9cbbae007ac9bd4a6acee192175811f4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9cbbae007ac9bd4a6acee192175811f4_JaffaCakes118
Size

118KB
MD5

9cbbae007ac9bd4a6acee192175811f4
SHA1

e0b443ed4baa975c45db5eef2ecbb4db46cc673e
SHA256

11bd844bbea32f6d15107373f42c7a16eee991ec1b6c205bcb4cf768d70b441d
SHA512

61cdc71b8b1d9972b9bfc7fe404d8313e50b60ef28ba3936d3733ba594e3513e97fd8f428a53a29d33721f2516df2df4fad872de681a787a6194f37f76874e51
SSDEEP

1536:pA2oZGTIWkkIadB9hptlR4BHJnvR6vMpWk6/leD7Ek39:LoMTv1r9htuBkk6/leD7Ek39

Score

1^/10

Malware Config

Signatures

Files

9cbbae007ac9bd4a6acee192175811f4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3c76293a1f7ac46e1b9d6d7551956b8c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

55:ef:e2:4b:96:74:85:5b:af:16:e6:77:16:47:9c:71
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

31-10-2012 00:00

Not After

31-10-2014 23:59

Subject

CN=S2BVISIO BELGIQUE SA,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=S2BVISIO BELGIQUE SA,L=Wavre,ST=BRABANT,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f5:1c:33:86:1e:f9:77:5f:e2:aa:f0:9b:73:74:03:99:69:52:6e:99
Signer

Actual PE Digest

f5:1c:33:86:1e:f9:77:5f:e2:aa:f0:9b:73:74:03:99:69:52:6e:99

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteExA
ExtractIconW
DragQueryPoint
DragQueryFileA
DragQueryFileW
ShellAboutA
DoEnvironmentSubstA

ole32

OleCreateStaticFromData
OleLoad
OleCreateEx
OleCreateLinkToFileEx
StgIsStorageFile

advapi32

RegCreateKeyExW
RegQueryValueW
ClearEventLogA
AreAnyAccessesGranted
InitializeSid
RegNotifyChangeKeyValue
DuplicateToken
RegQueryMultipleValuesA

kernel32

RtlUnwind
HeapSize
LCMapStringW
MultiByteToWideChar
GetStringTypeW
LoadLibraryW
GetLastError
AllocateUserPhysicalPages
ReadConsoleOutputAttribute
FindResourceA
MoveFileExA
WriteProfileSectionW
GetCommandLineA
HeapSetInformation
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
RaiseException
HeapFree
HeapReAlloc
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c76293a1f7ac46e1b9d6d7551956b8c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

55:ef:e2:4b:96:74:85:5b:af:16:e6:77:16:47:9c:71Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

f5:1c:33:86:1e:f9:77:5f:e2:aa:f0:9b:73:74:03:99:69:52:6e:99Signer

Headers

DLL Characteristics

File Characteristics

Imports

shell32

ole32

advapi32

kernel32

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 3KB - Virtual size: 16KB

.rsrc Size: 65KB - Virtual size: 65KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

55:ef:e2:4b:96:74:85:5b:af:16:e6:77:16:47:9c:71
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

f5:1c:33:86:1e:f9:77:5f:e2:aa:f0:9b:73:74:03:99:69:52:6e:99
Signer

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 3KB - Virtual size: 16KB

.rsrc
Size: 65KB - Virtual size: 65KB