daeb25bd4587c63bc1210e4f45d774e1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

daeb25bd4587c63bc1210e4f45d774e1_JaffaCakes118
Size

265KB
MD5

daeb25bd4587c63bc1210e4f45d774e1
SHA1

65f6e8a58d42b29953b17c9b14cfe92fdf2c5e05
SHA256

b56c3fc6250ee4dfacd35d9b452cf95b39aff4911565ca89ce0ba36d1834938a
SHA512

8c4455e384e72d9106864fcfc23f957d7cbf18da1b8d2eda8738c6ba6a7eface54f6a9b1981b49d5923d07fe46e46ef7b65eef55a50dc3977a440d037bace672
SSDEEP

6144:kQCCi41rH+9bwKqZvljlGV+LlS9DW9EwNGPCq8xaMs:kQt1rHmwb1tl9laEElibs

Score

1^/10

Malware Config

Signatures

Files

daeb25bd4587c63bc1210e4f45d774e1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4baecdea5d27bd441d931567c19a6caa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:4e:dd:77:06:ef:6b:31:31:d0:0b:1c:67:91:d0:c1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

05-11-2009 00:00

Not After

10-12-2010 23:59

Subject

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a3:b3:66:2c:a3:5f:88:2a:aa:c5:c1:11:d6:e4:5f:73:73:5a:a7:b6
Signer

Actual PE Digest

a3:b3:66:2c:a3:5f:88:2a:aa:c5:c1:11:d6:e4:5f:73:73:5a:a7:b6

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetCurrentProcess
SetCurrentDirectoryW
GetTimeFormatW
GetModuleHandleW
GetEnvironmentVariableW
FatalAppExitW
IsValidLocale
WaitForMultipleObjects
InitializeCriticalSection
lstrcmpiA
LocalFree
ExitProcess
FileTimeToSystemTime
GetModuleFileNameW
GetCalendarInfoA
lstrcpynA
GetLocalTime
lstrcpy
MoveFileW
GetEnvironmentVariableA
BeginUpdateResourceW
CreateSemaphoreW
OpenSemaphoreA
GetStartupInfoA
OpenEventW
GetCurrentDirectoryA
CopyFileExA
CopyFileA
GetTempPathA
CreatePipe
BeginUpdateResourceA
GetStringTypeW
GetSystemDefaultLangID
WinExec
GetWindowsDirectoryA
GlobalGetAtomNameW
lstrcpyn
QueryPerformanceFrequency
ConnectNamedPipe
lstrlenW
GetShortPathNameW
CreateDirectoryW
GetWindowsDirectoryW
ReplaceFileW
GetVolumeInformationA
GetAtomNameW
IsBadWritePtr
CreateEventA
GetSystemDirectoryW
GetLocaleInfoW
LoadResource
GetSystemInfo
GetTempFileNameW
GetProcAddress
LoadLibraryW
GetModuleHandleA
lstrcatA
SetComputerNameW
OpenWaitableTimerA
GetSystemTime
GlobalDeleteAtom
lstrcmpA
GetComputerNameA
GetStringTypeA
DisconnectNamedPipe
SetUnhandledExceptionFilter
OpenSemaphoreW
SystemTimeToFileTime
GetAtomNameA
GetFullPathNameA
RemoveDirectoryA
FindResourceW
CreateMutexW
GetExpandedNameW
SetComputerNameA
ExpandEnvironmentStringsW
SetLocaleInfoA
lstrcpynW
CreateMailslotA
EnumCalendarInfoA
IsBadReadPtr
SetCurrentDirectoryA
GetLongPathNameW
SetErrorMode
WaitForSingleObject
GetShortPathNameA

