576a2bde54d4a01c456e56d776635d1b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

576a2bde54d4a01c456e56d776635d1b_JaffaCakes118
Size

95KB
MD5

576a2bde54d4a01c456e56d776635d1b
SHA1

367141448d00dedda44c2d2dee7e2965ddd0da72
SHA256

6691ac8347b758f33ec71ec0a6f116d493c848a75948395fd6edee0bfc882f75
SHA512

26a266b60d738414241916cab2e4054f60df6d1b8f72df71410c0434c0f3d7cc79ee3cfb2e81b31cc98b0dea977f0db0d049546c2b5f1e1b418154f8ecc5c818
SSDEEP

1536:9izA1BhZWyNHoqE5FdGUwb+ZLOfpt71Boy1Cq:9izanZWyNLCnWSZ2pt71BoQ

Score

1^/10

Malware Config

Signatures

Files

576a2bde54d4a01c456e56d776635d1b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bdd91cc85cb69b39c4eee96d341056c0

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

67:24:34:0d:db:c7:25:2f:7f:b7:14:b8:12:a5:c0:4d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

27/11/2009, 00:00

Not After

27/11/2011, 23:59

Subject

CN=YNK JAPAN Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=YNK JAPAN Inc,L=\ Nihonbashi Kodenmachou10-6,ST=Chuo-ku,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:f9:f8:0b:1a:bd:62:d0:c8:30:20:01:e1:69:ef:09:17:46:8d:ba
Signer

Actual PE Digest

5f:f9:f8:0b:1a:bd:62:d0:c8:30:20:01:e1:69:ef:09:17:46:8d:ba

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32Next
Process32First
CreateToolhelp32Snapshot
GetModuleFileNameA
CopyFileA
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
lstrcatA
GetEnvironmentVariableA
GetCurrentProcess
GetVersionExA
GetSystemDirectoryA
CloseHandle
CreateThread
GetLastError
CompareStringW
CompareStringA
SetEndOfFile
LoadLibraryA
LCMapStringW
Sleep
GetWindowsDirectoryA
DeleteFileA
FindFirstFileA
FindClose
GetShortPathNameA
GetTickCount
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
SetFilePointer
IsBadCodePtr
IsBadReadPtr
CreateFileA
ReadFile
FlushFileBuffers
SetStdHandle
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
SetEnvironmentVariableA
UnhandledExceptionFilter
GetProcAddress
WriteFile
GetOEMCP
GetACP
GetCPInfo
HeapSize
TerminateProcess
HeapAlloc
HeapReAlloc
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
RaiseException

user32

SendMessageA
DispatchMessageA
TranslateMessage
PeekMessageA
wsprintfA

advapi32

RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA

shell32

ShellExecuteA

wsock32

send
inet_ntoa
connect
ioctlsocket
socket
recv
closesocket
select
WSAGetLastError
WSASetLastError
__WSAFDIsSet
WSAStartup
gethostname
gethostbyname
inet_addr
shutdown
htons

rpcrt4

UuidCreateSequential

wininet

InternetOpenA
InternetOpenUrlA

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bdd91cc85cb69b39c4eee96d341056c0

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

67:24:34:0d:db:c7:25:2f:7f:b7:14:b8:12:a5:c0:4dCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5f:f9:f8:0b:1a:bd:62:d0:c8:30:20:01:e1:69:ef:09:17:46:8d:baSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

wsock32

rpcrt4

wininet

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 20KB

.sxdata Size: 4KB - Virtual size: 24B

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

67:24:34:0d:db:c7:25:2f:7f:b7:14:b8:12:a5:c0:4d
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5f:f9:f8:0b:1a:bd:62:d0:c8:30:20:01:e1:69:ef:09:17:46:8d:ba
Signer

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 20KB

.sxdata
Size: 4KB - Virtual size: 24B