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 9KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 8.9MB - Virtual size: 8.9MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 39KB - Virtual size: 38KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