JaffaCakes118_c6f787b9d8351e5446b53addaabf1e95

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_c6f787b9d8351e5446b53addaabf1e95
Size

244KB
MD5

c6f787b9d8351e5446b53addaabf1e95
SHA1

6ffc996226beaa0a7e3aa8f3713d26e4b8959c3a
SHA256

2087d09fe011a34ea63fb4565dc67a819846b6aa7826fbac8c54b5ea71c9a0d0
SHA512

b7c75e8105f9c5a18d0583f9c9696e443a7f57e2419e696558ada39e41e4c03ff29f9c0e1d0845a2063d267c9dd5fe1c1c4d1d390e374690954e85534d8fd192
SSDEEP

6144:VPIJKqp6HEwqrBaIRv06ScY12EpOKfeyWBzd4TK:VPI0qw56sIRpS2KOKfetBB4TK

Score

1^/10

Malware Config

Signatures

Files

JaffaCakes118_c6f787b9d8351e5446b53addaabf1e95
.exe windows:4 windows x86 arch:x86

d1d50ff1845b4f02980431c1bc0aeea8

Code Sign

61:08:77:5f:00:00:00:00:00:4a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-07-2010 22:53

Not After

19-10-2011 22:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:03:dc:f6:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:12

Not After

25-07-2011 19:22

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:15:08:27:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

25-01-2006 23:22

Not After

25-01-2017 23:32

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

a8:0f:02:53:24:7b:b6:49:d7:f5:21:fc:6a:5a:65:c1:cd:3e:b6:b3
Signer

Actual PE Digest

a8:0f:02:53:24:7b:b6:49:d7:f5:21:fc:6a:5a:65:c1:cd:3e:b6:b3

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceW
MoveFileW
GetVersionExA
GetExitCodeThread
CompareFileTime
SetComputerNameW
BeginUpdateResourceA
GetLogicalDrives
RemoveDirectoryW
SearchPathW
GlobalFindAtomA
LoadLibraryW
SetEvent
GetDiskFreeSpaceW
SetComputerNameA
GetDateFormatW
lstrcmpiA
FileTimeToSystemTime
GetModuleFileNameW
GetLogicalDriveStringsW
CreatePipe
GetSystemDefaultLCID
lstrcpyn
GetSystemDefaultLangID
lstrlen
GetMailslotInfo
lstrcatW
EnumCalendarInfoA
CreateDirectoryA
FatalAppExitA
FindAtomW
lstrcmpA
FreeLibrary
SleepEx
GetUserDefaultLCID
IsValidCodePage
DeleteAtom
GetHandleInformation
lstrcpy
lstrlenA
GetProcAddress
GetEnvironmentStringsA
GetNumberFormatA
GetUserDefaultLangID
GetTempFileNameA
GetLocaleInfoA
GetAtomNameA
CopyFileExW
TlsAlloc
SetErrorMode
GetModuleHandleW
InitializeCriticalSection
SetUnhandledExceptionFilter
EnumDateFormatsW
FileTimeToLocalFileTime
OpenSemaphoreW
GetFileAttributesW
OpenEventA
lstrcmpW
GlobalAlloc
GetLongPathNameA
OpenFile
GetCurrentProcess
lstrcpyA
LoadLibraryExA
GetLongPathNameW
SystemTimeToFileTime
GetComputerNameA
GetWindowsDirectoryW
EnumDateFormatsA
IsBadStringPtrW
lstrcmpi

user32

GetDlgItemInt
RemoveMenu
RegisterClassW
MonitorFromRect
LoadMenuA
MonitorFromPoint
CharUpperA
CreateDesktopA
SetWindowRgn
CreateDesktopW
GetMenuItemRect
GetWindowRgn
DestroyCursor
AppendMenuA
LoadBitmapA
GetKeyboardLayout
SetParent
IsMenu
GetScrollPos
GetMessageW
GetDlgItemTextA
CreateWindowExA
ActivateKeyboardLayout
EndDialog
UnregisterClassA
FindWindowW
MoveWindow

advapi32

SetTokenInformation
InitiateSystemShutdownExA
QueryServiceConfigA
GetManagedApplicationCategories
CreateServiceA
AccessCheckByType
GetTrusteeTypeW
CryptImportKey
InitiateSystemShutdownA
QueryServiceObjectSecurity

