JaffaCakes118_031729a347fd5a0ea535a18f5bee201d

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_031729a347fd5a0ea535a18f5bee201d
Size

266KB
MD5

031729a347fd5a0ea535a18f5bee201d
SHA1

2040d1e682e5918b121779e4d7600f4198cc75e3
SHA256

675b22d6ceecf755eb466c712d2d80f0bca35c3e21a2504e61f05acaa3a50065
SHA512

45196f98523f67c903c7d96a59f4224beb34ce018fa2057eb13cd0d2fba452c9ff368913480fccc4e1c04691c31c9fe39f83a3cc7a4feb30eaa517cabafe6932
SSDEEP

6144:fp/jck02ek7v8VjWHJll+s/EyZ+2Wv52AFovNH/mLkGu:x/jJ02r7qWplOk+OAF8NOLK

Score

1^/10

Malware Config

Signatures

Files

JaffaCakes118_031729a347fd5a0ea535a18f5bee201d
.exe windows:4 windows x86 arch:x86

b7bf8c0e0bc7f0e7af88b0c9a1ebd9d6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:44:c0:6a:6c:fb:50:76:c1:5d:39:95:72:c6:94:21
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19-06-2007 00:00

Not After

18-06-2010 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Netscape Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

32:6c:2b:6b:b2:b3:70:77:c9:fd:5f:d4:1b:3d:94:49:e4:91:52:f8
Signer

Actual PE Digest

32:6c:2b:6b:b2:b3:70:77:c9:fd:5f:d4:1b:3d:94:49:e4:91:52:f8

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_addr
inet_ntoa
WSACleanup
WSAStringToAddressW
WSAStartup

dnsapi

DnsQuery_W
DnsFree

shlwapi

PathIsUNCServerW
PathAppendW
PathRemoveFileSpecW
PathAddBackslashW
PathFileExistsW
StrToIntExW

advapi32

OpenProcessToken
InitializeSid
GetFileSecurityW
LookupPrivilegeValueW
SetFileSecurityW
GetTokenInformation
AllocateAndInitializeSid
RegDeleteValueW
CopySid
GetSidSubAuthority
GetSidLengthRequired
SetSecurityDescriptorDacl
RegOpenKeyExW
CryptCreateHash
FreeSid
AdjustTokenPrivileges
SetFileSecurityA
RegCloseKey
GetLengthSid
CryptAcquireContextW
InitializeSecurityDescriptor
CryptDestroyHash
CryptHashData
RegEnumKeyExW
CryptReleaseContext
IsValidSid
CheckTokenMembership
CryptGetHashParam
RegQueryValueExW

kernel32

MoveFileW
GetFileAttributesExW
CreateDirectoryA
QueryPerformanceFrequency
SetFileAttributesA
SetUnhandledExceptionFilter
GlobalFree
LoadLibraryExW
LocalAlloc
GetTempPathW
GetSystemTimeAsFileTime
GetTimeZoneInformation
CompareFileTime
IsDBCSLeadByte
SetCurrentDirectoryW
LockResource
CreateEventW
FindNextFileA
GetFileTime
CreateFileA
OutputDebugStringW
FindFirstFileW
DosDateTimeToFileTime
IsDebuggerPresent
GetCurrentDirectoryW
LocalFileTimeToFileTime
GetLocalTime
WaitForSingleObject
GetVolumeInformationW
WideCharToMultiByte
GetStdHandle
HeapFree
GetSystemDirectoryW
CloseHandle
GetSystemTime
GetWindowsDirectoryW
LoadResource
ReadFile
FindResourceW
LeaveCriticalSection
GetThreadPriority
CreateMutexW
DeleteFileW
HeapAlloc
FindFirstFileA
SystemTimeToFileTime
GetProcessHeap
CreateDirectoryW
FindNextFileW
GetShortPathNameW
SetFileAttributesW
HeapReAlloc
FindResourceExW
HeapSize
SetLastError
SetFilePointer
CopyFileW
HeapDestroy
RemoveDirectoryW
GetTempFileNameW
DeleteCriticalSection
lstrlenW
CreateFileW
GetFileType
SetThreadPriority
SizeofResource
SetEndOfFile
GetFileSize
OpenMutexW
CreateProcessW
GetCurrentThreadId
ReleaseMutex
lstrcpyW
MoveFileExW
DeviceIoControl
FindClose
lstrlenA
FileTimeToSystemTime
SetFileTime
RaiseException
WriteFile
GetDiskFreeSpaceExW
EnterCriticalSection
UnhandledExceptionFilter
GetSystemWindowsDirectoryW
GetSystemDefaultLangID
FreeLibrary
HeapCreate
VirtualAllocEx

