3701e4092cfb0142ee91a6a201307a2f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3701e4092cfb0142ee91a6a201307a2f_JaffaCakes118
Size

188KB
MD5

3701e4092cfb0142ee91a6a201307a2f
SHA1

3097149ea9cb6b59949f114be9f5e26e0ac5967d
SHA256

59740d2990825192fd6ad6029a6570ddfa286f18bb9c920c733f59102927e224
SHA512

e3744cbc87c8c3f820fe1b0f746e83450fb884c81b06151ed94060e7422d54ba2cf52061f8a4d8bfe366bcae8611be3dafc2048772a2b6c35f3669488b8d771a
SSDEEP

3072:IJWYAsJJacGd9wJs63OF37JLtQHNjKBC5CH+xF7vCww95YeoLoSqtIzp:WPJ8b2y0H8BC564ubYe5t

Score

1^/10

Malware Config

Signatures

Files

3701e4092cfb0142ee91a6a201307a2f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

36b3f9a6b1c5a6bf936487bd17689bec

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

01
Certificate

Issuer

CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c177365727665722d6365727473407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c177365727665722d6365727473407468617774652e636f6d

08:d1:35
Certificate

Issuer

CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c177365727665722d6365727473407468617774652e636f6d

Not Before

12/02/2002, 00:05

Not After

12/02/2003, 00:05

Subject

CN=InstallShield Software Corporation,OU=Research and Development,O=InstallShield Software Corporation,L=Schaumburg,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerInstallFileA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetModuleHandleA
lstrlenA
RemoveDirectoryA
DeleteFileA
GetTempPathA
FindResourceA
SetErrorMode
LeaveCriticalSection
CloseHandle
CreateThread
CreateMutexA
WaitForSingleObject
ReleaseMutex
InterlockedIncrement
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetEvent
InterlockedDecrement
CreateEventA
GetPrivateProfileStringA
OpenEventA
CreateProcessA
GetCurrentThreadId
QueryPerformanceFrequency
CreateFileA
SetFilePointer
GetFileSize
HeapAlloc
GetSystemInfo
HeapCreate
FreeLibrary
GetProcAddress
Sleep
LockResource
GetSystemDefaultLangID
MoveFileA
CreateDirectoryA
FindResourceExA
WriteFile
lstrcpyA
LoadResource
CreateFileMappingA
SizeofResource
WritePrivateProfileStringA
GetShortPathNameA
lstrcmpiA
HeapDestroy
lstrcatA
GetTickCount
GetFileAttributesA
GetTempFileNameA
GetStartupInfoA
ExitProcess
GetCommandLineA
DebugBreak
HeapReAlloc
HeapFree
FindClose
VirtualQuery
VirtualProtect
FindFirstFileA
SearchPathA
GetWindowsDirectoryA
lstrcpynA
ResetEvent
QueryPerformanceCounter
SystemTimeToFileTime
GlobalAlloc
GetCurrentProcess
GetCurrentThread
GetVersion
IsBadReadPtr
GlobalLock
GlobalUnlock
GetVersionExA
CompareStringW
CompareStringA
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
GetLastError
SetLastError
GetModuleFileNameA
UnmapViewOfFile
GlobalFree
MapViewOfFile
LoadLibraryA
ReadFile
lstrcmpA

user32

PostThreadMessageA
CharUpperA
PeekMessageA
MsgWaitForMultipleObjects
GetDesktopWindow
CreateDialogIndirectParamA
LoadStringA
CharNextA
CharLowerBuffA
GetWindowTextA
SetTimer
TranslateMessage
GetMessageA
SetActiveWindow
ShowWindow
EndDialog
SetWindowTextA
GetDlgItem
SendMessageA
SetDlgItemTextA
wsprintfA
LoadIconA
DestroyWindow
SystemParametersInfoA
SetWindowPos
CharLowerA
IsDialogMessageA
ReleaseDC
DispatchMessageA
GetDC
KillTimer
ScreenToClient
MoveWindow
SetWindowRgn
DialogBoxIndirectParamA
GetWindowRect

gdi32

GetObjectA
GetTextExtentPoint32A
LPtoDP
CreateFontIndirectA
DeleteObject

advapi32

RegSetValueExA
OpenThreadToken
OpenProcessToken
GetTokenInformation
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
AllocateAndInitializeSid
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegOpenKeyA
RegQueryValueA
FreeSid
EqualSid

ole32

CoRevokeClassObject
CoCreateInstance
CoCreateGuid
CoRegisterClassObject
CoTaskMemFree
StringFromCLSID
CoReleaseMarshalData
CoInitialize
CoGetInterfaceAndReleaseStream
CoUninitialize
StringFromGUID2
GetRunningObjectTable
CoTaskMemAlloc
CoMarshalInterThreadInterfaceInStream

oleaut32

SysAllocStringLen
SysStringLen
SysFreeString
VariantCopy
VariantClear
SysAllocString
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

$H
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

36b3f9a6b1c5a6bf936487bd17689bec

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

01Certificate

08:d1:35Certificate

Extended Key Usages

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Sections

.text Size: 50KB - Virtual size: 49KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 30KB - Virtual size: 30KB

$H Size: 92KB - Virtual size: 92KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

01
Certificate

08:d1:35
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

.text
Size: 50KB - Virtual size: 49KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 30KB - Virtual size: 30KB

$H
Size: 92KB - Virtual size: 92KB