JaffaCakes118_1c671335c2a25e7c939485be1c4ca4f3

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_1c671335c2a25e7c939485be1c4ca4f3
Size

200KB
MD5

1c671335c2a25e7c939485be1c4ca4f3
SHA1

ff02943a232c7d421952aad6b4547480cef225d8
SHA256

107ffd2671a4a5e020d1ccf036b2ead1ca138230dce2ec1ea7f4d51840e1ae27
SHA512

b029867b22d2ebf1ca774bee0f3af2c0be534d1a11c7e3ec0ff22ad5db505dfbca741868261e8c12e1e24694d21ba1874ff0bb2c9768e87bb5154ac9327cd050
SSDEEP

3072:gaSdR9c1/fuWL0AjMilpCOT+kICtApWFK1WHk25weLcKznxbQFFNj6QUW:g7oFuhAwM+kICeseWEEPznxbJW

Score

1^/10

Malware Config

Signatures

Files

JaffaCakes118_1c671335c2a25e7c939485be1c4ca4f3
.exe windows:4 windows x86 arch:x86

002de085159dcce8b0cd54386af8e46d

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11-09-2006 00:00

Not After

24-11-2007 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b7:a2:f3:b0:f5:e3:a8:3f:e0:30:c1:7b:66:7b:19:ad:0a:86:bd:4e
Signer

Actual PE Digest

b7:a2:f3:b0:f5:e3:a8:3f:e0:30:c1:7b:66:7b:19:ad:0a:86:bd:4e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy
GetCurrentDirectoryW
lstrcat
GetAtomNameW
GetProcAddress
EnumCalendarInfoA
SetCurrentDirectoryA
GetThreadLocale
DuplicateHandle
GetPriorityClass
SetCurrentDirectoryW
OpenWaitableTimerA
LoadResource
GetTimeFormatA
lstrlen
CreateFileA
GetMailslotInfo
GetDateFormatW
GetModuleHandleA
GetFullPathNameW
GetStartupInfoA
GetFullPathNameA
SetEvent
lstrcmpW
FindAtomA
SetErrorMode
GetFileTime
lstrcpynW
Beep
GetCurrentThreadId
GetSystemDirectoryW

user32

RegisterClassExW
LoadIconW
IsChild
CreateDesktopA
SetCursorPos
GetClassInfoExA
ShowWindow
CreateDialogParamW
SetTimer
GetAsyncKeyState
WaitMessage
SetDlgItemTextA
EnumDesktopWindows
EnumChildWindows
CallWindowProcA
SendMessageW
LoadBitmapA
CreateDialogIndirectParamW
GetMenuItemInfoW
DefDlgProcA
GetDesktopWindow
OffsetRect
GetActiveWindow
GetDC
EmptyClipboard
RegisterClassW
InsertMenuItemW
WaitForInputIdle
GetWindowTextW

gdi32

SetGraphicsMode
GetLogColorSpaceW
GetObjectA
EnumEnhMetaFile
SetPaletteEntries
GetTextCharset
DeleteEnhMetaFile
PolyPolyline
GetMetaFileW
GetTextAlign
GetGlyphIndicesW
GetTextExtentExPointI
ExtTextOutW
GetDCBrushColor

advapi32

RegQueryValueA
RegDeleteValueA
RegCreateKeyW

shlwapi

SHRegGetUSValueW
PathIsUNCServerW
PathRelativePathToA
StrFormatKBSizeA
SHDeleteEmptyKeyW
PathCombineW
StrRChrIA
UrlCompareW
StrCatW
StrFormatKBSizeW
PathFindExtensionW
PathFindFileNameA

comctl32

ImageList_LoadImageA
ImageList_Replace
ImageList_SetImageCount
FlatSB_SetScrollInfo
CreatePropertySheetPageW

winmm

mmioAdvance
mmioInstallIOProcW
mixerGetLineControlsA
mmioSetInfo
waveInReset
midiOutLongMsg

crypt32

CryptHashCertificate
CryptSignCertificate
CertRDNValueToStrA
CryptHashPublicKeyInfo

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.c
Size: 1024B - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdTw
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MbOy
Size: 3KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hsn
Size: 1024B - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.umshMn
Size: 2KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BQPZ
Size: 512B - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

002de085159dcce8b0cd54386af8e46d

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4Certificate

Extended Key Usages

Key Usages

b7:a2:f3:b0:f5:e3:a8:3f:e0:30:c1:7b:66:7b:19:ad:0a:86:bd:4eSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

comctl32

winmm

crypt32

Sections

.text Size: 11KB - Virtual size: 10KB

.c Size: 1024B - Virtual size: 41KB

.sdTw Size: 512B - Virtual size: 4KB

.MbOy Size: 3KB - Virtual size: 21KB

.hsn Size: 1024B - Virtual size: 22KB

.data Size: 10KB - Virtual size: 10KB

.umshMn Size: 2KB - Virtual size: 35KB

.BQPZ Size: 512B - Virtual size: 215KB

.rsrc Size: 164KB - Virtual size: 163KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

01:ed:f8:34:0c:df:06:0c:09:9e:1a:64:72:f7:6d:b4
Certificate

b7:a2:f3:b0:f5:e3:a8:3f:e0:30:c1:7b:66:7b:19:ad:0a:86:bd:4e
Signer

.text
Size: 11KB - Virtual size: 10KB

.c
Size: 1024B - Virtual size: 41KB

.sdTw
Size: 512B - Virtual size: 4KB

.MbOy
Size: 3KB - Virtual size: 21KB

.hsn
Size: 1024B - Virtual size: 22KB

.data
Size: 10KB - Virtual size: 10KB

.umshMn
Size: 2KB - Virtual size: 35KB

.BQPZ
Size: 512B - Virtual size: 215KB

.rsrc
Size: 164KB - Virtual size: 163KB