shell32

StrStrIW
StrNCmpIW
StrRStrW
StrRChrIA
StrStrA
ExtractAssociatedIconW
StrRChrW
SHCreateDirectory
SHGetFolderLocation
SHGetDiskFreeSpaceExA
SHGetDiskFreeSpaceA

comdlg32

PrintDlgW
GetSaveFileNameW
GetSaveFileNameA
GetFileTitleW
ChooseFontA

opengl32

glTexCoord2fv
glTexCoord1d
glVertex2sv
glTexEnvi
wglGetCurrentDC
glColor4f
glPrioritizeTextures
glLineStipple
glTexCoord2dv
glPixelMapuiv
glNormalPointer
glLightiv
glArrayElement
glTexGeniv
glClear
glAreTexturesResident
glCallList
glColor3iv
glPixelZoom
glCopyTexSubImage2D
glRasterPos2s
glDeleteLists
glEdgeFlag
glColorMask

setupapi

CM_Get_Res_Des_Data_Ex
CM_Query_And_Remove_SubTreeA
CM_Get_DevNode_Registry_Property_ExW
CM_Enable_DevNode
SetupGetSourceFileSizeW
CM_Get_HW_Prof_FlagsW
pSetupSetQueueFlags
SetupDiGetDeviceInstanceIdW
SetupDiInstallDriverFiles
SetupBackupErrorW
CM_Set_DevNode_Registry_PropertyW

version

GetFileVersionInfoSizeA
VerFindFileA

urlmon

CreateURLMoniker
DllCanUnloadNow
URLDownloadToFileA
UrlMkBuildVersion
RegisterBindStatusCallback

rtm

RtmIsRoute
RtmDeleteRoute

inetcomm

MimeOleStripHeaders
MimeOleSMimeCapsFull
MimeOleGetPropA
MimeOleCreatePropertySet
HrGetLastOpenFileDirectoryW
MimeOleOpenFileStream
MimeOleParseRfc822Address
MimeOleConvertEnrichedToHTML
MimeOleParseRfc822AddressW
MimeOleInetDateToFileTime

oledlg

OleUIBusyW
OleUIPromptUserW
OleUIObjectPropertiesA
OleUIInsertObjectA

Sections

.nWfRW
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bcdKP
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.iil
Size: 3KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Kp
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ybv
Size: 5KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xZXk
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.z
Size: 9KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HXn
Size: 5KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1d50ff1845b4f02980431c1bc0aeea8

Code Sign

61:08:77:5f:00:00:00:00:00:4aCertificate

Extended Key Usages

Key Usages

61:03:dc:f6:00:00:00:00:00:0cCertificate

Extended Key Usages

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

61:15:08:27:00:00:00:00:00:0cCertificate

Extended Key Usages

Key Usages

a8:0f:02:53:24:7b:b6:49:d7:f5:21:fc:6a:5a:65:c1:cd:3e:b6:b3Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

comdlg32

opengl32

setupapi

version

urlmon

rtm

inetcomm

oledlg

Sections

.nWfRW Size: 10KB - Virtual size: 9KB

.bcdKP Size: 90KB - Virtual size: 89KB

.iil Size: 3KB - Virtual size: 401KB

.Kp Size: 10KB - Virtual size: 10KB

.ybv Size: 5KB - Virtual size: 42KB

.xZXk Size: 90KB - Virtual size: 89KB

.z Size: 9KB - Virtual size: 284KB

.HXn Size: 5KB - Virtual size: 337KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 1024B - Virtual size: 1024B

61:08:77:5f:00:00:00:00:00:4a
Certificate

61:03:dc:f6:00:00:00:00:00:0c
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:15:08:27:00:00:00:00:00:0c
Certificate

a8:0f:02:53:24:7b:b6:49:d7:f5:21:fc:6a:5a:65:c1:cd:3e:b6:b3
Signer

.nWfRW
Size: 10KB - Virtual size: 9KB

.bcdKP
Size: 90KB - Virtual size: 89KB

.iil
Size: 3KB - Virtual size: 401KB

.Kp
Size: 10KB - Virtual size: 10KB

.ybv
Size: 5KB - Virtual size: 42KB

.xZXk
Size: 90KB - Virtual size: 89KB

.z
Size: 9KB - Virtual size: 284KB

.HXn
Size: 5KB - Virtual size: 337KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 1024B