df2deed126125059f5fe17c9e46a0e91_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

df2deed126125059f5fe17c9e46a0e91_JaffaCakes118
Size

231KB
MD5

df2deed126125059f5fe17c9e46a0e91
SHA1

e221ba56591a38a0dd862ae41dee3f622bdefef3
SHA256

810e7de83cf14fa026df89a8a4b1265d2d1ec06cbe5dc027042be9d680b7c0d3
SHA512

1325e6c7eacdcadd489d62787e5a38431239bdf2d10fb6482462ec60975212d82853ed9e21b522b4ef2d75ceb571050f399909652ff03f418c67a12c9acec280
SSDEEP

6144:jX8HODp4LrOBatW6hw80oWsFZcwDks72e:r8HOtOOBaXS+ZcOue

Score

1^/10

Malware Config

Signatures

Files

df2deed126125059f5fe17c9e46a0e91_JaffaCakes118
.exe windows:4 windows x86 arch:x86

479dd1fc59787038d59594b51c606fda

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21-09-2006 00:00

Not After

18-12-2009 23:59

Subject

CN=Agnitum Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Agnitum Ltd.,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1c:bb:a9:db:d8:20:60:e7:7f:93:d3:2e:ed:94:49:67:f0:e5:98:81
Signer

Actual PE Digest

1c:bb:a9:db:d8:20:60:e7:7f:93:d3:2e:ed:94:49:67:f0:e5:98:81

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
GetVolumeInformationA
GetWindowsDirectoryA
GlobalAlloc
SetComputerNameW
FileTimeToLocalFileTime
SetComputerNameA
GetProcAddress
GetLocaleInfoA
IsBadStringPtrW
GetTempPathW
GetDateFormatW
GetStartupInfoW
GetModuleHandleW
RaiseException
GetProcessHeap
DeleteAtom
LoadLibraryExA
QueryPerformanceCounter

user32

GetClassInfoExA
GetTopWindow
GetDCEx
ShowCursor
IsIconic
SetCursorPos
ActivateKeyboardLayout
SetFocus
GetCaretPos
GetDesktopWindow
GetKeyboardLayout
WinHelpW
CheckMenuItem
CreateDesktopW
MessageBoxIndirectA
DefWindowProcW
LoadCursorA
RegisterClassExA
GetFocus
UpdateLayeredWindow
CreateWindowExW
GetWindowRgn
GetSysColor
MessageBoxW
CharNextW
MoveWindow
LoadMenuW
GetKeyboardType
GetClassInfoA
wvsprintfA
GetMenuItemID
UnregisterClassA
WaitMessage
GetMenuItemInfoA
MonitorFromPoint
SetActiveWindow
GetDlgItemTextA
CopyIcon
RegisterClassW
GetMenuStringW
CreateDialogParamW
DialogBoxParamA
LoadBitmapA
InsertMenuItemA
GetMenuItemCount
InsertMenuItemW
GetKeyState
EnumWindows
EndMenu
EnableMenuItem
RegisterWindowMessageA
RegisterWindowMessageW
GetMenuItemInfoW
WaitForInputIdle
SetDlgItemTextW
DefWindowProcA
SendDlgItemMessageA
IsChild
UnregisterClassW
IsMenu
CreateDialogIndirectParamW
CopyRect
LoadIconA
EnableWindow
GetCapture
PostMessageW
IsWindow
SetWindowPos
GetForegroundWindow
DestroyIcon
CharLowerW
CreateWindowExA
DialogBoxParamW
CharUpperA
GetSubMenu
mouse_event
GetMenu
LoadMenuIndirectA
FindWindowA
OffsetRect
LoadMenuIndirectW
SetWindowTextW
CreateAcceleratorTableW
GetMenuItemRect
MessageBoxA
GetCursorPos
DestroyMenu
GetMenuStringA
MessageBeep
CreateMenu
AppendMenuA
RemoveMenu
MonitorFromRect
CharLowerA
LoadImageW
PeekMessageA
FindWindowW
GetSystemMetrics
ShowWindow
GetDlgItemTextW
ShowCaret
TrackPopupMenuEx
SetWindowRgn
SetWindowTextA
InvalidateRgn
wsprintfW
SetParent
TrackPopupMenu
SetDlgItemTextA
PostQuitMessage
GetMenuState
LoadCursorW
SendMessageW
CharNextA
RegisterClassA
GetMenuInfo
LoadMenuA
GetClassInfoW
CreateDialogIndirectParamA
GetDlgItemInt
SetForegroundWindow
CharPrevW
CreateDialogParamA
GetActiveWindow
CharUpperW
GetMessageW
MessageBoxIndirectW
PeekMessageW
IsDlgButtonChecked
SetCapture
GetIconInfo
AdjustWindowRect
LoadImageA
SetWindowLongW
InvalidateRect

