3eb148d45bc93a82cbfe269a871238e4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3eb148d45bc93a82cbfe269a871238e4_JaffaCakes118
Size

884KB
MD5

3eb148d45bc93a82cbfe269a871238e4
SHA1

d5355896a2f36ab12ae901fcced32a19c215d360
SHA256

b13de621a6a72f50fdc1f43ba80a21a1e41cc0b1d5a22010b171fbd7117931d3
SHA512

8853f1b37284d74f2fcd79b817f7de7931143c0a34c2101af2238cba822c60453c149878b72f6be43431ef09d70a589f2a6ab58aa849f50720e4e7be8f2fe56d
SSDEEP

12288:chYC63KIUqUROVrTj6fsD3KdeVbf1xGabbCic68FzbusGqn6fqfpbyn:QjUzyIrTOn+Ga3Xc68F2sG+6Kpbi

Score

1^/10

Malware Config

Signatures

Files

3eb148d45bc93a82cbfe269a871238e4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cb4e23abd08450185a6dc8c94610b212

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:b2:01:f4:74:ed:90:d0:62:7d:ba:2d:61:1f:9c:4c
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/07/2010, 00:00

Not After

30/07/2011, 23:59

Subject

CN=eFolder Inc,O=eFolder Inc,POSTALCODE=30341,STREET=Suite 100+STREET=2340 Perimeter Park Dr,L=Atlanta,ST=GA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f0:19:6f:b6:48:5a:ae:9e:71:d9:81:90:33:7d:36:0e:b9:53:b2:3f
Signer

Actual PE Digest

f0:19:6f:b6:48:5a:ae:9e:71:d9:81:90:33:7d:36:0e:b9:53:b2:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\eFS\dev\trunk\eFolder\eFolder\output\app-updater.pdb

Imports

kernel32

InterlockedDecrement
GetCurrentThreadId
LoadLibraryA
GetModuleHandleA
GetVersionExA
TlsSetValue
TlsAlloc
TlsFree
FreeLibrary
TlsGetValue
SetLastError
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
SetEndOfFile
LocalFree
FindClose
GetTickCount
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
FormatMessageA
InterlockedIncrement
GetFileAttributesA
GetStdHandle
ReadFile
SetEvent
WriteFile
WritePrivateProfileStringA
GetPrivateProfileStringA
GetWindowsDirectoryA
GetSystemDirectoryA
lstrlenA
CompareStringA
GetVersion
GetFullPathNameA
GetDriveTypeA
SetConsoleMode
ReadConsoleInputA
FindFirstFileA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetCommandLineA
OutputDebugStringA
Sleep
CreateProcessA
GetExitCodeProcess
GetModuleFileNameA
CloseHandle
GetLastError
MoveFileExW
InterlockedExchange
GetCurrentDirectoryA
SetEnvironmentVariableA
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetStringTypeA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
GetOEMCP
GetConsoleMode
GetConsoleCP
SetHandleCount
HeapSize
ExitProcess
GetFileType
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
GetACP
GetLocaleInfoA
GetThreadLocale
HeapAlloc
HeapFree
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
VirtualAlloc
RtlUnwind
GetSystemTimeAsFileTime
SetFilePointer
SetStdHandle
FlushFileBuffers
GetProcessHeap
GetStartupInfoA
SetConsoleCtrlHandler
LCMapStringA
VirtualFree
HeapDestroy
HeapCreate

advapi32

DeregisterEventSource
RegisterEventSourceA
ReportEventA

user32

IsWindow
BroadcastSystemMessageA
RegisterWindowMessageA
WaitForInputIdle
CharLowerA
MessageBoxA
GetDesktopWindow
GetUserObjectInformationW
GetProcessWindowStation

ws2_32

WSAGetLastError
shutdown
closesocket
htonl
select
recv
WSASetLastError
ntohl
send

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
VarUdateFromDate

Sections

.text
Size: 596KB - Virtual size: 592KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb4e23abd08450185a6dc8c94610b212

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

09:b2:01:f4:74:ed:90:d0:62:7d:ba:2d:61:1f:9c:4cCertificate

Extended Key Usages

Key Usages

f0:19:6f:b6:48:5a:ae:9e:71:d9:81:90:33:7d:36:0e:b9:53:b2:3fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

ws2_32

oleaut32

Sections

.text Size: 596KB - Virtual size: 592KB

.rdata Size: 212KB - Virtual size: 210KB

.data Size: 64KB - Virtual size: 80KB

.rsrc Size: 4KB - Virtual size: 2KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

09:b2:01:f4:74:ed:90:d0:62:7d:ba:2d:61:1f:9c:4c
Certificate

f0:19:6f:b6:48:5a:ae:9e:71:d9:81:90:33:7d:36:0e:b9:53:b2:3f
Signer

.text
Size: 596KB - Virtual size: 592KB

.rdata
Size: 212KB - Virtual size: 210KB

.data
Size: 64KB - Virtual size: 80KB

.rsrc
Size: 4KB - Virtual size: 2KB