JaffaCakes118_07e6cc20e2fd269cc5775154586170d8

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_07e6cc20e2fd269cc5775154586170d8
Size

266KB
MD5

07e6cc20e2fd269cc5775154586170d8
SHA1

7d23ff15209f7c2302ef31fc2b6abc4647f1a651
SHA256

f96bb0deb4722f96e8311cf5ecb35bd6d08d1d8843ec2fbb58116eeb98a35e33
SHA512

b89e24972578c5bc246c2c93c4d76a50425531c7dd0d45f44fe9ce13426ca4342e2af49e4e3c1a5560e4f25c8d6143376badddb23eb47b1d5d08c3cd116a9dc0
SSDEEP

6144:Ur6ijXWSYPgQ9PTG/QfWUUQGeT//5mgWui4ksbiuEm++:UtXWS67w/QeUUQf/5mgbkHo++

Score

1^/10

Malware Config

Signatures

Files

JaffaCakes118_07e6cc20e2fd269cc5775154586170d8
.exe windows:4 windows x86 arch:x86

ff7f9586e5be16b05fe10e23464ce776

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/09/2009, 00:00

Not After

01/10/2012, 23:59

Subject

CN=ArcaBit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ArcaBit,O=ArcaBit Ltd.,L=Warsaw,ST=Warsaw,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

68:4f:db:05:81:c5:1b:47:a1:d8:90:11:d2:76:16:da:d1:40:79:3b
Signer

Actual PE Digest

68:4f:db:05:81:c5:1b:47:a1:d8:90:11:d2:76:16:da:d1:40:79:3b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetDeviceCaps

kernel32

IsProcessorFeaturePresent
EnterCriticalSection
RaiseException
FreeLibrary
UnhandledExceptionFilter
HeapReAlloc
HeapAlloc
SizeofResource
DeleteCriticalSection
SetLastError
FindResourceW
CloseHandle
IsDebuggerPresent
FindResourceExW
OutputDebugStringW
VirtualFree
GetSystemTimeAsFileTime
ProcessIdToSessionId
LoadLibraryExW
SetUnhandledExceptionFilter
VirtualAlloc
LeaveCriticalSection
HeapSize
OpenProcess
HeapFree
LoadResource
ReadFile
WaitForSingleObject
GetProcessHeap
lstrlenW
GetModuleHandleW
LockResource
FlushInstructionCache
GetCurrentThreadId
FormatMessageW
LocalFree
LocalAlloc
QueryPerformanceFrequency
CreateFileW
GetFileSize
HeapDestroy
WideCharToMultiByte
lstrcmpiW
GetFullPathNameA
VirtualAllocEx

oleaut32

VarUI4FromStr

user32

MapWindowPoints
GetWindowRect
UnregisterClassA
ReleaseDC
InvalidateRect
SetWindowsHookExW
TrackPopupMenu
GetDesktopWindow
GetWindow
SetTimer
GetCursorPos
RegisterClassExW
GetForegroundWindow
GetClassInfoExW
SetWindowPos
IsDialogMessageW
IsWindow
PeekMessageW
UnhookWindowsHookEx
AppendMenuW
PostThreadMessageW
GetClientRect
SetMenuInfo
GetWindowLongW
LoadCursorW
CallWindowProcW
DestroyMenu
MonitorFromPoint
LoadImageW
GetDoubleClickTime
PostQuitMessage
AttachThreadInput
IsWindowVisible
SetWindowTextW
DispatchMessageW
ShowWindow
DestroyWindow
IsChild
AllowSetForegroundWindow
PostMessageW
GetDC
SetMenuDefaultItem
MonitorFromWindow
GetMonitorInfoW
SetWindowLongW
LoadMenuW
SendMessageW
GetParent
GetWindowThreadProcessId
SystemParametersInfoW
SetForegroundWindow
LoadAcceleratorsW
CallNextHookEx
LoadIconW
WaitForInputIdle
RegisterWindowMessageW
CreateWindowExW
CharNextW
TranslateMessage
FindWindowW
GetSystemMetrics
DefWindowProcW
GetMessageW
CreateMenu
LoadStringW
KillTimer

ole32

OleUninitialize
CoTaskMemAlloc
StringFromCLSID
PropVariantClear
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
OleInitialize

atl

AtlModuleInit
AtlAxGetControl
DllGetClassObject
AtlModuleExtractCreateWndData
AtlUnmarshalPtr
AtlModuleRegisterWndClassInfoA
AtlModuleRegisterWndClassInfoW

upnphost

DllRegisterServer
ServiceMain
DllGetClassObject
DllCanUnloadNow

Sections

.rpoJsSv
Size: 2KB - Virtual size: 31KB

IMAGE_SCN_MEM_READ

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gsNz
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ABWmj
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.umGUGts
Size: 512B - Virtual size: 313B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dHzlnvk
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BLAdep
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.HLOV
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TJdzA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gUbLH
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ygLJlSm
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JnTc
Size: 512B - Virtual size: 439B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff7f9586e5be16b05fe10e23464ce776

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3dCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

68:4f:db:05:81:c5:1b:47:a1:d8:90:11:d2:76:16:da:d1:40:79:3bSigner

Headers

File Characteristics

Imports

gdi32

kernel32

oleaut32

user32

ole32

atl

upnphost

Sections

.rpoJsSv Size: 2KB - Virtual size: 31KB

.text Size: 16KB - Virtual size: 16KB

.gsNz Size: 1KB - Virtual size: 1KB

.ABWmj Size: 2KB - Virtual size: 2KB

.umGUGts Size: 512B - Virtual size: 313B

.dHzlnvk Size: 2KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 235KB

.BLAdep Size: 2KB - Virtual size: 2KB

.rdata Size: 209KB - Virtual size: 208KB

.HLOV Size: 1KB - Virtual size: 1KB

.TJdzA Size: 2KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

.gUbLH Size: 1KB - Virtual size: 1KB

.ygLJlSm Size: 3KB - Virtual size: 2KB

.JnTc Size: 512B - Virtual size: 439B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3d
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

68:4f:db:05:81:c5:1b:47:a1:d8:90:11:d2:76:16:da:d1:40:79:3b
Signer

.rpoJsSv
Size: 2KB - Virtual size: 31KB

.text
Size: 16KB - Virtual size: 16KB

.gsNz
Size: 1KB - Virtual size: 1KB

.ABWmj
Size: 2KB - Virtual size: 2KB

.umGUGts
Size: 512B - Virtual size: 313B

.dHzlnvk
Size: 2KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 235KB

.BLAdep
Size: 2KB - Virtual size: 2KB

.rdata
Size: 209KB - Virtual size: 208KB

.HLOV
Size: 1KB - Virtual size: 1KB

.TJdzA
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB

.gUbLH
Size: 1KB - Virtual size: 1KB

.ygLJlSm
Size: 3KB - Virtual size: 2KB

.JnTc
Size: 512B - Virtual size: 439B