JaffaCakes118_af8adae2a36646e83c38b4f4fabd929f

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_af8adae2a36646e83c38b4f4fabd929f
Size

285KB
MD5

af8adae2a36646e83c38b4f4fabd929f
SHA1

790f64326876a5177e52e3f0bc6c84ab0a68c6ab
SHA256

4f47df8c4182d198caa01025560829d0060b9f9deedca4f2d1938d24d6ee712e
SHA512

c5a972152016e5b7c05401df51c7abe6a2656088b83a92b2dfdb80e14594c0d41eb3608acd4ebb421ade33ea78906484c83f52c3441d1accd7b670c8d384e170
SSDEEP

6144:w9/W7uXa6C+aetJBsP2A5Zgh9hfyWzHel+p3BlT82zk:wFW7uq6//HA5k9yWz+wX58Mk

Score

1^/10

Malware Config

Signatures

Files

JaffaCakes118_af8adae2a36646e83c38b4f4fabd929f
.exe windows:4 windows x86 arch:x86

e570494d5e6675ccbc38b71fb3a27aa7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:43:bb:5c:63:bc:31:7f:31:04:be:c8:75:43:9c:1c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

05-02-2010 00:00

Not After

14-04-2012 23:59

Subject

CN=Malwarebytes Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Malwarebytes Corporation,L=Champaign,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:80:3a:88:42:a2:3c:fb:2f:17:7d:f5:50:e8:c5:8a:e2:9b:32:ed
Signer

Actual PE Digest

48:80:3a:88:42:a2:3c:fb:2f:17:7d:f5:50:e8:c5:8a:e2:9b:32:ed

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

StringFromGUID2
CoUninitialize
CoDisconnectObject
CoTaskMemFree
GetHGlobalFromStream
CoInitialize
CoSetProxyBlanket
StringFromCLSID
CoCreateInstance
CoInitializeEx
OleRun
CoQueryProxyBlanket
CreateStreamOnHGlobal

oleaut32

VariantClear
SafeArrayDestroy
SafeArrayRedim
VariantTimeToSystemTime
GetRecordInfoFromGuids
SysAllocString
SysStringByteLen
SysFreeString
VariantCopy
SystemTimeToVariantTime
SafeArrayGetUBound
SafeArrayCreateVectorEx
SysAllocStringByteLen
SafeArrayUnlock
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayLock
VariantCopyInd
SafeArrayAccessData
SysStringLen
VariantInit
GetErrorInfo
VarBstrCmp
SafeArrayGetDim
LoadRegTypeLi
SafeArrayCopy
SafeArrayGetLBound
SysAllocStringLen
LoadTypeLi
SafeArrayGetVartype
SafeArrayCreate
VariantChangeType

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shlwapi

PathStripPathW
PathAppendW
PathQuoteSpacesW
PathStripPathA
PathAddBackslashW
PathFileExistsW
PathRemoveFileSpecW
PathRemoveExtensionW

shell32

SHGetSpecialFolderPathA

user32

wsprintfA

userenv

UnloadUserProfile

advapi32

CryptAcquireContextA
RegDeleteValueA
GetFileSecurityW
RegCloseKey
CryptDestroyHash
GetSecurityDescriptorGroup
IsValidSid
ControlService
RegQueryValueExA
CryptCreateHash
ImpersonateSelf
InitializeAcl
EqualSid
CryptHashData
RegOpenKeyExA
MakeSelfRelativeSD
GetSecurityDescriptorLength
GetSecurityDescriptorControl
CryptGetHashParam
InitializeSecurityDescriptor
GetLengthSid
OpenServiceW
GetSecurityDescriptorOwner
SetSecurityDescriptorDacl
GetAclInformation
OpenSCManagerA
GetSecurityDescriptorSacl
AdjustTokenPrivileges
CopySid
GetSecurityDescriptorDacl
SetFileSecurityW
OpenThreadToken
RevertToSelf
MakeAbsoluteSD
GetAce
RegSetValueExA
RegNotifyChangeKeyValue
QueryServiceStatusEx
CloseServiceHandle
LookupAccountNameW
LookupPrivilegeValueA
CryptReleaseContext
AddAce

