JaffaCakes118_10feec1c7cd10455e2f46145888d406d

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_10feec1c7cd10455e2f46145888d406d
Size

244KB
MD5

10feec1c7cd10455e2f46145888d406d
SHA1

e576e68e410e832f5fc10410e6327fbaace1797e
SHA256

00f4fc69a626f61122c93aee64f0dd803b0962af9f5f249bc6f248be9a194c08
SHA512

85a969c0e9b670e3fcbdb87595d4addc46ad54000142aa23322d20de3ccd07046143641d1f81979c88634e017734dc445268fcef24e14fbb21effc61554fbbc7
SSDEEP

6144:LmrQjPo6ASHk7E6XqEXm2h9VTRT8QrLsabAwa:17o6A+k7AEXmI9dElwa

Score

1^/10

Malware Config

Signatures

Files

JaffaCakes118_10feec1c7cd10455e2f46145888d406d
.exe windows:4 windows x86 arch:x86

e1028815b65aa4a420cca98cc5309337

Code Sign

61:08:77:5f:00:00:00:00:00:4a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-07-2010 22:53

Not After

19-10-2011 22:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:03:dc:f6:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:12

Not After

25-07-2011 19:22

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:15:08:27:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

25-01-2006 23:22

Not After

25-01-2017 23:32

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

cd:b8:77:2f:a9:e8:9b:84:99:0b:7b:e5:a1:af:f8:5c:81:bd:92:c9
Signer

Actual PE Digest

cd:b8:77:2f:a9:e8:9b:84:99:0b:7b:e5:a1:af:f8:5c:81:bd:92:c9

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
GlobalGetAtomNameA
GetWindowsDirectoryA
GetLogicalDrives
SetCurrentDirectoryW
ExitProcess
FatalAppExitA
GlobalDeleteAtom
SetCalendarInfoA
SetComputerNameA
LoadLibraryExA
GetTempFileNameA
QueryPerformanceCounter
GetSystemTime
GetAtomNameA
GetTempPathW
IsBadStringPtrW
GetCPInfo
GetStartupInfoA
MultiByteToWideChar
SetLocaleInfoA
GetDiskFreeSpaceA
MoveFileA
SearchPathA
GetSystemDefaultLCID
DisconnectNamedPipe
OpenWaitableTimerA
ExpandEnvironmentStringsA
IsBadWritePtr
Sleep
GetAtomNameW
GetFullPathNameA
lstrcatW
GetFileAttributesW
GetExitCodeThread
GetModuleHandleW
SleepEx
GetVersion
EnumDateFormatsW
CreateMailslotA
lstrcpy
GetVolumeInformationA
GetSystemDirectoryA
GetTimeFormatW
Beep
lstrcpyn
OpenEventW
FindAtomW
GetStringTypeA
GetCalendarInfoA
GetDateFormatA
GetNumberFormatW
WaitForSingleObject
IsValidCodePage
GetModuleHandleA
GetThreadPriority
ReplaceFileA
GetProcAddress
DuplicateHandle
lstrcpynA
GetEnvironmentStringsA
AddAtomW
QueryPerformanceFrequency
GetNumberFormatA
FileTimeToSystemTime
OpenMutexA
CreatePipe
GetUserDefaultLangID
LocalAlloc

user32

wsprintfA
IsMenu
EnableWindow
DialogBoxIndirectParamW
IsDlgButtonChecked
CopyRect
GetCaretPos
LoadBitmapA
SetWindowLongW
EndDialog
MessageBeep
RegisterWindowMessageA
UnregisterClassA
OpenClipboard
GetWindowRgn
FindWindowA
GetMenuState
GetScrollPos
PostQuitMessage
GetSystemMetrics
DialogBoxParamA
EnumWindows
GetMenuStringA
RegisterClassW
CreateWindowExW
MessageBoxA
LoadMenuA
GetActiveWindow
InvalidateRect

gdi32

CreateCompatibleDC
CreatePatternBrush
CreatePen
SetEnhMetaFileBits
CreateICW
CreateSolidBrush
SetMetaFileBitsEx
RemoveFontResourceExW
CreateFontIndirectA

advapi32

CryptContextAddRef

shell32

StrChrW
StrRStrA
ShellExecuteExW

setupapi

SetupDiGetClassDescriptionW
SetupAddToDiskSpaceListW
SetupGetIntField
CM_Get_Hardware_Profile_Info_ExW
SetupPromptReboot
CM_Uninstall_DevNode
CM_Get_Child
SetupDiInstallDevice
SetupRenameErrorW

wininet

UnlockUrlCacheEntryFileA
HttpSendRequestA
FtpPutFileEx
InternetFindNextFileW
GopherOpenFileA
InternetSetOptionA
InternetSetPerSiteCookieDecisionA
DeleteUrlCacheContainerA

oledlg

OleUIBusyW
OleUIObjectPropertiesW
OleUIUpdateLinksW
OleUIConvertA
OleUIPromptUserA
OleUIPasteSpecialA
OleUIUpdateLinksA
OleUIPasteSpecialW

Sections

.nf
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SgNQg
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.T
Size: 2KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.NPVpb
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nGx
Size: 512B - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.LlOO
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TN
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TVqjNu
Size: 13KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BCdZAQ
Size: 1024B - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.HMqala
Size: 3KB - Virtual size: 413KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1028815b65aa4a420cca98cc5309337

Code Sign

61:08:77:5f:00:00:00:00:00:4aCertificate

Extended Key Usages

Key Usages

61:03:dc:f6:00:00:00:00:00:0cCertificate

Extended Key Usages

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

61:15:08:27:00:00:00:00:00:0cCertificate

Extended Key Usages

Key Usages

cd:b8:77:2f:a9:e8:9b:84:99:0b:7b:e5:a1:af:f8:5c:81:bd:92:c9Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

setupapi

wininet

oledlg

Sections

.nf Size: 3KB - Virtual size: 3KB

.SgNQg Size: 90KB - Virtual size: 90KB

.T Size: 2KB - Virtual size: 46KB

.NPVpb Size: 11KB - Virtual size: 11KB

.nGx Size: 512B - Virtual size: 412KB

.LlOO Size: 4KB - Virtual size: 9KB

.TN Size: 91KB - Virtual size: 90KB

.TVqjNu Size: 13KB - Virtual size: 281KB

.BCdZAQ Size: 1024B - Virtual size: 257KB

.HMqala Size: 3KB - Virtual size: 413KB

.rsrc Size: 9KB - Virtual size: 9KB

61:08:77:5f:00:00:00:00:00:4a
Certificate

61:03:dc:f6:00:00:00:00:00:0c
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:15:08:27:00:00:00:00:00:0c
Certificate

cd:b8:77:2f:a9:e8:9b:84:99:0b:7b:e5:a1:af:f8:5c:81:bd:92:c9
Signer

.nf
Size: 3KB - Virtual size: 3KB

.SgNQg
Size: 90KB - Virtual size: 90KB

.T
Size: 2KB - Virtual size: 46KB

.NPVpb
Size: 11KB - Virtual size: 11KB

.nGx
Size: 512B - Virtual size: 412KB

.LlOO
Size: 4KB - Virtual size: 9KB

.TN
Size: 91KB - Virtual size: 90KB

.TVqjNu
Size: 13KB - Virtual size: 281KB

.BCdZAQ
Size: 1024B - Virtual size: 257KB

.HMqala
Size: 3KB - Virtual size: 413KB

.rsrc
Size: 9KB - Virtual size: 9KB