JaffaCakes118_6e59b7f6c90dd0f33c0a94525ad4a74d

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_6e59b7f6c90dd0f33c0a94525ad4a74d
Size

240KB
MD5

6e59b7f6c90dd0f33c0a94525ad4a74d
SHA1

c12973597c075822ffa5accf290f02441fd422cd
SHA256

a45e5df6cfa9d6cc373dda8cc2a7bb8fc61e5efc101ff0a8974a0c76abf3f709
SHA512

91ad1f3565222295896f94918bcfc7c980db65bd19c110e6e73c12447ff7d6c8b181b04145f91931e9206b3384464d28b121de0777b0fce346ac7a2aea0f519c
SSDEEP

6144:PCjwi1P9gVmZK7YE5CkZ6p5fGfyzvacs6IaVgAyWYd:pi1PJO1CkZ6p5u6Tw6/VoWYd

Score

1^/10

Malware Config

Signatures

Files

JaffaCakes118_6e59b7f6c90dd0f33c0a94525ad4a74d
.exe windows:4 windows x86 arch:x86

ac71e305a58da4f9dba688d581091a76

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/09/2006, 00:00

Not After

18/12/2009, 23:59

Subject

CN=Agnitum Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Agnitum Ltd.,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

80:ca:c7:2b:6c:86:7a:b3:13:70:f5:23:b6:6a:06:34:a2:c8:32:3c
Signer

Actual PE Digest

80:ca:c7:2b:6c:86:7a:b3:13:70:f5:23:b6:6a:06:34:a2:c8:32:3c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Beep
CreateMailslotW
FatalAppExitA
AddAtomA
WaitForSingleObject
lstrcmpW
SetComputerNameW
LoadLibraryW
GetCurrentDirectoryW
GetUserDefaultLCID
lstrcpynW
IsBadStringPtrA
GetLogicalDriveStringsA
GetSystemTime
GetProcessHeaps
GetLongPathNameA
GetExitCodeThread
GetModuleHandleW
GlobalGetAtomNameW
GetSystemDefaultLCID
GetFullPathNameA
CreateNamedPipeA
GetAtomNameA
LocalAlloc
GetDiskFreeSpaceW
ExpandEnvironmentStringsA
GetMailslotInfo
IsBadReadPtr
OpenEventA
GetModuleFileNameW
GetEnvironmentVariableA
GetSystemDirectoryA
GetStringTypeW
MulDiv
RaiseException
GlobalAlloc
RemoveDirectoryA
SetEvent
FindResourceW
OpenFile
FatalAppExitW
ExitProcess
SetLocaleInfoA
GetSystemDefaultLangID
IsValidCodePage
CopyFileExA
GetVersionExA
SetErrorMode
EnumTimeFormatsA
GlobalFindAtomW
ExpandEnvironmentStringsW
MoveFileW
SetCalendarInfoA
lstrcpynA
GetTempFileNameA
SleepEx
ReplaceFileW
CompareFileTime
lstrlenA
OpenWaitableTimerW
GetLongPathNameW
GetStringTypeA
GetCurrentThreadId
GetThreadLocale
OpenSemaphoreW
lstrcpy
QueryPerformanceCounter
GetLocalTime
WaitForMultipleObjects
CreateDirectoryW
LoadLibraryExA
GetCPInfo
BeginUpdateResourceW
OpenMutexW
WinExec
RemoveDirectoryW
CreateSemaphoreW
GetComputerNameA
CreatePipe
GetStartupInfoW
GetVersionExW
SetCurrentDirectoryA
GetShortPathNameA
BeginUpdateResourceA
CreateEventA
CreateMailslotA
DuplicateHandle
GetLastError
FindAtomW
GetProcAddress
lstrcat
lstrcmpiW
GetVersion
lstrcpyA
DeleteAtom
GetTempFileNameW
GetOEMCP
MultiByteToWideChar
LoadResource
EnumCalendarInfoW

user32

GetMessageA
DialogBoxIndirectParamW
IsWindow
GetScrollPos
CreateWindowExW
GetSystemMetrics
SetFocus
CreatePopupMenu
EndMenu
SetDlgItemInt
LoadCursorA
ShowCursor
WinHelpW
GetMenuItemInfoW
UpdateLayeredWindow
PeekMessageW
GetMenuItemRect
GetKeyboardLayout
MoveWindow
GetForegroundWindow
PostMessageW
keybd_event
ActivateKeyboardLayout
EnumClipboardFormats
SendMessageW
GetDlgItemInt
DefWindowProcW
GetMenuItemInfoA
LoadMenuIndirectW
SetWindowTextW
InsertMenuA
MessageBoxIndirectW
CreateAcceleratorTableW
MessageBoxIndirectA
SendDlgItemMessageW
CreateDialogIndirectParamW
CharLowerW
GetIconInfo
GetMenu
ShowCaret
CharLowerA
SetMenu
GetCapture
WaitMessage
PostMessageA
RegisterClassA
SetCursorPos
EnumWindows
GetMenuItemCount
wsprintfA
mouse_event
InsertMenuItemW
EnableWindow
RegisterWindowMessageW
OffsetRect
CreateDesktopA
CreateAcceleratorTableA
GetActiveWindow