user32

CharToOemA
MsgWaitForMultipleObjects
CharLowerA
CharUpperA
DispatchMessageW
OemToCharA
CharToOemBuffW
PeekMessageW
TranslateMessage
wsprintfW
CharUpperW
OemToCharBuffA

userenv

UnloadUserProfile

crypt32

CryptDecodeObjectEx
CertGetIntendedKeyUsage
CertAddCertificateContextToStore
CertNameToStrW
CryptMemAlloc
CryptMsgClose
CertGetIssuerCertificateFromStore
CertCompareCertificate
CryptMemFree
CertDuplicateCertificateContext
CryptMemRealloc
CryptMsgOpenToDecode
CertVerifyValidityNesting
CertCloseStore
CryptMsgGetParam
CryptMsgUpdate
CertFindExtension
CertCreateCertificateContext
CertFreeCertificateContext
CertFreeCertificateChain
CertCompareIntegerBlob
CertOpenStore
CryptMsgControl

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoCreateGuid
StringFromGUID2
CLSIDFromString

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

atl

AtlModuleInit
AtlAxGetControl
AtlUnadvise
AtlAxDialogBoxW
AtlFreeMarshalStream
AtlPixelToHiMetric

ufat

Format
Recover

Sections

.QSWzUS
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qrbFKcc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.NwskD
Size: 512B - Virtual size: 199B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UFEd
Size: 1024B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ClVO
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CkJYJe
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MLIqOb
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qXWk
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nHQMx
Size: 1024B - Virtual size: 559B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Sjhbu
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.VqTVOfP
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b7bf8c0e0bc7f0e7af88b0c9a1ebd9d6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

31:44:c0:6a:6c:fb:50:76:c1:5d:39:95:72:c6:94:21Certificate

Extended Key Usages

Key Usages

32:6c:2b:6b:b2:b3:70:77:c9:fd:5f:d4:1b:3d:94:49:e4:91:52:f8Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

dnsapi

shlwapi

advapi32

kernel32

user32

userenv

crypt32

shell32

ole32

version

atl

ufat

Sections

.QSWzUS Size: 1024B - Virtual size: 4KB

.text Size: 17KB - Virtual size: 17KB

.qrbFKcc Size: 3KB - Virtual size: 2KB

.NwskD Size: 512B - Virtual size: 199B

.UFEd Size: 1024B - Virtual size: 900B

.ClVO Size: 512B - Virtual size: 224B

.CkJYJe Size: 2KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 268KB

.MLIqOb Size: 2KB - Virtual size: 1KB

.rdata Size: 211KB - Virtual size: 210KB

.qXWk Size: 3KB - Virtual size: 2KB

.nHQMx Size: 1024B - Virtual size: 559B

.Sjhbu Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.VqTVOfP Size: 3KB - Virtual size: 2KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

31:44:c0:6a:6c:fb:50:76:c1:5d:39:95:72:c6:94:21
Certificate

32:6c:2b:6b:b2:b3:70:77:c9:fd:5f:d4:1b:3d:94:49:e4:91:52:f8
Signer

.QSWzUS
Size: 1024B - Virtual size: 4KB

.text
Size: 17KB - Virtual size: 17KB

.qrbFKcc
Size: 3KB - Virtual size: 2KB

.NwskD
Size: 512B - Virtual size: 199B

.UFEd
Size: 1024B - Virtual size: 900B

.ClVO
Size: 512B - Virtual size: 224B

.CkJYJe
Size: 2KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 268KB

.MLIqOb
Size: 2KB - Virtual size: 1KB

.rdata
Size: 211KB - Virtual size: 210KB

.qXWk
Size: 3KB - Virtual size: 2KB

.nHQMx
Size: 1024B - Virtual size: 559B

.Sjhbu
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.VqTVOfP
Size: 3KB - Virtual size: 2KB