2b4c4aadc08c8db889fe2a7602139149_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b4c4aadc08c8db889fe2a7602139149_JaffaCakes118
Size

149KB
MD5

2b4c4aadc08c8db889fe2a7602139149
SHA1

30e0150b77060e29864da25cc4adcb315350f053
SHA256

a93bd8b27de067497bc271edc32d4ef5c5c019cefe1c5242485a84c16ed817eb
SHA512

93281f9392332cd475cb754a98ad15a8eb2a3aabf9a83ec9e34ddd34815dc416bb45a1262290c9cc657018acdcf666937f5b77893667946878e488cd94d28589
SSDEEP

3072:erciyF94NYWcMojZy2gmNid6Fl2E3SDaio:e0uXjewjmNid6FlZ3SDav

Score

1^/10

Malware Config

Signatures

Files

2b4c4aadc08c8db889fe2a7602139149_JaffaCakes118
.exe windows:3 windows x86 arch:x86

8435aab8dba79952d85014280c429d46

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:ef:4f:72:14:93:67:bc:c7:77:5d:00:00:90:9c:1d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

29/01/2010, 00:00

Not After

30/01/2012, 23:59

Subject

CN=VIRUSBLOKADA LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=VIRUSBLOKADA LTD.,L=Minsk,ST=none,C=BY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:b5:3f:24:a4:6a:b6:89:c8:51:5f:01:1a:ac:1c:ff:1a:86:ea:ff
Signer

Actual PE Digest

4d:b5:3f:24:a4:6a:b6:89:c8:51:5f:01:1a:ac:1c:ff:1a:86:ea:ff

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingA
GlobalFindAtomW
GlobalAlloc
SetCurrentDirectoryW
DisconnectNamedPipe
FindResourceW
lstrcmpi
GetAtomNameW
lstrcmpA
InitializeCriticalSection
GetStringTypeA
GetProcessHeaps
GetLogicalDriveStringsA
GetFullPathNameA
GetEnvironmentVariableA
SetEvent
CreateMutexA
FreeLibrary
GetExitCodeProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
WaitForMultipleObjects
GetShortPathNameA
EnumTimeFormatsW
GetLogicalDriveStringsW
TlsAlloc
CreateMailslotA
GetNamedPipeInfo
RemoveDirectoryA
GetVersionExW
EnumDateFormatsA
QueryPerformanceFrequency
VirtualAlloc
lstrlen
CreateMailslotW
IsBadReadPtr
GetOEMCP
EnumDateFormatsW
lstrcpyn

user32

MonitorFromWindow
LoadMenuIndirectA
CreatePopupMenu
WaitMessage
SetWindowTextA
OffsetRect
DefFrameProcW
InvalidateRect
GetClassLongW
DrawTextW
CreateAcceleratorTableW
SetFocus
GetDlgItem
GetClassNameW
AppendMenuA
LoadImageA
EnumDesktopWindows
EnableWindow
GetClientRect
RegisterWindowMessageA
GetClassLongA

gdi32

ExtEscape
GetGlyphOutlineA
SetPixelFormat
GetCharWidth32W
CreateDCA
CreateICW
SetViewportExtEx
PolylineTo
CreateRectRgn
CreatePatternBrush

advapi32

RegDeleteKeyW
RegQueryInfoKeyA

shell32

SHGetSpecialFolderPathW

shlwapi

PathFileExistsW

comctl32

ImageList_SetImageCount
ImageList_AddMasked

setupapi

SetupDiGetHwProfileFriendlyNameExW
SetupCloseFileQueue
pSetupGetField
SetupInstallFileW
CM_Query_Arbitrator_Free_Size_Ex
CM_Get_Hardware_Profile_InfoW
SetupDiGetINFClassW
SetupDiDestroyDeviceInfoList
SetupDiGetActualSectionToInstallExA
SetupDiGetDeviceInstallParamsA

version

GetFileVersionInfoA

wininet

InternetSetCookieW
InternetAutodial

urlmon

URLOpenStreamA
CoInternetCombineUrl
RegisterMediaTypes

Sections

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.p65
Size: 1024B - Virtual size: 43KB

IMAGE_SCN_MEM_READ

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.5BQaj
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_MEM_READ

.Bsu
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.03m67
Size: 1024B - Virtual size: 16KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.w477
Size: 1024B - Virtual size: 23KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.AX07
Size: 1024B - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sF5x
Size: 1024B - Virtual size: 15KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.q4
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8435aab8dba79952d85014280c429d46

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

2b:ef:4f:72:14:93:67:bc:c7:77:5d:00:00:90:9c:1dCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

4d:b5:3f:24:a4:6a:b6:89:c8:51:5f:01:1a:ac:1c:ff:1a:86:ea:ffSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

comctl32

setupapi

version

wininet

urlmon

Sections

.rdata Size: 3KB - Virtual size: 2KB

.p65 Size: 1024B - Virtual size: 43KB

.text Size: 11KB - Virtual size: 11KB

.5BQaj Size: 1KB - Virtual size: 25KB

.Bsu Size: 1024B - Virtual size: 4KB

.03m67 Size: 1024B - Virtual size: 16KB

.w477 Size: 1024B - Virtual size: 23KB

.AX07 Size: 1024B - Virtual size: 34KB

.sF5x Size: 1024B - Virtual size: 15KB

.q4 Size: 1024B - Virtual size: 4KB

.data Size: 14KB - Virtual size: 20KB

.rsrc Size: 104KB - Virtual size: 103KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

2b:ef:4f:72:14:93:67:bc:c7:77:5d:00:00:90:9c:1d
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

4d:b5:3f:24:a4:6a:b6:89:c8:51:5f:01:1a:ac:1c:ff:1a:86:ea:ff
Signer

.rdata
Size: 3KB - Virtual size: 2KB

.p65
Size: 1024B - Virtual size: 43KB

.text
Size: 11KB - Virtual size: 11KB

.5BQaj
Size: 1KB - Virtual size: 25KB

.Bsu
Size: 1024B - Virtual size: 4KB

.03m67
Size: 1024B - Virtual size: 16KB

.w477
Size: 1024B - Virtual size: 23KB

.AX07
Size: 1024B - Virtual size: 34KB

.sF5x
Size: 1024B - Virtual size: 15KB

.q4
Size: 1024B - Virtual size: 4KB

.data
Size: 14KB - Virtual size: 20KB

.rsrc
Size: 104KB - Virtual size: 103KB