psapi

GetModuleBaseNameA

kernel32

FindResourceA
CreateProcessW
CreateFileA
OpenProcess
HeapReAlloc
ReadFile
SizeofResource
CancelWaitableTimer
SetLastError
IsBadCodePtr
LocalAlloc
OpenEventA
FreeEnvironmentStringsW
HeapFree
ResumeThread
lstrlenA
CreateThread
GetSystemTime
GetCommandLineA
VirtualFree
HeapAlloc
LCMapStringA
SetUnhandledExceptionFilter
GetSystemInfo
FreeEnvironmentStringsA
IsValidLocale
GetUserDefaultLCID
TlsFree
CreateEventA
LoadResource
UnhandledExceptionFilter
IsValidCodePage
VirtualProtect
WaitForMultipleObjects
LockResource
GlobalAlloc
FlushFileBuffers
LCMapStringW
CreateWaitableTimerA
EnumSystemLocalesA
GetFileType
lstrlenW
GetProcessHeap
RtlUnwind
EnterCriticalSection
GetACP
SetStdHandle
TlsSetValue
RaiseException
GetCurrentThreadId
LeaveCriticalSection
WriteFile
GetThreadLocale
TlsAlloc
GlobalUnlock
TlsGetValue
GetSystemTimeAsFileTime
GetModuleHandleA
GlobalSize
CloseHandle
LocalFree
SetEndOfFile
VirtualQuery
SetWaitableTimer
WaitForSingleObject
DeleteCriticalSection
WideCharToMultiByte
HeapSize
FormatMessageA
FindResourceExA
HeapDestroy
SetFilePointer
SetHandleCount
VirtualAlloc
GlobalLock
GetStdHandle
GetOEMCP
SetErrorMode
VirtualAllocEx

atl

AtlModuleInit
AtlAxGetControl
AtlModuleRevokeClassObjects
AtlModuleAddTermFunc
AtlInternalQueryInterface
DllCanUnloadNow
AtlAxAttachControl

msident

DllCanUnloadNow

Sections

.GjhMh
Size: 3KB - Virtual size: 23KB

IMAGE_SCN_MEM_READ

.iirdzMI
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_MEM_READ

.vDfwmZI
Size: 3KB - Virtual size: 25KB

IMAGE_SCN_MEM_READ

.GXDUZD
Size: 1KB - Virtual size: 35KB

IMAGE_SCN_MEM_READ

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.cUOVZmt
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zRME
Size: 512B - Virtual size: 314B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.llBB
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.BWGySW
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdFKK
Size: 1024B - Virtual size: 918B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VfKb
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qpbHYx
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.XkNts
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e570494d5e6675ccbc38b71fb3a27aa7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

39:43:bb:5c:63:bc:31:7f:31:04:be:c8:75:43:9c:1cCertificate

Extended Key Usages

Key Usages

48:80:3a:88:42:a2:3c:fb:2f:17:7d:f5:50:e8:c5:8a:e2:9b:32:edSigner

Headers

File Characteristics

Imports

ole32

oleaut32

version

shlwapi

shell32

user32

userenv

advapi32

psapi

kernel32

atl

msident

Sections

.GjhMh Size: 3KB - Virtual size: 23KB

.iirdzMI Size: 2KB - Virtual size: 7KB

.vDfwmZI Size: 3KB - Virtual size: 25KB

.GXDUZD Size: 1KB - Virtual size: 35KB

.text Size: 18KB - Virtual size: 18KB

.cUOVZmt Size: 2KB - Virtual size: 2KB

.zRME Size: 512B - Virtual size: 314B

.llBB Size: 2KB - Virtual size: 2KB

.BWGySW Size: 1024B - Virtual size: 568B

.rdFKK Size: 1024B - Virtual size: 918B

.data Size: 7KB - Virtual size: 57KB

.VfKb Size: 3KB - Virtual size: 2KB

.rdata Size: 210KB - Virtual size: 210KB

.qpbHYx Size: 3KB - Virtual size: 2KB

.XkNts Size: 1KB - Virtual size: 1KB

.rsrc Size: 17KB - Virtual size: 17KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

39:43:bb:5c:63:bc:31:7f:31:04:be:c8:75:43:9c:1c
Certificate

48:80:3a:88:42:a2:3c:fb:2f:17:7d:f5:50:e8:c5:8a:e2:9b:32:ed
Signer

.GjhMh
Size: 3KB - Virtual size: 23KB

.iirdzMI
Size: 2KB - Virtual size: 7KB

.vDfwmZI
Size: 3KB - Virtual size: 25KB

.GXDUZD
Size: 1KB - Virtual size: 35KB

.text
Size: 18KB - Virtual size: 18KB

.cUOVZmt
Size: 2KB - Virtual size: 2KB

.zRME
Size: 512B - Virtual size: 314B

.llBB
Size: 2KB - Virtual size: 2KB

.BWGySW
Size: 1024B - Virtual size: 568B

.rdFKK
Size: 1024B - Virtual size: 918B

.data
Size: 7KB - Virtual size: 57KB

.VfKb
Size: 3KB - Virtual size: 2KB

.rdata
Size: 210KB - Virtual size: 210KB

.qpbHYx
Size: 3KB - Virtual size: 2KB

.XkNts
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 17KB - Virtual size: 17KB