JaffaCakes118_142656cf8f64267129b06c1c63a9c2a7

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_142656cf8f64267129b06c1c63a9c2a7
Size

270KB
MD5

142656cf8f64267129b06c1c63a9c2a7
SHA1

0f95ed4bc6130bb504be274b2caa036ed0f43c99
SHA256

2d35f4a41390d7de0908c701ede9c42b29428fb6e6cdfa3105bc6963426c57e7
SHA512

08c6cde56a4a3586abf3466fcea7983e01da17f86abc925e5c212a5ed16e34aeed2cb220a0c01ebf79c1d6739febc32a4e9d2c4d53b652216b5d16e2b2208d66
SSDEEP

6144:zntWcVLDchVx1E+zB0H7bWyUEChglC419BgSOUu1W/:zn3oh71V0b9C8C4/eSOUB/

Score

1^/10

Malware Config

Signatures

Files

JaffaCakes118_142656cf8f64267129b06c1c63a9c2a7
.exe windows:4 windows x86 arch:x86

69a8c5cb30a52faf37119b29e19a2314

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:b2:d3:c2:21:07:bc:a3:05:4c:66:a7:95:9f:1b:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-09-2009 00:00

Not After

25-10-2012 23:59

Subject

CN=Norman ASA,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarter,O=Norman ASA,L=Lysaker,ST=Oslo,C=NO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:a1:67:4a:ef:5a:fd:85:ff:ee:97:00:3a:e9:14:9c:d8:64:47:8e
Signer

Actual PE Digest

4c:a1:67:4a:ef:5a:fd:85:ff:ee:97:00:3a:e9:14:9c:d8:64:47:8e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenEventA
GetStartupInfoW
CopyFileExA
lstrlen
GetFileAttributesA
IsDebuggerPresent
GetExitCodeThread
GetEnvironmentVariableW
DisconnectNamedPipe
OpenFile
GetTempPathA
GetLongPathNameW
GetCurrentThreadId
IsBadStringPtrW
GetProcessHeap
SearchPathA
OpenMutexW
SetCurrentDirectoryA
RemoveDirectoryW
CreateNamedPipeW
IsValidCodePage
ReadDirectoryChangesW
CopyFileA
GetLogicalDriveStringsW
GetEnvironmentStringsW
IsBadReadPtr
QueryPerformanceCounter
lstrcat
GetCurrentDirectoryA
CreateMutexA
GetStringTypeA
lstrcpyW
GetUserDefaultLangID
TlsAlloc
LoadLibraryA
GetSystemDefaultLangID
GlobalGetAtomNameW
GetVolumeInformationA
GetFullPathNameA
OpenEventW
GetCPInfo
GlobalFindAtomA
GetVersionExA
SetComputerNameA
AddAtomA
lstrcmpiA
SetUnhandledExceptionFilter
CopyFileExW
lstrcmpiW
ExpandEnvironmentStringsA
GlobalAlloc
GetUserDefaultLCID
GetStringTypeW
EnumDateFormatsA
DeleteAtom
lstrcatW
CreateDirectoryA
HeapCreate
EnumTimeFormatsA
FileTimeToLocalFileTime
GetProcAddress
DuplicateHandle
FatalAppExitW
SetLocaleInfoA
lstrcmpA
SleepEx
SetComputerNameW
EnumDateFormatsW
FileTimeToDosDateTime
GetSystemTime
CreateMailslotW
FatalAppExitA
QueryPerformanceFrequency
GetProcessHeaps
GetExitCodeProcess
CreatePipe
Beep
CreateEventW
lstrcatA
LoadResource
ReplaceFileA
lstrcpyn
GetEnvironmentVariableA
SetCurrentDirectoryW
GetVersion
lstrcmpi
GetLocaleInfoW
GetExpandedNameW
GetVolumeInformationW
GetSystemInfo
GetOEMCP
FindAtomA
lstrlenA
BeginUpdateResourceA
GetComputerNameA
GetLastError
DosDateTimeToFileTime
IsValidLocale
OpenSemaphoreA
GetTempPathW
ReplaceFileW
AddAtomW
IsBadStringPtrA
LoadLibraryW