shell32

ShellExecuteExW
SHGetDiskFreeSpaceExA

comdlg32

GetFileTitleA
GetSaveFileNameW
PrintDlgExW
GetSaveFileNameA
PrintDlgW
PrintDlgA
FindTextA
GetFileTitleW

oleaut32

VarI1FromUI8
VarR8FromUI2
VariantCopy
VarI2FromDec
VarCmp
VarR4FromI1

opengl32

glVertex3f
glTexImage2D
glVertex2sv
glMaterialf
glEvalCoord2d
glRasterPos2sv
glTexImage1D
glTexEnvi
glEvalCoord1d
glColor3iv
glVertex4sv
glTexGenfv
glVertex4s
glRasterPos3fv
GlmfInitPlayback
glPixelMapusv
glRasterPos2d
wglGetCurrentDC
glCallLists
glColor3sv
glGetBooleanv
glTexCoord2f
glColorMaterial
wglGetPixelFormat
wglGetLayerPaletteEntries

setupapi

SetupRemoveInstallSectionFromDiskSpaceListA
SetupDiGetClassRegistryPropertyW
pSetupGuidFromString
CM_Locate_DevNode_ExA
SetupDiInstallDriverFiles
SetupDestroyDiskSpaceList

version

GetFileVersionInfoW
VerInstallFileW
VerInstallFileA

printui

RegisterPrintNotify
bFolderRefresh

sqlunirl

_GetFileSecurity_@20
_NDdeSetShareSecurity_@16
_WaitNamedPipe_@8
_CreateMetaFile_@4
_WriteProfileSection_@8
_CreateWaitableTimer_@12
_RegUnLoadKey_@8
_OutputDebugString_@4
_OpenWindowStation_@12
_Shell_NotifyIcon_@8
_GetProfileInt_@12
_GetEnhMetaFileDescription_@12
_GetModuleFileName@12
_GetPrivateProfileSectionNames_@12
_SetWindowLong@12
_LookupPrivilegeDisplayName_@20
_DrawState_@40

wsock32

getnetbyname
getprotobyname
rresvport
WSASetLastError
ntohs
EnumProtocolsA
recvfrom
shutdown
WSARecvEx
gethostbyaddr
WSAAsyncGetServByPort
MigrateWinsockConfiguration
NPLoadNameSpaces
select
sendto
htonl
GetAddressByNameW
gethostbyname
GetAddressByNameA
GetTypeByNameW
closesocket
s_perror
WSAIsBlocking
WSAAsyncGetProtoByNumber

Sections

.Rm
Size: 1024B - Virtual size: 785B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.NnT
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.OI
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.q
Size: 512B - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.o
Size: 7KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Ft
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nLiIY
Size: 11KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fN
Size: 5KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

479dd1fc59787038d59594b51c606fda

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6Certificate

Extended Key Usages

Key Usages

1c:bb:a9:db:d8:20:60:e7:7f:93:d3:2e:ed:94:49:67:f0:e5:98:81Signer

Headers

File Characteristics

Imports

kernel32

user32

shell32

comdlg32

oleaut32

opengl32

setupapi

version

printui

sqlunirl

wsock32

Sections

.Rm Size: 1024B - Virtual size: 785B

.NnT Size: 91KB - Virtual size: 90KB

.OI Size: 12KB - Virtual size: 12KB

.q Size: 512B - Virtual size: 249KB

.o Size: 7KB - Virtual size: 19KB

.Ft Size: 90KB - Virtual size: 89KB

.nLiIY Size: 11KB - Virtual size: 71KB

.fN Size: 5KB - Virtual size: 47KB

.rsrc Size: 7KB - Virtual size: 6KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6
Certificate

1c:bb:a9:db:d8:20:60:e7:7f:93:d3:2e:ed:94:49:67:f0:e5:98:81
Signer

.Rm
Size: 1024B - Virtual size: 785B

.NnT
Size: 91KB - Virtual size: 90KB

.OI
Size: 12KB - Virtual size: 12KB

.q
Size: 512B - Virtual size: 249KB

.o
Size: 7KB - Virtual size: 19KB

.Ft
Size: 90KB - Virtual size: 89KB

.nLiIY
Size: 11KB - Virtual size: 71KB

.fN
Size: 5KB - Virtual size: 47KB

.rsrc
Size: 7KB - Virtual size: 6KB