user32

GetKeyboardLayout
AppendMenuA
GetMenuItemID
ShowWindow
InsertMenuItemW
GetDesktopWindow
GetFocus
SetForegroundWindow
FindWindowA
DefWindowProcW
CreateDesktopA
GetCapture
GetSystemMetrics
CreateDialogIndirectParamA
GetSubMenu
IsIconic
CreateWindowExW
UpdateLayeredWindow
EndMenu
SetMenu
LoadMenuW
UnregisterClassW
MessageBoxW
LoadMenuIndirectA
GetMenuStringW
IsDlgButtonChecked
wsprintfW
SetWindowLongW
GetScrollPos
MessageBeep
AppendMenuW
EnableWindow
GetDlgItemInt
mouse_event
GetMenuItemInfoW
CharNextA
GetMenuItemCount
GetActiveWindow
LoadMenuIndirectW
RegisterClassA
SetWindowTextA
wsprintfA
CreateDialogIndirectParamW
CopyIcon
CharLowerW
UnregisterClassA
WinHelpA
CheckMenuItem
keybd_event
IsChild
GetDCEx
SetWindowTextW
RegisterClassW
DestroyIcon
CopyRect
CreateDesktopW
CreatePopupMenu
SetDlgItemInt
RemoveMenu
DialogBoxIndirectParamW
GetTopWindow
GetClassInfoExW
SetCapture
IsMenu
CharUpperA
ActivateKeyboardLayout
DialogBoxParamW
FindWindowW
PostMessageA
RegisterClassExW
GetForegroundWindow
LoadBitmapA
SetTimer
ShowCaret
GetMenuState
InvalidateRect
DialogBoxParamA
GetMenuInfo
MonitorFromWindow
wvsprintfA
InvalidateRgn
MonitorFromPoint
SetDlgItemTextW
GetActiveWindow
GetCapture
TrackPopupMenu
EnableMenuItem
CreateMenu
PostQuitMessage
TrackPopupMenuEx
GetMenuItemRect
CharNextW
SetParent
GetMessageA
GetKeyboardType
SendMessageW
CreateDialogParamA
GetCaretPos
GetCursorPos
GetMenuItemInfoA
GetClassInfoExA
DefWindowProcA
LoadCursorW
PostMessageW
WinHelpW
CharPrevW
GetClassInfoW
CharPrevA
SetWindowPos
CharLowerA
DestroyCursor
EnumWindows
GetMessageW

gdi32

GetTextExtentPointW
AddFontResourceW
CreateMetaFileA
CreateScalableFontResourceA
AddFontResourceA
GetEnhMetaFileW
CreateBitmap
GetEnhMetaFileA
CreateBrushIndirect
SetWinMetaFileBits
RemoveFontResourceExW

advapi32

RegCreateKeyExA
SetKernelObjectSecurity
GetInheritanceSourceW
RegisterTraceGuidsA
LsaICLookupNamesWithCreds
QueryServiceLockStatusW
LsaLookupSids
RegDisablePredefinedCache
FlushTraceW
MSChapSrvChangePassword
AreAnyAccessesGranted
GetInformationCodeAuthzPolicyW
DuplicateEncryptionInfoFile
GetInheritanceSourceA

shell32

StrChrA
FreeIconList
ShellExecuteA
StrStrW
StrRStrA

version

GetFileVersionInfoSizeW
VerFindFileA
VerInstallFileA
VerLanguageNameW
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
VerLanguageNameA
VerFindFileW

winmm

mciSendStringW
midiOutPrepareHeader
waveOutGetErrorTextW
midiOutShortMsg
mmTaskYield
mixerGetLineInfoW
midiInAddBuffer
timeGetDevCaps
sndPlaySoundW
waveOutReset
mmioSeek
joyGetDevCapsA
waveInOpen
waveOutGetDevCapsW
PlaySoundA
midiOutGetDevCapsA
waveOutWrite
midiOutUnprepareHeader

hid

HidD_GetFeature
HidD_Hello

oledlg

OleUIChangeIconW
OleUIChangeSourceW
OleUIBusyA
OleUIObjectPropertiesW
OleUIAddVerbMenuW
OleUIConvertW
OleUIBusyW
OleUIEditLinksW
OleUIInsertObjectA

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4baecdea5d27bd441d931567c19a6caa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

4d:4e:dd:77:06:ef:6b:31:31:d0:0b:1c:67:91:d0:c1Certificate

Extended Key Usages

Key Usages

a3:b3:66:2c:a3:5f:88:2a:aa:c5:c1:11:d6:e4:5f:73:73:5a:a7:b6Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

version

winmm

hid

oledlg

Sections

.text Size: 12KB - Virtual size: 12KB

.edata Size: 108KB - Virtual size: 108KB

.edata Size: 2KB - Virtual size: 349KB

.rdata Size: 7KB - Virtual size: 49KB

.data Size: 11KB - Virtual size: 242KB

.edata Size: 107KB - Virtual size: 107KB

.edata Size: 2KB - Virtual size: 169KB

.edata Size: 1024B - Virtual size: 463KB

.rsrc Size: 5KB - Virtual size: 5KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

4d:4e:dd:77:06:ef:6b:31:31:d0:0b:1c:67:91:d0:c1
Certificate

a3:b3:66:2c:a3:5f:88:2a:aa:c5:c1:11:d6:e4:5f:73:73:5a:a7:b6
Signer

.text
Size: 12KB - Virtual size: 12KB

.edata
Size: 108KB - Virtual size: 108KB

.edata
Size: 2KB - Virtual size: 349KB

.rdata
Size: 7KB - Virtual size: 49KB

.data
Size: 11KB - Virtual size: 242KB

.edata
Size: 107KB - Virtual size: 107KB

.edata
Size: 2KB - Virtual size: 169KB

.edata
Size: 1024B - Virtual size: 463KB

.rsrc
Size: 5KB - Virtual size: 5KB