user32

PeekMessageA
GetMenuItemRect
WaitForInputIdle
keybd_event
SendDlgItemMessageW
SetWindowLongW
EndMenu
GetScrollPos
SendDlgItemMessageA
InvalidateRgn
LoadImageW
CreateDialogIndirectParamA
RegisterWindowMessageW
mouse_event
LoadBitmapA
wsprintfW
CreateDialogParamW
RegisterClassW
IsWindow
LoadBitmapW
EnableMenuItem
DialogBoxIndirectParamA
GetDlgItemTextA
RegisterClassExW
CharLowerW
SetDlgItemTextA
SetForegroundWindow
MessageBoxIndirectW
CreateAcceleratorTableW
ShowWindow
GetFocus
CharNextW
IsChild
GetMenuState
wvsprintfW
WinHelpA
SetWindowRgn
UnregisterClassA
GetMenuItemInfoW
DialogBoxParamW
GetCursorPos
SetTimer
SetDlgItemInt
GetDlgItemTextW
CreateDesktopW
MonitorFromRect
ShowCaret
SendMessageW
MonitorFromPoint
MoveWindow
GetCaretPos
SetWindowPos
RegisterClassExA
MessageBoxIndirectA
GetForegroundWindow
SetDlgItemTextW
CreateDialogIndirectParamW
IsMenu
LoadCursorA
GetMessageA
GetActiveWindow
GetAsyncKeyState
LoadIconW
EnumClipboardFormats
DefWindowProcW
DestroyMenu
IsIconic
wvsprintfA
FindWindowW
MonitorFromWindow
MessageBoxA
GetClassInfoExA
ShowCursor
GetMenuItemCount
TrackPopupMenu
EmptyClipboard
RegisterClassA
EnableWindow
SetFocus
PostMessageA
CreatePopupMenu
LoadIconA
GetKeyboardType
DialogBoxParamA
SetMenu
MessageBoxW
OpenClipboard
GetIconInfo
GetMessageW
AppendMenuA
AdjustWindowRect
CreateWindowExW
GetDCEx
CheckMenuItem
GetMenu
SetCursor
CharLowerA
DefWindowProcA
RegisterWindowMessageA
CharNextA
GetCapture
UnregisterClassW
CreateAcceleratorTableA
InsertMenuItemW
FindWindowA
PeekMessageW
CopyIcon
LoadMenuIndirectW
AppendMenuW
GetMenuStringA
EnumWindows
OffsetRect
GetClassInfoA
DestroyIcon
GetMenuItemInfoA
CreateDesktopA
GetCapture
SetCapture
CharPrevW
GetMenuStringW
GetMenuItemID

gdi32

UpdateICMRegKeyW
GetEnhMetaFileW
CreatePolyPolygonRgn
CreateICA
CreateBrushIndirect
CreateBitmap
CreateDIBPatternBrushPt
SetEnhMetaFileBits
CreateFontW
CreatePen
GetEnhMetaFileA
RemoveFontResourceW
GetStockObject
CreateEllipticRgn
CreateBitmapIndirect
UpdateICMRegKeyA
CreateColorSpaceA
SelectBrushLocal

advapi32

CredReadDomainCredentialsA
WmiQueryAllDataA
GetTraceEnableFlags
EqualPrefixSid
ControlTraceA
ControlTraceW
BackupEventLogA
RegCloseKey
GetFileSecurityW
UpdateTraceW
CredFree

shell32

SHGetDiskFreeSpaceExA
DuplicateIcon
StrRChrW
SHGetFolderPathW

shlwapi

AssocCreate
PathStripToRootW
StrFormatKBSizeW
SHRegCreateUSKeyA
StrSpnA
PathFileExistsA
StrRetToBufW
StrRetToBSTR
SHDeleteOrphanKeyW
StrCmpLogicalW

comctl32

FlatSB_GetScrollInfo
CreatePropertySheetPageA
CreateToolbarEx
FlatSB_SetScrollInfo
GetEffectiveClientRect
InitCommonControls
FlatSB_GetScrollPos
ImageList_Duplicate
ImageList_SetFilter

ole32

CoCreateGuid
CoInitialize

version

VerInstallFileA
VerLanguageNameW
VerLanguageNameA
VerFindFileW
GetFileVersionInfoW
VerQueryValueA
VerInstallFileW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW

hid

HidD_GetFeature
HidD_Hello

inetcomm

MimeOleConvertEnrichedToHTML

wsock32

sendto
GetTypeByNameW
EnumProtocolsA
recv
WEP

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69a8c5cb30a52faf37119b29e19a2314

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

5c:b2:d3:c2:21:07:bc:a3:05:4c:66:a7:95:9f:1b:5fCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

4c:a1:67:4a:ef:5a:fd:85:ff:ee:97:00:3a:e9:14:9c:d8:64:47:8eSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

comctl32

ole32

version

hid

inetcomm

wsock32

Sections

.text Size: 12KB - Virtual size: 12KB

.edata Size: 109KB - Virtual size: 109KB

.edata Size: 4KB - Virtual size: 25KB

.rdata Size: 8KB - Virtual size: 33KB

.data Size: 12KB - Virtual size: 342KB

.edata Size: 108KB - Virtual size: 108KB

.rsrc Size: 8KB - Virtual size: 7KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

5c:b2:d3:c2:21:07:bc:a3:05:4c:66:a7:95:9f:1b:5f
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

4c:a1:67:4a:ef:5a:fd:85:ff:ee:97:00:3a:e9:14:9c:d8:64:47:8e
Signer

.text
Size: 12KB - Virtual size: 12KB

.edata
Size: 109KB - Virtual size: 109KB

.edata
Size: 4KB - Virtual size: 25KB

.rdata
Size: 8KB - Virtual size: 33KB

.data
Size: 12KB - Virtual size: 342KB

.edata
Size: 108KB - Virtual size: 108KB

.rsrc
Size: 8KB - Virtual size: 7KB