380101013ee146550360774ffe9a1b19_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

380101013ee146550360774ffe9a1b19_JaffaCakes118
Size

174KB
MD5

380101013ee146550360774ffe9a1b19
SHA1

98657dda4736f85c9ce44f48d31d478dd3511480
SHA256

89cde1aef4ac35c92719fc129a77ea921026da2c386eb3839254c8663d33b0dd
SHA512

72555144369bf1332019b79beae67bd26442e5303da31fa28db0e3c70356e33965e607bdb67a0fabe7c2b47ec133dd0837326d99326cb9b12eca0e1b4c383b94
SSDEEP

3072:9gTAK/2KCyw/bqVkdCuCCOhqr8TcNoK4Bdew9eeni+XuQ4ZgvsX4yc:2v/2H+CQuv++uoGq+XuhZgvsjc

Score

1^/10

Malware Config

Signatures

Files

380101013ee146550360774ffe9a1b19_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a5c48d581f3876b366a91b2ea33c4308

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:24:08:6e:6e:a5:2c:12:e7:bc:11:0d:9b:49:9f:66
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

24-11-2016 00:00

Not After

03-11-2017 23:59

Subject

CN=AITI ALYANS LLC,OU=Software development,O=AITI ALYANS LLC,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8d:29:9c:62:9b:55:9d:ad:65:05:ea:5a:2d:82:6f:8f:32:bb:27:f8
Signer

Actual PE Digest

8d:29:9c:62:9b:55:9d:ad:65:05:ea:5a:2d:82:6f:8f:32:bb:27:f8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

PDB Paths

evict1.pdb

Imports

gdi32

GetObjectType
GetDeviceCaps

kernel32

lstrlenW
GetConsoleWindow
lstrcpynA
GetCommandLineW

user32

DialogBoxParamA
ShowWindow
FlashWindow
GetShellWindow
GetClassNameA
LoadBitmapW
CreateWindowExA
PaintDesktop
FillRect
LoadKeyboardLayoutA
GetMenuStringA
DrawIcon
IsCharUpperW
wsprintfA
DialogBoxIndirectParamW
GetMenuDefaultItem
MessageBoxW
ToAscii
GrayStringW
OpenWindowStationA
CharToOemBuffA
MapVirtualKeyExW
SetWindowsHookExA
EnableMenuItem
GetKBCodePage
SetClassLongA
DlgDirSelectComboBoxExW
SetPropA
InflateRect
ScrollWindowEx
AdjustWindowRectEx
RealGetWindowClassA
IsChild
ValidateRgn

comdlg32

PrintDlgA
GetFileTitleW
ChooseColorW
PageSetupDlgA
ReplaceTextA
CommDlgExtendedError
PrintDlgW
GetSaveFileNameW

msvcrt

memset

shell32

SHLoadNonloadedIconOverlayIdentifiers
DoEnvironmentSubstW
ShellExecuteW
SHInvokePrinterCommandW
ExtractIconExA
ExtractAssociatedIconW
SHGetFileInfoW
DoEnvironmentSubstA
DragQueryPoint
DragFinish
SHGetFileInfoA
SHGetDiskFreeSpaceExW
DragQueryFileW
ExtractIconA
SHEmptyRecycleBinA
Shell_NotifyIconA
ShellAboutW
DuplicateIcon
SHAppBarMessage
SHFileOperationA
DragQueryFileA

imm32

ImmGetCandidateWindow
ImmIsIME
ImmReleaseContext
ImmAssociateContextEx
ImmGetIMEFileNameA
ImmGetStatusWindowPos
ImmGetDescriptionA
ImmSetCompositionFontA
ImmGetGuideLineA
ImmRegisterWordW
ImmEnumRegisterWordW
ImmGetProperty
ImmSetOpenStatus
ImmSetStatusWindowPos
ImmEnumRegisterWordA
ImmGetConversionListA
ImmGetIMEFileNameW
ImmInstallIMEA
ImmGetImeMenuItemsW
ImmGetCandidateListCountW
ImmGetRegisterWordStyleW
ImmGetGuideLineW
ImmEnumInputContext
ImmInstallIMEW
ImmGetConversionStatus
ImmEscapeW
ImmGetImeMenuItemsA

mpr

WNetCancelConnection2A
WNetAddConnection2A
WNetGetLastErrorA
WNetCancelConnection2W
WNetGetProviderNameW
WNetOpenEnumW
WNetConnectionDialog1A
WNetAddConnectionW
WNetAddConnection3W
WNetEnumResourceW
WNetGetConnectionA
WNetOpenEnumA
WNetDisconnectDialog1W
WNetGetLastErrorW
WNetAddConnection2W
WNetUseConnectionA
WNetCancelConnectionA
WNetEnumResourceA
WNetGetResourceInformationA

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

QDRPRT
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a5c48d581f3876b366a91b2ea33c4308

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

77:24:08:6e:6e:a5:2c:12:e7:bc:11:0d:9b:49:9f:66Certificate

Extended Key Usages

Key Usages

8d:29:9c:62:9b:55:9d:ad:65:05:ea:5a:2d:82:6f:8f:32:bb:27:f8Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdi32

kernel32

user32

comdlg32

msvcrt

shell32

imm32

mpr

Sections

.text Size: 52KB - Virtual size: 50KB

QDRPRT Size: 4KB - Virtual size: 1KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 76KB - Virtual size: 73KB

.edata Size: 4KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

77:24:08:6e:6e:a5:2c:12:e7:bc:11:0d:9b:49:9f:66
Certificate

8d:29:9c:62:9b:55:9d:ad:65:05:ea:5a:2d:82:6f:8f:32:bb:27:f8
Signer

.text
Size: 52KB - Virtual size: 50KB

QDRPRT
Size: 4KB - Virtual size: 1KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 76KB - Virtual size: 73KB

.edata
Size: 4KB - Virtual size: 2KB