2eab17780d6d2fa2950eac1436cfecfe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2eab17780d6d2fa2950eac1436cfecfe_JaffaCakes118
Size

75KB
MD5

2eab17780d6d2fa2950eac1436cfecfe
SHA1

2429baa244f0089adf33c22e13e0b2e7c6ed84d4
SHA256

628a88fde83cce02d887d9dc4856ff7a05ff6f7bf295f79ab081e3f128fa0524
SHA512

0a4e9606a2a75e5f6b64658587c00a1cc74e31ab1a8beeaaa7aaa23bfd26f4ced3cf3e990407b0e222270d68d4e652b006f61bf4fc15d4502dc40fdacb2ba3d2
SSDEEP

1536:k1GC8cnG+3ONTfxXQ/lFXuVGMDDB3kmNeGvf8taaDPCz:k1OxwlFXRKB9Lf8tjC

Score

1^/10

Malware Config

Signatures

Files

2eab17780d6d2fa2950eac1436cfecfe_JaffaCakes118
.dll windows:5 windows x86 arch:x86

8ab3da1fb25567ef4ab03357e31ab8dd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:b4:0e:79:83:4b:c5:78:b8:67:5b:fc:ff:c3:26:b3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

22/09/2010, 00:00

Not After

02/10/2012, 23:59

Subject

CN=Seekmo Technologies LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Seekmo,O=Seekmo Technologies LLC,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b3:03:bb:00:84:60:bf:2e:1e:ec:d6:e1:a6:57:1e:86:9c:43:d2:02
Signer

Actual PE Digest

b3:03:bb:00:84:60:bf:2e:1e:ec:d6:e1:a6:57:1e:86:9c:43:d2:02

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\110301_153000_build_Client_Build_SkinnyBlonde_14.0.116.0\source\source_sa\Bin\Release\Setup.pdb

Imports

kernel32

SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
WideCharToMultiByte
FreeLibrary
GetProcAddress
LocalFree
FormatMessageA
LocalAlloc
GetLastError
LoadLibraryA
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
CloseHandle
OpenProcess
MultiByteToWideChar
GetModuleFileNameA
GetCurrentProcessId
FlushFileBuffers
CreateFileW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
IsProcessorFeaturePresent
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
LCMapStringW
GetStringTypeW
LoadLibraryW
GetModuleFileNameW
SetStdHandle
WriteConsoleW

user32

wsprintfA

oleaut32

SysFreeString
SysAllocStringLen

Exports

Exports

VerifySignature
VerifySignatureOnParent

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ab3da1fb25567ef4ab03357e31ab8dd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

2b:b4:0e:79:83:4b:c5:78:b8:67:5b:fc:ff:c3:26:b3Certificate

Extended Key Usages

Key Usages

b3:03:bb:00:84:60:bf:2e:1e:ec:d6:e1:a6:57:1e:86:9c:43:d2:02Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

oleaut32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

2b:b4:0e:79:83:4b:c5:78:b8:67:5b:fc:ff:c3:26:b3
Certificate

b3:03:bb:00:84:60:bf:2e:1e:ec:d6:e1:a6:57:1e:86:9c:43:d2:02
Signer

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB