3ac5ff1eb05945dac8b05e83e6443eaf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3ac5ff1eb05945dac8b05e83e6443eaf_JaffaCakes118
Size

65KB
MD5

3ac5ff1eb05945dac8b05e83e6443eaf
SHA1

edcdfe19152f82d08d01ffac9239c060eee6305f
SHA256

8d31f3432487baa3ff2a6be8738b4ece6120575e69b133bd36b358ee9b91dd07
SHA512

4bdf881a4b819fd7186fa7966ccdb263bb184cc6468d85a3807cb1ae8300bcc64438308fdc16669cfbaba75ba85f48dfad2ed9f9e63a7869028ad18135ce45c7
SSDEEP

768:G5GyT89tLllY0iYZRMHO3hSfMO9D2pE3Cz1zgznWOOqfDu1TLWUbC:Hysll32O3hQMO9D2pHEWOOqfDGTaQC

Score

1^/10

Malware Config

Signatures

Files

3ac5ff1eb05945dac8b05e83e6443eaf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

076601e672325215f1bc5d82adcd9ccb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

02:90:96:5e:91:33:40:cd:a6:63:4c:ef:31:f7:fd:07
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

28/09/2009, 00:00

Not After

04/11/2012, 23:59

Subject

CN=Adobe Systems\, Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Acrobat Engineering,O=Adobe Systems\, Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

51:4f:1d:3f:e6:d9:15:1d:a9:f1:c4:d6:52:93:8e:22:a8:07:cb:2f
Signer

Actual PE Digest

51:4f:1d:3f:e6:d9:15:1d:a9:f1:c4:d6:52:93:8e:22:a8:07:cb:2f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\Acro_root_atp\Acrobat\Viewer\Win\output\acrobat\PDFPrevHndlrShim.pdb

Imports

kernel32

FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
GetCurrentProcess
GetProcAddress
CloseHandle
WaitForSingleObject
Sleep
GetModuleFileNameW
CreateEventW
GetCurrentThreadId
SetEvent
GetCommandLineW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
CreateThread
lstrlenW
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

UnregisterClassA
TranslateMessage
DispatchMessageW
GetMessageW
PostThreadMessageW
CharUpperW
CharNextW

advapi32

RegQueryValueExA
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemRealloc
StringFromGUID2

oleaut32

RegisterTypeLi
UnRegisterTypeLi
SysAllocString
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
SysFreeString

msvcr80

_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
??3@YAXPAX@Z
malloc
free
memcpy_s
_CxxThrowException
wcsncpy_s
??_V@YAXPAX@Z
__CxxFrameHandler3
_recalloc
??_U@YAPAXI@Z
memset
??2@YAPAXI@Z
wcscpy_s
wcscat_s
_except_handler4_common
?terminate@@YAXXZ
_unlock
_encode_pointer
__dllonexit
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e

rpcrt4

CStdStubBuffer_QueryInterface
NdrStubForwardingFunction
NdrOleFree
NdrOleAllocate
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.orpc
Size: 4KB - Virtual size: 539B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

076601e672325215f1bc5d82adcd9ccb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

02:90:96:5e:91:33:40:cd:a6:63:4c:ef:31:f7:fd:07Certificate

Extended Key Usages

Key Usages

51:4f:1d:3f:e6:d9:15:1d:a9:f1:c4:d6:52:93:8e:22:a8:07:cb:2fSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcr80

rpcrt4

Sections

.text Size: 28KB - Virtual size: 24KB

.orpc Size: 4KB - Virtual size: 539B

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 5KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

02:90:96:5e:91:33:40:cd:a6:63:4c:ef:31:f7:fd:07
Certificate

51:4f:1d:3f:e6:d9:15:1d:a9:f1:c4:d6:52:93:8e:22:a8:07:cb:2f
Signer

.text
Size: 28KB - Virtual size: 24KB

.orpc
Size: 4KB - Virtual size: 539B

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 5KB