gdi32

SelectBrushLocal
CreateCompatibleDC

advapi32

LookupAccountNameA
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

Shell_NotifyIcon
ExtractIconA

shlwapi

StrCpyNW

opengl32

glRenderMode
glTexEnviv
glTexGeni
glRectsv
glNormal3sv
glLightiv
glColor4us
glTexCoord3s
glCallLists
glEdgeFlagPointer
glColor4usv
glIndexi
glGetTexLevelParameterfv
glGenLists
glVertex4iv
glTexCoord4iv
glNormal3b
glColor3ubv
wglChoosePixelFormat

urlmon

DllUnregisterServer
AsyncGetClassBits
URLDownloadW
DllRegisterServer
RevokeFormatEnumerator
CreateURLMonikerEx
CoInternetGetSecurityUrl
ZonesReInit
RegisterFormatEnumerator
ObtainUserAgentString
HlinkNavigateMoniker
GetComponentIDFromCLSSPEC
SetSoftwareUpdateAdvertisementState
URLDownloadToFileA
URLOpenStreamA
GetMarkOfTheWeb
URLOpenPullStreamW
URLOpenPullStreamA
IsLoggingEnabledW
HlinkNavigateString

rtm

RtmIsRoute
RtmDeleteRoute

sqlunirl

_GetServiceKeyName_@16
_EnumFontFamiliesEx_@20
_GetDiskFreeSpaceEx_@16
_SystemParametersInfo_@16
_RegQueryValueEx_@24
_CreateMDIWindow_@40
_NDdeSetShareSecurity_@16
_LogonUser_@24
_InitiateSystemShutdown_@20
_PeekMessage@20
_ResetDC_@8

wsock32

GetTypeByNameW
dn_expand
WSAUnhookBlockingHook
bind
WSACancelBlockingCall
WSAStartup
SetServiceW
WSAAsyncGetProtoByNumber
WSAIsBlocking
GetAcceptExSockaddrs
accept
EnumProtocolsA
connect
GetNameByTypeW
getprotobynumber
NPLoadNameSpaces
htonl
ioctlsocket
s_perror
inet_addr
WSAAsyncSelect
gethostbyaddr

Sections

.r
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VB
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.GJb
Size: 2KB - Virtual size: 466KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.NCdIaA
Size: 1024B - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Tw
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.VLN
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lrOvB
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Nt
Size: 10KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qXo
Size: 1024B - Virtual size: 495KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.auqUki
Size: 4KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac71e305a58da4f9dba688d581091a76

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6Certificate

Extended Key Usages

Key Usages

80:ca:c7:2b:6c:86:7a:b3:13:70:f5:23:b6:6a:06:34:a2:c8:32:3cSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

opengl32

urlmon

rtm

sqlunirl

wsock32

Sections

.r Size: 9KB - Virtual size: 9KB

.VB Size: 89KB - Virtual size: 88KB

.GJb Size: 2KB - Virtual size: 466KB

.NCdIaA Size: 1024B - Virtual size: 261KB

.Tw Size: 12KB - Virtual size: 12KB

.VLN Size: 7KB - Virtual size: 14KB

.lrOvB Size: 90KB - Virtual size: 89KB

.Nt Size: 10KB - Virtual size: 82KB

.qXo Size: 1024B - Virtual size: 495KB

.auqUki Size: 4KB - Virtual size: 176KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 1024B - Virtual size: 1024B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6
Certificate

80:ca:c7:2b:6c:86:7a:b3:13:70:f5:23:b6:6a:06:34:a2:c8:32:3c
Signer

.r
Size: 9KB - Virtual size: 9KB

.VB
Size: 89KB - Virtual size: 88KB

.GJb
Size: 2KB - Virtual size: 466KB

.NCdIaA
Size: 1024B - Virtual size: 261KB

.Tw
Size: 12KB - Virtual size: 12KB

.VLN
Size: 7KB - Virtual size: 14KB

.lrOvB
Size: 90KB - Virtual size: 89KB

.Nt
Size: 10KB - Virtual size: 82KB

.qXo
Size: 1024B - Virtual size: 495KB

.auqUki
Size: 4KB - Virtual size: 176KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 1024B