JaffaCakes118_1687c52b953755271733525c18c20fdc

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_1687c52b953755271733525c18c20fdc
Size

266KB
MD5

1687c52b953755271733525c18c20fdc
SHA1

5ffd960c2207cfc603766f040cdeb2db855da28d
SHA256

2fe05079d8249e2b20b21546bf9824fa994ea24a7c716fd7b6727e63fb7dbcb2
SHA512

fbdb455d67e04a6c2913041f762c5dee231c824df5608fee6eab226d8223216d35464aabde6b584e0ad5f3e73abd358d06f27eea7c9a70ac6613b55906dae986
SSDEEP

6144:ur6ijXWSYPgQ9PTG/QfWUUQGeT//5mgWui4ksbiuEm++:utXWS67w/QeUUQf/5mgbkHo++

Score

1^/10

Malware Config

Signatures

Files

JaffaCakes118_1687c52b953755271733525c18c20fdc
.exe windows:4 windows x86 arch:x86

ff7f9586e5be16b05fe10e23464ce776

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11-09-2009 00:00

Not After

01-10-2012 23:59

Subject

CN=ArcaBit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ArcaBit,O=ArcaBit Ltd.,L=Warsaw,ST=Warsaw,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

68:4f:db:05:81:c5:1b:47:a1:d8:90:11:d2:76:16:da:d1:40:79:3b
Signer

Actual PE Digest

68:4f:db:05:81:c5:1b:47:a1:d8:90:11:d2:76:16:da:d1:40:79:3b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetDeviceCaps

kernel32

IsProcessorFeaturePresent
EnterCriticalSection
RaiseException
FreeLibrary
UnhandledExceptionFilter
HeapReAlloc
HeapAlloc
SizeofResource
DeleteCriticalSection
SetLastError
FindResourceW
CloseHandle
IsDebuggerPresent
FindResourceExW
OutputDebugStringW
VirtualFree
GetSystemTimeAsFileTime
ProcessIdToSessionId
LoadLibraryExW
SetUnhandledExceptionFilter
VirtualAlloc
LeaveCriticalSection
HeapSize
OpenProcess
HeapFree
LoadResource
ReadFile
WaitForSingleObject
GetProcessHeap
lstrlenW
GetModuleHandleW
LockResource
FlushInstructionCache
GetCurrentThreadId
FormatMessageW
LocalFree
LocalAlloc
QueryPerformanceFrequency
CreateFileW
GetFileSize
HeapDestroy
WideCharToMultiByte
lstrcmpiW
GetFullPathNameA
VirtualAllocEx

oleaut32

VarUI4FromStr

user32

MapWindowPoints
GetWindowRect
UnregisterClassA
ReleaseDC
InvalidateRect
SetWindowsHookExW
TrackPopupMenu
GetDesktopWindow
GetWindow
SetTimer
GetCursorPos
RegisterClassExW
GetForegroundWindow
GetClassInfoExW
SetWindowPos
IsDialogMessageW
IsWindow
PeekMessageW
UnhookWindowsHookEx
AppendMenuW
PostThreadMessageW
GetClientRect
SetMenuInfo
GetWindowLongW
LoadCursorW
CallWindowProcW
DestroyMenu
MonitorFromPoint
LoadImageW
GetDoubleClickTime
PostQuitMessage
AttachThreadInput
IsWindowVisible
SetWindowTextW
DispatchMessageW
ShowWindow
DestroyWindow
IsChild
AllowSetForegroundWindow
PostMessageW
GetDC
SetMenuDefaultItem
MonitorFromWindow
GetMonitorInfoW
SetWindowLongW
LoadMenuW
SendMessageW
GetParent
GetWindowThreadProcessId
SystemParametersInfoW
SetForegroundWindow
LoadAcceleratorsW
CallNextHookEx
LoadIconW
WaitForInputIdle
RegisterWindowMessageW
CreateWindowExW
CharNextW
TranslateMessage
FindWindowW
GetSystemMetrics
DefWindowProcW
GetMessageW
CreateMenu
LoadStringW
KillTimer

ole32

OleUninitialize
CoTaskMemAlloc
StringFromCLSID
PropVariantClear
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
OleInitialize

atl

AtlModuleInit
AtlAxGetControl
DllGetClassObject
AtlModuleExtractCreateWndData
AtlUnmarshalPtr
AtlModuleRegisterWndClassInfoA
AtlModuleRegisterWndClassInfoW

upnphost

DllRegisterServer
ServiceMain
DllGetClassObject
DllCanUnloadNow

Sections

.rpoJsSv
Size: 2KB - Virtual size: 31KB

IMAGE_SCN_MEM_READ

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gsNz
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ABWmj
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.umGUGts
Size: 512B - Virtual size: 313B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dHzlnvk
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BLAdep
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.HLOV
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TJdzA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gUbLH
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ygLJlSm
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JnTc
Size: 512B - Virtual size: 439B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff7f9586e5be16b05fe10e23464ce776

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3dCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

68:4f:db:05:81:c5:1b:47:a1:d8:90:11:d2:76:16:da:d1:40:79:3bSigner

Headers

File Characteristics

Imports

gdi32

kernel32

oleaut32

user32

ole32

atl

upnphost

Sections

.rpoJsSv Size: 2KB - Virtual size: 31KB

.text Size: 16KB - Virtual size: 16KB

.gsNz Size: 1KB - Virtual size: 1KB

.ABWmj Size: 2KB - Virtual size: 2KB

.umGUGts Size: 512B - Virtual size: 313B

.dHzlnvk Size: 2KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 235KB

.BLAdep Size: 2KB - Virtual size: 2KB

.rdata Size: 209KB - Virtual size: 208KB

.HLOV Size: 1KB - Virtual size: 1KB

.TJdzA Size: 2KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

.gUbLH Size: 1KB - Virtual size: 1KB

.ygLJlSm Size: 3KB - Virtual size: 2KB

.JnTc Size: 512B - Virtual size: 439B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3d
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

68:4f:db:05:81:c5:1b:47:a1:d8:90:11:d2:76:16:da:d1:40:79:3b
Signer

.rpoJsSv
Size: 2KB - Virtual size: 31KB

.text
Size: 16KB - Virtual size: 16KB

.gsNz
Size: 1KB - Virtual size: 1KB

.ABWmj
Size: 2KB - Virtual size: 2KB

.umGUGts
Size: 512B - Virtual size: 313B

.dHzlnvk
Size: 2KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 235KB

.BLAdep
Size: 2KB - Virtual size: 2KB

.rdata
Size: 209KB - Virtual size: 208KB

.HLOV
Size: 1KB - Virtual size: 1KB

.TJdzA
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB

.gUbLH
Size: 1KB - Virtual size: 1KB

.ygLJlSm
Size: 3KB - Virtual size: 2KB

.JnTc
Size: 512B - Virtual size: 439B