792034e2921272dc1ece5a2bb7747f2b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

792034e2921272dc1ece5a2bb7747f2b_JaffaCakes118
Size

264KB
MD5

792034e2921272dc1ece5a2bb7747f2b
SHA1

07d13e589318c0d2a33eda7f1fde6ea2951361a9
SHA256

e0ec95e9d2d995c8856fa45633c2cc22a4e3df913b1382964546c96eec5d0884
SHA512

7664bd2e2cd0f74bc2ea66913daf7201ce36deb545b08bfbba7579ea4ed39c4ff76f6301d48aa3236f2f075f4f7946a119e9e178f57060721459180dff89f57c
SSDEEP

6144:JiynAGK/2v35RCUIVZWKsiUQJJOFiEiak:UyKOv5gRsi34iEiX

Score

1^/10

Malware Config

Signatures

Files

792034e2921272dc1ece5a2bb7747f2b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

62cc55b35d7c14d460cf1955d7df9afa

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/09/2006, 00:00

Not After

24/11/2007, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b8:a1:f8:86:2a:bf:19:b4:a1:e3:08:bd:50:ed:d9:51:dd:1b:25:40
Signer

Actual PE Digest

b8:a1:f8:86:2a:bf:19:b4:a1:e3:08:bd:50:ed:d9:51:dd:1b:25:40

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

IIDFromString
CoTaskMemFree
CoCreateGuid
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

oleaut32

VariantClear
VariantInit
VarUI4FromStr
SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen

iphlpapi

IpRenewAddress
IpReleaseAddress
FlushIpNetTable
GetInterfaceInfo

user32

MessageBoxW
GetWindowLongW
ReleaseDC
GetDC
OpenClipboard
GetSystemMetrics
SetForegroundWindow
IsIconic
EmptyClipboard
SystemParametersInfoW
SetWindowPos
DefWindowProcW
CharNextW
FindWindowExW
SetClipboardData
ShowWindow
CloseClipboard
PeekMessageW
DestroyWindow
LoadIconW

psapi

GetProcessImageFileNameW

gdi32

GetDeviceCaps

comctl32

InitCommonControlsEx

kernel32

CopyFileW
FindResourceW
WTSGetActiveConsoleSessionId
DeleteFileW
ExpandEnvironmentStringsW
CreateFileW
LeaveCriticalSection
GlobalFree
LocalFree
OpenThread
UnhandledExceptionFilter
GetSystemInfo
LockResource
HeapSize
SizeofResource
SetUnhandledExceptionFilter
HeapReAlloc
GetSystemTime
CreateFileA
lstrcmpiW
WaitForSingleObject
FindCloseChangeNotification
ReadFile
GetSystemDefaultLCID
RemoveDirectoryW
FreeLibrary
GlobalMemoryStatusEx
HeapDestroy
LocalFileTimeToFileTime
GetFileSize
ProcessIdToSessionId
CloseHandle
GlobalUnlock
SetFileTime
FindFirstChangeNotificationW
FormatMessageW
GetUserDefaultLCID
SetLastError
GetTempPathW
DosDateTimeToFileTime
CreateDirectoryW
MulDiv
GetFileSizeEx
GetProcessHeap
ResumeThread
FindNextFileW
IsDebuggerPresent
WideCharToMultiByte
GlobalAlloc
RaiseException
FindNextChangeNotification
SetFileAttributesA
CreateProcessW
HeapAlloc
EnterCriticalSection
GetFileAttributesExW
GetCommandLineW
GetCurrentThreadId
SetFileAttributesW
FindResourceExW
FindClose
SystemTimeToFileTime
LocalAlloc
FindFirstFileW
LoadResource
lstrlenA
LoadLibraryExW
MoveFileW
GlobalLock
GetPrivateProfileStringW
GetSystemTimeAsFileTime
GetTimeFormatW
GetPrivateProfileIntW
DeleteCriticalSection
GetDateFormatW
lstrlenW
GetModuleHandleW
HeapFree
OpenProcess
SuspendThread
GetDiskFreeSpaceExW
GetThreadContext
GetPrivateProfileSectionNamesW
FileTimeToSystemTime
VirtualAllocEx

atl

AtlModuleInit
AtlAxGetControl
AtlModuleGetClassObject
AtlIPersistPropertyBag_Load
DllCanUnloadNow
AtlFreeMarshalStream
AtlDevModeW2A
AtlModuleUnRegisterTypeLib
AtlModuleRegisterWndClassInfoA

msvidc32

DriverProc

Sections

.BlHsf
Size: 1024B - Virtual size: 18KB

IMAGE_SCN_MEM_READ

.vkxbxzd
Size: 1024B - Virtual size: 38KB

IMAGE_SCN_MEM_READ

.Mjtsqg
Size: 1024B - Virtual size: 39KB

IMAGE_SCN_MEM_READ

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gLHoZB
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.QuEC
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nBuW
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.QDJe
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MyqLzW
Size: 1024B - Virtual size: 637B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.GvKHC
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aLGXKkx
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.AyAfes
Size: 1024B - Virtual size: 857B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62cc55b35d7c14d460cf1955d7df9afa

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4Certificate

Extended Key Usages

Key Usages

b8:a1:f8:86:2a:bf:19:b4:a1:e3:08:bd:50:ed:d9:51:dd:1b:25:40Signer

Headers

File Characteristics

Imports

ole32

rpcrt4

oleaut32

iphlpapi

user32

psapi

gdi32

comctl32

kernel32

atl

msvidc32

Sections

.BlHsf Size: 1024B - Virtual size: 18KB

.vkxbxzd Size: 1024B - Virtual size: 38KB

.Mjtsqg Size: 1024B - Virtual size: 39KB

.text Size: 18KB - Virtual size: 18KB

.gLHoZB Size: 3KB - Virtual size: 2KB

.QuEC Size: 2KB - Virtual size: 2KB

.nBuW Size: 2KB - Virtual size: 1KB

.QDJe Size: 2KB - Virtual size: 2KB

.MyqLzW Size: 1024B - Virtual size: 637B

.data Size: 7KB - Virtual size: 214KB

.GvKHC Size: 2KB - Virtual size: 1KB

.rdata Size: 209KB - Virtual size: 209KB

.aLGXKkx Size: 3KB - Virtual size: 2KB

.AyAfes Size: 1024B - Virtual size: 857B

.rsrc Size: 2KB - Virtual size: 1KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

b8:a1:f8:86:2a:bf:19:b4:a1:e3:08:bd:50:ed:d9:51:dd:1b:25:40
Signer

.BlHsf
Size: 1024B - Virtual size: 18KB

.vkxbxzd
Size: 1024B - Virtual size: 38KB

.Mjtsqg
Size: 1024B - Virtual size: 39KB

.text
Size: 18KB - Virtual size: 18KB

.gLHoZB
Size: 3KB - Virtual size: 2KB

.QuEC
Size: 2KB - Virtual size: 2KB

.nBuW
Size: 2KB - Virtual size: 1KB

.QDJe
Size: 2KB - Virtual size: 2KB

.MyqLzW
Size: 1024B - Virtual size: 637B

.data
Size: 7KB - Virtual size: 214KB

.GvKHC
Size: 2KB - Virtual size: 1KB

.rdata
Size: 209KB - Virtual size: 209KB

.aLGXKkx
Size: 3KB - Virtual size: 2KB

.AyAfes
Size: 1024B - Virtual size: 857B

.rsrc
Size: 2KB - Virtual size: 1KB