JaffaCakes118_9ed61882ff8ed5bcd4812b4c723a3c43

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_9ed61882ff8ed5bcd4812b4c723a3c43
Size

200KB
MD5

9ed61882ff8ed5bcd4812b4c723a3c43
SHA1

d6e59722e13c68e4240c20dcb50af3b5416285cc
SHA256

1c4e5891dffab5210f40ef2d677115aee3fa1ce3b41232c251e0f2f28a5eb68b
SHA512

f3ca2d99061f21ade1a9c523b273c65ad25ab17ea596a78fc4122ed0cbef8419dfba7b4df8564dd0a6baf1066e7bda802e78c94fa6e7276b979586196e04b68a
SSDEEP

3072:jaSdR9c1/fuWL0AjMilpCOT+kICtApWFK1WHk25weLcKznxbQFFNj6QUW:j7oFuhAwM+kICeseWEEPznxbJW

Score

1^/10

Malware Config

Signatures

Files

JaffaCakes118_9ed61882ff8ed5bcd4812b4c723a3c43
.exe windows:4 windows x86 arch:x86

002de085159dcce8b0cd54386af8e46d

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11-09-2006 00:00

Not After

24-11-2007 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b7:a2:f3:b0:f5:e3:a8:3f:e0:30:c1:7b:66:7b:19:ad:0a:86:bd:4e
Signer

Actual PE Digest

b7:a2:f3:b0:f5:e3:a8:3f:e0:30:c1:7b:66:7b:19:ad:0a:86:bd:4e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy
GetCurrentDirectoryW
lstrcat
GetAtomNameW
GetProcAddress
EnumCalendarInfoA
SetCurrentDirectoryA
GetThreadLocale
DuplicateHandle
GetPriorityClass
SetCurrentDirectoryW
OpenWaitableTimerA
LoadResource
GetTimeFormatA
lstrlen
CreateFileA
GetMailslotInfo
GetDateFormatW
GetModuleHandleA
GetFullPathNameW
GetStartupInfoA
GetFullPathNameA
SetEvent
lstrcmpW
FindAtomA
SetErrorMode
GetFileTime
lstrcpynW
Beep
GetCurrentThreadId
GetSystemDirectoryW

user32

RegisterClassExW
LoadIconW
IsChild
CreateDesktopA
SetCursorPos
GetClassInfoExA
ShowWindow
CreateDialogParamW
SetTimer
GetAsyncKeyState
WaitMessage
SetDlgItemTextA
EnumDesktopWindows
EnumChildWindows
CallWindowProcA
SendMessageW
LoadBitmapA
CreateDialogIndirectParamW
GetMenuItemInfoW
DefDlgProcA
GetDesktopWindow
OffsetRect
GetActiveWindow
GetDC
EmptyClipboard
RegisterClassW
InsertMenuItemW
WaitForInputIdle
GetWindowTextW

gdi32

SetGraphicsMode
GetLogColorSpaceW
GetObjectA
EnumEnhMetaFile
SetPaletteEntries
GetTextCharset
DeleteEnhMetaFile
PolyPolyline
GetMetaFileW
GetTextAlign
GetGlyphIndicesW
GetTextExtentExPointI
ExtTextOutW
GetDCBrushColor

advapi32

RegQueryValueA
RegDeleteValueA
RegCreateKeyW

shlwapi

SHRegGetUSValueW
PathIsUNCServerW
PathRelativePathToA
StrFormatKBSizeA
SHDeleteEmptyKeyW
PathCombineW
StrRChrIA
UrlCompareW
StrCatW
StrFormatKBSizeW
PathFindExtensionW
PathFindFileNameA

comctl32

ImageList_LoadImageA
ImageList_Replace
ImageList_SetImageCount
FlatSB_SetScrollInfo
CreatePropertySheetPageW

winmm

mmioAdvance
mmioInstallIOProcW
mixerGetLineControlsA
mmioSetInfo
waveInReset
midiOutLongMsg

crypt32

CryptHashCertificate
CryptSignCertificate
CertRDNValueToStrA
CryptHashPublicKeyInfo

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.c
Size: 1024B - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdTw
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MbOy
Size: 3KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hsn
Size: 1024B - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.umshMn
Size: 2KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BQPZ
Size: 512B - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

002de085159dcce8b0cd54386af8e46d

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4Certificate

Extended Key Usages

Key Usages

b7:a2:f3:b0:f5:e3:a8:3f:e0:30:c1:7b:66:7b:19:ad:0a:86:bd:4eSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

comctl32

winmm

crypt32

Sections

.text Size: 11KB - Virtual size: 10KB

.c Size: 1024B - Virtual size: 41KB

.sdTw Size: 512B - Virtual size: 4KB

.MbOy Size: 3KB - Virtual size: 21KB

.hsn Size: 1024B - Virtual size: 22KB

.data Size: 10KB - Virtual size: 10KB

.umshMn Size: 2KB - Virtual size: 35KB

.BQPZ Size: 512B - Virtual size: 215KB

.rsrc Size: 164KB - Virtual size: 163KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

b7:a2:f3:b0:f5:e3:a8:3f:e0:30:c1:7b:66:7b:19:ad:0a:86:bd:4e
Signer

.text
Size: 11KB - Virtual size: 10KB

.c
Size: 1024B - Virtual size: 41KB

.sdTw
Size: 512B - Virtual size: 4KB

.MbOy
Size: 3KB - Virtual size: 21KB

.hsn
Size: 1024B - Virtual size: 22KB

.data
Size: 10KB - Virtual size: 10KB

.umshMn
Size: 2KB - Virtual size: 35KB

.BQPZ
Size: 512B - Virtual size: 215KB

.rsrc
Size: 164KB - Virtual size: 163KB