3fa661c6a698f052ff09cd5919c7aa71_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3fa661c6a698f052ff09cd5919c7aa71_JaffaCakes118
Size

518KB
MD5

3fa661c6a698f052ff09cd5919c7aa71
SHA1

0accba460b76789d551471e42a277822ec28537f
SHA256

6dd616f6316b998cb6ffae5c02d1fe27324f2ab53373302858c13d115c700ad9
SHA512

58b26e10d5c49a902ae39a9839502fd079e1e765d5dce225ec86d20f7a0d15e98f8cedf358105b0ee149c780ce83521b931e03227656465dcf6864314303d74c
SSDEEP

12288:9e6+1aFSTuFYxPJ7wHbl1Y/UHR8VQpbuMD28O5IzuIRsjhX6Ac:9et1oSiihJ7wHY/UyabRD2H5Km4

Score

1^/10

Malware Config

Signatures

Files

3fa661c6a698f052ff09cd5919c7aa71_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cf156cc673eaacb9d95216b08f6a3b76

Code Sign

62:60:a3:5c:a2:ed:3b:8c:b8:f2:de:ab:47:40:eb:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/01/2013, 00:00

Not After

26/03/2014, 23:59

Subject

CN=Source Medical Solutions Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Source Medical Solutions Inc.,L=Birmingham,ST=Alabama,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

15:d4:0b:8c:64:c0:3b:1b:40:73:05:ba:32:13:4e:f5:58:3c:ce:02
Signer

Actual PE Digest

15:d4:0b:8c:64:c0:3b:1b:40:73:05:ba:32:13:4e:f5:58:3c:ce:02

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

GetSubMenu
IsWinEventHookInstalled
GetRawInputData
IsWindowEnabled
IsWindowInDestroy
IsWindowUnicode
IsWindowVisible
LockWindowUpdate
BuildReasonArray
CascadeWindows
ToAscii
ToUnicode
IsGUIThread
OemToCharW
OffsetRect
OpenInputDesktop
MapVirtualKeyExA
TranslateMessage
MoveWindow
HideCaret
SetRectEmpty
IntersectRect
GetCaretPos
GetWindowWord
FlashWindow
ReleaseDC
GetAncestor
InsertMenuW
GetWindowRgn
IsWindowVisible
ShowCursor
GetWindowDC
GetWindowInfo
GetUpdateRect
GetUpdateRgn

uniplat

AllocateOverStructEx

esent

JetAddColumn
JetAttachDatabase
JetAttachDatabase2
JetEscrowUpdate
JetExternalRestore
JetExternalRestore2
JetGetColumnInfo
JetBackupInstance
JetBeginExternalBackup

kernel32

GetLastError
CreateFileA
GetWindowsDirectoryA
GetTickCount
IsValidLocale
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetTickCount
_lread
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
GetTempPathW
OpenThread
GetDevicePowerState
GetDiskFreeSpaceA
GetDriveTypeA
OutputDebugStringW
GetTimeFormatA
GetTimeFormatW

Sections

.text
Size: 15KB - Virtual size: 19KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 290KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 489KB - Virtual size: 496KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cf156cc673eaacb9d95216b08f6a3b76

Code Sign

62:60:a3:5c:a2:ed:3b:8c:b8:f2:de:ab:47:40:eb:36Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

15:d4:0b:8c:64:c0:3b:1b:40:73:05:ba:32:13:4e:f5:58:3c:ce:02Signer

Headers

File Characteristics

Imports

user32

uniplat

esent

kernel32

Sections

.text Size: 15KB - Virtual size: 19KB

.data Size: 6KB - Virtual size: 290KB

.rsrc Size: 489KB - Virtual size: 496KB

62:60:a3:5c:a2:ed:3b:8c:b8:f2:de:ab:47:40:eb:36
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

15:d4:0b:8c:64:c0:3b:1b:40:73:05:ba:32:13:4e:f5:58:3c:ce:02
Signer

.text
Size: 15KB - Virtual size: 19KB

.data
Size: 6KB - Virtual size: 290KB

.rsrc
Size: 489KB - Virtual size: 496KB