JaffaCakes118_4172fff172d610ee243f59e99a4d901a

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_4172fff172d610ee243f59e99a4d901a
Size

236KB
MD5

4172fff172d610ee243f59e99a4d901a
SHA1

4f5b098adc3ed300c713823fbdd7cc520c160813
SHA256

22d2cc15aa4402f2b29541b4dca99f8388135d3070e0d4addc01f0d15909cde5
SHA512

e516670a6e2da0c78cf83cc28bb37ef251cb98308e5e88bc5f3d60a3bd21a60ff10fa06f67489a5a12c4beebee80346334906578def673110ff2e2ee824d7e31
SSDEEP

6144:qQYoHEblz+hqyFRJIXILGn9yWo40DBiThaHAQ:ZYdNxMRJ4IK9I5GYl

Score

1^/10

Malware Config

Signatures

Files

JaffaCakes118_4172fff172d610ee243f59e99a4d901a
.exe windows:4 windows x86 arch:x86

77aaaa2ea9faa0742237c336c5e7bb3e

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11-09-2006 00:00

Not After

24-11-2007 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

73:4a:09:b5:bb:c6:f5:db:71:b2:bf:8c:34:4f:5b:d5:16:7e:dd:77
Signer

Actual PE Digest

73:4a:09:b5:bb:c6:f5:db:71:b2:bf:8c:34:4f:5b:d5:16:7e:dd:77

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableA
GetCurrentProcessId
GetWindowsDirectoryA
OpenMutexW
GetTickCount
GetLocalTime
FindAtomW
DeleteAtom
lstrcpyW
RemoveDirectoryA
GetAtomNameW
SearchPathA
FindResourceW
ReplaceFileW
MoveFileA
GetStringTypeW
lstrcmp
SetComputerNameA
lstrcmpW
SetCurrentDirectoryA
GetThreadLocale
GetHandleInformation
lstrcmpA
ExpandEnvironmentStringsW
lstrlenA
CreateDirectoryW
lstrlen
GetOEMCP
CreateSemaphoreW
CompareFileTime
FileTimeToSystemTime
lstrcpynA
GetStartupInfoW
LoadLibraryA
AddAtomW
GetVersion
RemoveDirectoryW
CreateDirectoryA
GetSystemDirectoryA
GetProcAddress
GetNumberFormatA
GetComputerNameA
SetComputerNameW
BeginUpdateResourceW
GlobalFindAtomA
OpenEventW
GetEnvironmentStringsA
GetEnvironmentStringsW
CreateEventW
GetCurrentDirectoryA
CopyFileA
OpenWaitableTimerW
GetTempFileNameW
BeginUpdateResourceA

user32

SetParent
GetSystemMetrics
CharUpperA
IsIconic
RemoveMenu
CopyRect
TrackPopupMenu
CopyIcon
GetKeyboardLayout
DialogBoxIndirectParamW
GetDlgItemTextA
wsprintfA
GetMessageA
GetScrollPos
MonitorFromRect
SetCursor
MessageBoxIndirectA
CreateWindowExW
GetMenuItemRect
CharLowerA
wvsprintfW
CreateAcceleratorTableW
IsMenu
DestroyCursor
GetActiveWindow
SetWindowRgn
GetClassInfoW
EndMenu
GetMessageW
GetMenuItemCount
GetClassInfoExW
SendDlgItemMessageA
RegisterClassW
LoadMenuIndirectW
GetCapture

gdi32

SelectBrushLocal
UpdateICMRegKeyA
SetEnhMetaFileBits
CreateMetaFileW
CreateEllipticRgn
TranslateCharsetInfo
RemoveFontResourceExW
ExtCreateRegion
CreateFontIndirectExW
CreateICW
CreateHatchBrush
CreateICA
GetTextExtentPointW

shell32

StrCmpNIW
ExtractAssociatedIconA
StrRChrIW
Shell_NotifyIconW
StrStrA
SHGetDataFromIDListA
ShellExecuteA
SHCreateDirectory
SHGetDesktopFolder
SHGetFolderPathW

shlwapi

SHRegQueryInfoUSKeyW
PathFindExtensionW
SHDeleteValueA
PathIsSameRootA
PathUnExpandEnvStringsW
PathFindNextComponentA
SHEnumKeyExW
StrFormatByteSizeA
SHRegQueryUSValueA

version

VerQueryValueA
VerInstallFileA

winmm

timeGetSystemTime
joy32Message

rtm

RtmIsRoute
RtmDeleteRoute

inetcomm

MimeOleCreateVirtualStream
HrSaveAttachToFile
MimeOleGetPropW
MimeOleGetExtContentType
HrSaveAttachmentAs
HrGetLastOpenFileDirectoryW
MimeOleCreateByteStream
MimeOleGetPropA
CreateNNTPTransport

Sections

.tpzofm
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mh
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Ixq
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.PZlQM
Size: 2KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dzN
Size: 4KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xkqstx
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.okBNP
Size: 11KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Utrbik
Size: 1024B - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77aaaa2ea9faa0742237c336c5e7bb3e

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4Certificate

Extended Key Usages

Key Usages

73:4a:09:b5:bb:c6:f5:db:71:b2:bf:8c:34:4f:5b:d5:16:7e:dd:77Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

shlwapi

version

winmm

rtm

inetcomm

Sections

.tpzofm Size: 10KB - Virtual size: 9KB

.mh Size: 10KB - Virtual size: 10KB

.Ixq Size: 91KB - Virtual size: 90KB

.PZlQM Size: 2KB - Virtual size: 220KB

.dzN Size: 4KB - Virtual size: 51KB

.xkqstx Size: 90KB - Virtual size: 90KB

.okBNP Size: 11KB - Virtual size: 261KB

.Utrbik Size: 1024B - Virtual size: 212KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 1KB - Virtual size: 1KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

73:4a:09:b5:bb:c6:f5:db:71:b2:bf:8c:34:4f:5b:d5:16:7e:dd:77
Signer

.tpzofm
Size: 10KB - Virtual size: 9KB

.mh
Size: 10KB - Virtual size: 10KB

.Ixq
Size: 91KB - Virtual size: 90KB

.PZlQM
Size: 2KB - Virtual size: 220KB

.dzN
Size: 4KB - Virtual size: 51KB

.xkqstx
Size: 90KB - Virtual size: 90KB

.okBNP
Size: 11KB - Virtual size: 261KB

.Utrbik
Size: 1024B - Virtual size: 212KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 1KB - Virtual size: 1KB