3d02dc591641b2e9d091330904cfeab0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3d02dc591641b2e9d091330904cfeab0_JaffaCakes118
Size

131KB
MD5

3d02dc591641b2e9d091330904cfeab0
SHA1

550529944515f9fe030984a8cced5caa8c7174c6
SHA256

14c32786b0158876e23b91bf0d3af68774fa7d264a3e33aa74132a4566612798
SHA512

5325e3c5f6231b8b9e3802ed959301782bfa2a84ba95d3456c4276bb116995f02abae298d879aa9a408ca00c2084d773a612420a76c683a5b8e4b5d7ff0be7d9
SSDEEP

3072:54WFjeu1HV5Yanmz+Hi5wTBf25xt3T888888888888W88888888888x:54WIu/e5wTB+5xp888888888888W888R

Score

1^/10

Malware Config

Signatures

Files

3d02dc591641b2e9d091330904cfeab0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d5fa0ef59eeef2e6e5bc7e57d098f39f

Code Sign

32:c9:9d:1b:41:4f:21:4c:be:eb:b4:c4:aa:b2:c8:b6
Certificate

Issuer

CN=DownBook,1.2.840.113549.1.9.1=#0c117465616d40646f776e626f6f6b2e636f6d

Not Before

13-06-2013 16:20

Not After

31-12-2039 23:59

Subject

CN=DownBook,1.2.840.113549.1.9.1=#0c117465616d40646f776e626f6f6b2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c7:a9:ae:fe:df:86:68:52:26:e1:ca:4b:1d:45:8f:ee:b8:4e:44:17
Signer

Actual PE Digest

c7:a9:ae:fe:df:86:68:52:26:e1:ca:4b:1d:45:8f:ee:b8:4e:44:17

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

user32

LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
TranslateMessage
ShowWindow
SendMessageW
PostMessageW
GetSystemMetrics
GetMessageW
GetDC
DispatchMessageW
CharUpperBuffW

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WaitForSingleObject
VirtualProtect
VirtualFree
VirtualAlloc
SignalObjectAndWait
SetEvent
ResetEvent
MultiByteToWideChar
LoadLibraryW
IsBadReadPtr
HeapFree
HeapAlloc
GetVersionExW
GetThreadLocale
GetProcessHeap
GetProcAddress
GetModuleHandleW
GetLocaleInfoW
GetDiskFreeSpaceW
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
EnumCalendarInfoW
CreateThread
CreateEventW
CloseHandle
Sleep

wininet

InternetReadFile
InternetOpenUrlW
HttpQueryInfoW
InternetOpenW
InternetSetOptionW
InternetCloseHandle

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5fa0ef59eeef2e6e5bc7e57d098f39f

Code Sign

32:c9:9d:1b:41:4f:21:4c:be:eb:b4:c4:aa:b2:c8:b6Certificate

Extended Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

c7:a9:ae:fe:df:86:68:52:26:e1:ca:4b:1d:45:8f:ee:b8:4e:44:17Signer

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

wininet

Sections

.text Size: 53KB - Virtual size: 53KB

.itext Size: 1024B - Virtual size: 852B

.data Size: 14KB - Virtual size: 14KB

.bss Size: - Virtual size: 19KB

.idata Size: 3KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.rsrc Size: 49KB - Virtual size: 49KB

32:c9:9d:1b:41:4f:21:4c:be:eb:b4:c4:aa:b2:c8:b6
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

c7:a9:ae:fe:df:86:68:52:26:e1:ca:4b:1d:45:8f:ee:b8:4e:44:17
Signer

.text
Size: 53KB - Virtual size: 53KB

.itext
Size: 1024B - Virtual size: 852B

.data
Size: 14KB - Virtual size: 14KB

.bss
Size: - Virtual size: 19KB

.idata
Size: 3KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.rsrc
Size: 49KB - Virtual size: 49KB