41541a4dbe128f5c0539347c51beb836_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

41541a4dbe128f5c0539347c51beb836_JaffaCakes118
Size

2.3MB
MD5

41541a4dbe128f5c0539347c51beb836
SHA1

e688bff948b7937c00b7c84efaea116eaccbce27
SHA256

12f407ac9bc6af3d2ca91f2b755d06323f92db191f04fb623d1bae2a3d674ef7
SHA512

67224952a8b71efc9694db382d4dc0e27e2f2fd42be0155e38c88e97f5180ced6c9b06ffc6c0628724b1d3a8b00793ff898428520793bd6e6eb0b652381b4582
SSDEEP

49152:OOvypJzPAVFGYfK054gT282o+GkNNBsYQJx6gidht9yKOMeAWYPtBeRnGY:OOvGJzd2P+GKs9Jx6Rt9WLnGY

Score

1^/10

Malware Config

Signatures

Files

41541a4dbe128f5c0539347c51beb836_JaffaCakes118
.exe windows:4 windows x86 arch:x86

898dc332e04da449d13b14b1a021e7a4

Code Sign

03:a7:a5:d4:8c:8a:b3:dd:b7:36:d4:85:3d:e3:40:1f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

01/06/2012, 00:00

Not After

09/07/2015, 23:59

Subject

CN=Notable Solutions\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Notable Solutions\, Inc.,L=Rockville,ST=Maryland,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c0:72:34:ad:e6:ce:e5:e5:fa:2b:60:0b:89:b4:95:2e:90:f2:2f:0f
Signer

Actual PE Digest

c0:72:34:ad:e6:ce:e5:e5:fa:2b:60:0b:89:b4:95:2e:90:f2:2f:0f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryA
WaitForSingleObject
GetCurrentDirectoryW
SetEndOfFile
GetStringTypeW
GetStringTypeA
LoadLibraryA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetCPInfo
CreateProcessA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
FlushFileBuffers
SetStdHandle
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
MultiByteToWideChar
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
WideCharToMultiByte
HeapFree
GetProcAddress
GetLastError
LocalFree
SetFileTime
LocalFileTimeToFileTime
GetFullPathNameW
GetFullPathNameA
GetTempPathW
GetTempPathA
GetModuleFileNameW
DeleteFileW
DeleteFileA
SetFilePointer
GetFileAttributesW
CreateDirectoryW
SetCurrentDirectoryW
SetCurrentDirectoryA
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryA
SetFileAttributesA
GetFileAttributesA
CreateFileA
Sleep
GetTickCount
GetACP
GetOEMCP
FormatMessageA
GetModuleFileNameA
GetCurrentThreadId
CloseHandle
GetFileTime
ReadFile
WriteFile
GetFileSize
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
GetVersionExA
CreateFileW
RtlUnwind
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
GetTimeZoneInformation
HeapReAlloc
HeapAlloc
HeapSize
GetExitCodeProcess

user32

PostMessageA
SetTimer
GetDlgItemTextA
LoadStringA
DefWindowProcA
DestroyWindow
BeginPaint
EndPaint
GetDlgItemTextW
SetWindowTextW
MoveWindow
SetDlgItemTextW
EnableWindow
EndDialog
PostQuitMessage
MessageBoxW
GetDesktopWindow
GetWindowRect
CopyRect
OffsetRect
SetWindowPos
CreateWindowExW
DialogBoxParamW
LoadCursorA
RegisterClassExW
LoadStringW
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
GetDlgItem
SendMessageA
SetDlgItemTextA

shell32

ShellExecuteExW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc

advapi32

CryptAcquireContextA
CryptReleaseContext
CryptGenRandom

Sections

.text
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

898dc332e04da449d13b14b1a021e7a4

Code Sign

03:a7:a5:d4:8c:8a:b3:dd:b7:36:d4:85:3d:e3:40:1fCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

c0:72:34:ad:e6:ce:e5:e5:fa:2b:60:0b:89:b4:95:2e:90:f2:2f:0fSigner

Headers

File Characteristics

Imports

kernel32

user32

shell32

advapi32

Sections

.text Size: 316KB - Virtual size: 315KB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 92KB - Virtual size: 109KB

.rsrc Size: 8KB - Virtual size: 7KB

03:a7:a5:d4:8c:8a:b3:dd:b7:36:d4:85:3d:e3:40:1f
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

c0:72:34:ad:e6:ce:e5:e5:fa:2b:60:0b:89:b4:95:2e:90:f2:2f:0f
Signer

.text
Size: 316KB - Virtual size: 315KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 92KB - Virtual size: 109KB

.rsrc
Size: 8KB - Virtual size: 7KB