42a30bf22f59038e8cc55e0ae3469fa6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42a30bf22f59038e8cc55e0ae3469fa6_JaffaCakes118
Size

89KB
MD5

42a30bf22f59038e8cc55e0ae3469fa6
SHA1

5de8dc453728acef920363d335ce0cfb5fe8b18f
SHA256

df9263c0c8e79b49a5be38fee613b2fa1a137ae5d05d17f89976a5d43fca5073
SHA512

987f02188fc6770dfc650ca644d9dfd20ebfa443adb5967d2869c101c98b2b61f497fa8474f640e40e5d9dac40db9d9b41ac223e9830e02ab3fc895e52557da0
SSDEEP

1536:mJY/ogLaWDpLKa6p2GF+LK2TFTthf5CeJ88rVoIDvdrL2QCU4178I:mJY/ozQpLKaOuDNthx28ZbpOQCd73

Score

1^/10

Malware Config

Signatures

Files

42a30bf22f59038e8cc55e0ae3469fa6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a906aec2ab84bb93fb3d24215a03e235

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

03/12/2001, 00:00

Not After

02/12/2011, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2001 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

19:d4:d7:6d:34:c4:b6:0d:e8:b9:d6:c6:b3:19:36:7f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2001 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Not Before

27/02/2004, 00:00

Not After

26/02/2005, 23:59

Subject

CN=USA Revco,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Clear Search,O=USA Revco,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

lz32

LZCopy
LZOpenFileA
LZClose

wininet

InternetGetConnectedState
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

kernel32

IsBadReadPtr
SetUnhandledExceptionFilter
CreateFileA
FlushFileBuffers
SetStdHandle
GetEnvironmentStringsW
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryA
IsBadCodePtr
FormatMessageA
FindClose
FindNextFileA
FindFirstFileA
CopyFileA
GetEnvironmentStrings
FreeEnvironmentStringsW
CompareStringA
GetCPInfo
CompareStringW
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
SetEndOfFile
Sleep
GetFullPathNameA
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
LCMapStringW
HeapFree
HeapAlloc
RtlUnwind
DeleteFileA
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetDriveTypeA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
ExitProcess
TerminateProcess
GetCurrentProcess
RemoveDirectoryA
CreateDirectoryA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
CloseHandle
ReadFile
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
WriteFile
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA

user32

GetDC

gdi32

GetDeviceCaps

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

ole32

CoCreateGuid

Sections

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a906aec2ab84bb93fb3d24215a03e235

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

19:d4:d7:6d:34:c4:b6:0d:e8:b9:d6:c6:b3:19:36:7fCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

version

lz32

wininet

kernel32

user32

gdi32

advapi32

ole32

Sections

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 77KB - Virtual size: 82KB

.rsrc Size: 1024B - Virtual size: 944B

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

6d:a2:7a:e9:29:2e:b6:dd:c0:a8:00:1d:47:6e:3b:69
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

19:d4:d7:6d:34:c4:b6:0d:e8:b9:d6:c6:b3:19:36:7f
Certificate

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 77KB - Virtual size: 82KB

.rsrc
Size: 1024B - Virtual size: 944B