282858fc4e28c6faaf01abc28050a3a4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

282858fc4e28c6faaf01abc28050a3a4_JaffaCakes118
Size

188KB
MD5

282858fc4e28c6faaf01abc28050a3a4
SHA1

056ba35aee0c1bf73fc838b5334682588d653816
SHA256

6797ea584669ed4ead9e04d5d86f111f2a96bc0b0b6eee2ef3b9d924c0b29c1f
SHA512

24b3b813d50716180d889dd24a7f73d4e44045fdca1ac8c17bb8af06ba4a2cf60f7d30008f87cc2f2f096d4512211744874ba01d06017986a8b7d3679efa3911
SSDEEP

3072:qZq5e2KF8J7GoWOmf/9C8BnIuqFLfK3ExPen+wCGAyulIgtIAcekfob6kcYGM3:qZ4e7Frvf/9C8BnIh3UgtIAce0ob60H

Score

1^/10

Malware Config

Signatures

Files

282858fc4e28c6faaf01abc28050a3a4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c474855b0c95a37e711ac559c1b14e8b

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:73:65:6d:25:fe:43:53:44:72:b2:db:e5:0f:f4:97
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

12/10/2006, 00:00

Not After

05/10/2007, 23:59

Subject

CN=Dell Incorporated,OU=SINGAPORE DESIGN CENTER,O=Dell Incorporated,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a9:f9:64:64:f5:14:4b:66:03:37:96:cb:68:c0:c3:62:b3:df:ac:e0
Signer

Actual PE Digest

a9:f9:64:64:f5:14:4b:66:03:37:96:cb:68:c0:c3:62:b3:df:ac:e0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
GetSystemTime
GetVersionExA
ProcessIdToSessionId
GetCurrentProcessId
GetPrivateProfileIntA
CreateFileA
_lclose
_lread
OpenFile
CloseHandle
CreateThread
Sleep
ReadFile
GetFileSize
ExpandEnvironmentStringsA
GetLocalTime
WriteFile
PeekNamedPipe
GetFileType
SystemTimeToFileTime
GetSystemTimeAsFileTime
WritePrivateProfileStringA
GetTickCount
QueryPerformanceCounter
VirtualQuery
GetSystemInfo
VirtualProtect
GetLastError
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
SetFilePointer
LCMapStringW
MultiByteToWideChar
LCMapStringA
IsBadCodePtr
IsBadReadPtr
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
GetCurrentThreadId
GetSystemDirectoryA
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetEndOfFile
GetStdHandle
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapSize
GlobalAlloc
GlobalFree
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
LoadLibraryA
lstrcmpA
lstrcpynA
CreateDirectoryA
lstrcpyA
GetProcAddress
lstrcatA
GetLocaleInfoA
lstrlenA
RtlUnwind
RaiseException
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
SetUnhandledExceptionFilter
HeapReAlloc

user32

CharNextA
CharLowerA
wsprintfA
FindWindowA
SendMessageA
PostMessageA
SetWindowTextA
DispatchMessageA
TranslateMessage
GetMessageA
SetTimer
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
ShowWindow
UpdateWindow
CharUpperBuffA
SetWindowPos
IsWindow
KillTimer
PostQuitMessage
DefWindowProcA
PeekMessageA

gdi32

GetStockObject

winspool.drv

GetPrinterDriverDirectoryA
ClosePrinter
GetPrinterA
OpenPrinterA
EndPagePrinter
WritePrinter
StartPagePrinter
StartDocPrinterA
GetPrinterDataA
EnumPrintersA
EndDocPrinter

advapi32

RegSetValueExA
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
IsValidSid
GetLengthSid
GetAce
AllocateAndInitializeSid
InitializeSecurityDescriptor
FreeSid
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCreateKeyA
RegSetValueA
RegCloseKey
RegCreateKeyExA

Sections

.text
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c474855b0c95a37e711ac559c1b14e8b

Code Sign

0aCertificate

Extended Key Usages

Key Usages

1c:73:65:6d:25:fe:43:53:44:72:b2:db:e5:0f:f4:97Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

a9:f9:64:64:f5:14:4b:66:03:37:96:cb:68:c0:c3:62:b3:df:ac:e0Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

Sections

.text Size: 136KB - Virtual size: 132KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 2KB

0a
Certificate

1c:73:65:6d:25:fe:43:53:44:72:b2:db:e5:0f:f4:97
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

a9:f9:64:64:f5:14:4b:66:03:37:96:cb:68:c0:c3:62:b3:df:ac:e0
Signer

.text
Size: 136KB - Virtual size: 132KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 2KB