JaffaCakes118_a9a81e6b3cc2e26d6fd53c451d26618b

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_a9a81e6b3cc2e26d6fd53c451d26618b
Size

201KB
MD5

a9a81e6b3cc2e26d6fd53c451d26618b
SHA1

dc9a05ada46af90caf85a2dd53021a84a7e84f63
SHA256

123ddb6da0e5681fafd6189e774d0224a03908b7a5bd7b3db917c182340051ab
SHA512

f1796b30b1957a12af311abacab93cd524f1c44e30a493bf6dfa1bfaf0dbb7d2d3f89abdc38c812e2bb6d5003d8ef49de734211f76dca13cb3b7bbf7a0215f1e
SSDEEP

6144:/FQZZuyaYCAgF/8ElUJ4grunG3E3++UZCv2H:/F4HaH9D3grOG3s++UZCv2H

Score

1^/10

Malware Config

Signatures

Files

JaffaCakes118_a9a81e6b3cc2e26d6fd53c451d26618b
.exe windows:4 windows x86 arch:x86

3b35d7b67b616bbcff42ebd09c7d625b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21-09-2006 00:00

Not After

18-12-2009 23:59

Subject

CN=Agnitum Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Agnitum Ltd.,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:00:9d:d4:ee:5b:82:55:00:8c:41:91:3a:7b:ea:0f:73:57:75:34
Signer

Actual PE Digest

62:00:9d:d4:ee:5b:82:55:00:8c:41:91:3a:7b:ea:0f:73:57:75:34

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
GetVersionExW
IsValidCodePage
GetExitCodeThread
GetLastError
GetLogicalDriveStringsA
GetFileTime
lstrcmpW
GetProcAddress
lstrcpyW
IsValidLocale
WinExec
GetACP
OpenSemaphoreA
GetMailslotInfo
SetLocaleInfoA
GetThreadPriority
GetModuleHandleA
GetCurrentProcessId
GetStringTypeW
GetLogicalDrives
Beep
GetThreadLocale
GetLocaleInfoA
FatalAppExitW
FatalAppExitA
FreeResource
BeginUpdateResourceW
QueryPerformanceFrequency
FindResourceA
GetProcessHeap
CreateMailslotW
GetModuleFileNameW
GetEnvironmentVariableA
CreateNamedPipeA
OpenEventW
GetTempPathW
CreateMutexA
BeginUpdateResourceA
GetVolumeInformationA
ExitProcess
lstrcmpi
lstrcmpA
SetCurrentDirectoryA
GetFullPathNameA
SetComputerNameA
GetFileAttributesW
GetCurrentThreadId
GetSystemInfo

user32

CharUpperW
FindWindowW
GetMenuInfo
EnumClipboardFormats
GetClassLongW
GetMenuStringA
mouse_event
DialogBoxParamW
GetCursorPos
EnumChildWindows
CreatePopupMenu
WaitForInputIdle
CascadeWindows
wvsprintfA
InvalidateRect
CharNextA
PostQuitMessage
LoadMenuIndirectA
CreateDialogIndirectParamA
EnumDesktopWindows
CloseWindow
GetSysColor
GetCapture
GetKeyState
GetWindowRgn
RemoveMenu
GetClassInfoExA
SetWindowPos
ClientToScreen
EnumWindows
GetMessageA
CopyRect
GetDCEx
CreateDesktopW
MessageBoxA
GetActiveWindow
EmptyClipboard
GetKeyboardType
wsprintfW
LoadImageA
CharPrevA
MessageBoxW
InsertMenuItemW
keybd_event
RegisterWindowMessageW

gdi32

BitBlt
GetLayout
ExtFloodFill
GetCharWidthI
EnumMetaFile
Escape
GetEnhMetaFileDescriptionA
RoundRect
SetWinMetaFileBits
GetClipRgn
GetMetaFileA
ColorCorrectPalette
GetArcDirection
GetRgnBox
CreateCompatibleBitmap

advapi32

RegDeleteValueW
RegRestoreKeyA
RegCreateKeyExA

shlwapi

UrlCombineA

comdlg32

PageSetupDlgA
PrintDlgA
FindTextW

wininet

LoadUrlCacheContent
InternetGetConnectedStateEx
UnlockUrlCacheEntryFile
HttpEndRequestA
SetUrlCacheEntryInfoA
UnlockUrlCacheEntryFileA
InternetGetCookieW
GopherCreateLocatorA

oledlg

OleUIConvertA
OleUIAddVerbMenuW

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.fy
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TLxSTy
Size: 3KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Svdr
Size: 512B - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.EiN
Size: 2KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zl
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.XRty
Size: 512B - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b35d7b67b616bbcff42ebd09c7d625b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6Certificate

Extended Key Usages

Key Usages

62:00:9d:d4:ee:5b:82:55:00:8c:41:91:3a:7b:ea:0f:73:57:75:34Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

comdlg32

wininet

oledlg

Sections

.text Size: 12KB - Virtual size: 12KB

.fy Size: 1024B - Virtual size: 5KB

.TLxSTy Size: 3KB - Virtual size: 52KB

.Svdr Size: 512B - Virtual size: 47KB

.EiN Size: 2KB - Virtual size: 35KB

.data Size: 10KB - Virtual size: 9KB

.zl Size: 1024B - Virtual size: 7KB

.XRty Size: 512B - Virtual size: 243KB

.rsrc Size: 164KB - Virtual size: 163KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6
Certificate

62:00:9d:d4:ee:5b:82:55:00:8c:41:91:3a:7b:ea:0f:73:57:75:34
Signer

.text
Size: 12KB - Virtual size: 12KB

.fy
Size: 1024B - Virtual size: 5KB

.TLxSTy
Size: 3KB - Virtual size: 52KB

.Svdr
Size: 512B - Virtual size: 47KB

.EiN
Size: 2KB - Virtual size: 35KB

.data
Size: 10KB - Virtual size: 9KB

.zl
Size: 1024B - Virtual size: 7KB

.XRty
Size: 512B - Virtual size: 243KB

.rsrc
Size: 164KB - Virtual size: 163KB