JaffaCakes118_1aaa5bec43ac99187b5940c01a75e9bd

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_1aaa5bec43ac99187b5940c01a75e9bd
Size

228KB
MD5

1aaa5bec43ac99187b5940c01a75e9bd
SHA1

a47ebc0d70158322f4b4983ad58e278be7d59896
SHA256

b6f550ac385d96229e9a2f3716ab2f238e54b1b22243ea069a26885f4d09ca43
SHA512

7657e10e4d713cfc5e4e0f6fd500b600647a67259d09e420d2b229ff8ff1cc824710726a3d39c713aae9d5bc6a2e848048a2d3abd0678a4fa99a0814b2c28d09
SSDEEP

6144:SLc+jTfw2g7/0YuD+8h2KHPtPnnzfq80jFih2iA28PV7d:SLc+I2g8+O2KpnzCNAh4Fd

Score

1^/10

Malware Config

Signatures

Files

JaffaCakes118_1aaa5bec43ac99187b5940c01a75e9bd
.exe windows:4 windows x86 arch:x86

cccbb1f84c576246754f793988b41313

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:b2:d3:c2:21:07:bc:a3:05:4c:66:a7:95:9f:1b:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/09/2009, 00:00

Not After

25/10/2012, 23:59

Subject

CN=Norman ASA,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarter,O=Norman ASA,L=Lysaker,ST=Oslo,C=NO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:6b:8e:04:5e:e0:59:93:ff:70:45:df:36:fd:68:9a:22:a2:25:be
Signer

Actual PE Digest

39:6b:8e:04:5e:e0:59:93:ff:70:45:df:36:fd:68:9a:22:a2:25:be

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SystemTimeToFileTime
CreateNamedPipeW
GetCurrentThread
CreateDirectoryA
IsValidCodePage
GetProcessHeaps
DeleteAtom
GetProcAddress
DosDateTimeToFileTime
SearchPathW
GetLogicalDriveStringsA
GetModuleHandleW
OpenEventA
GetDiskFreeSpaceW
ExpandEnvironmentStringsW
GetExitCodeProcess
EnumTimeFormatsA
GetMailslotInfo
GetComputerNameA
IsBadStringPtrA
GetVersionExA
AddAtomW
GetTimeFormatW
SetCurrentDirectoryA
GetSystemDirectoryA
SetComputerNameA
lstrcmp
SetCalendarInfoA
MoveFileW
lstrcmpA
GetEnvironmentStringsW
GetStartupInfoA
GetExpandedNameW
LoadLibraryExA
GetSystemTime
GetWindowsDirectoryW
FindAtomA

user32

GetMenuStringA
EnumClipboardFormats
SetActiveWindow
LoadMenuA
RegisterWindowMessageA
GetMenuItemID
GetKeyboardLayout
SetWindowLongW
GetSysColorBrush
GetCapture
SetParent
GetFocus
UpdateLayeredWindow
DefWindowProcW
GetIconInfo
TrackPopupMenu
PostQuitMessage
GetMenuItemRect
CharLowerA
IsIconic
MonitorFromWindow
GetScrollPos
SetWindowTextA
OpenClipboard
DialogBoxParamA
UnregisterClassW
AppendMenuW
wvsprintfA
DialogBoxParamW
WaitMessage
GetMessageW
GetCaretPos
CreateAcceleratorTableW
GetMenuInfo
AdjustWindowRect
EnumWindows
DialogBoxIndirectParamW
LoadIconA
CreateMenu
wvsprintfW
PostMessageA

shell32

ShellExecuteEx
StrStrIW
SHGetDesktopFolder
StrRStrIW
SHBrowseForFolderA
StrRStrW
StrRChrA
SHGetDiskFreeSpaceA

comdlg32

PageSetupDlgA
GetFileTitleW
PageSetupDlgW
PrintDlgExA

ole32

CoGetInstanceFromFile
CoInitialize
CLSIDFromProgID
CoGetInstanceFromIStorage
CoFileTimeNow

version

VerLanguageNameA
VerFindFileA
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
VerLanguageNameW
GetFileVersionInfoA
VerFindFileW

imm32

ImmReleaseContext
ImmRegisterWordA

oledlg

OleUICanConvertOrActivateAs
OleUIConvertW
OleUIChangeIconW
OleUIPasteSpecialA
OleUIEditLinksA
OleUIBusyW
OleUIChangeSourceW
OleUIPromptUserW

sqlunirl

_ObjectDeleteAuditAlarm_@12
_WaitNamedPipe_@8
_GetClassName_@12
_UpdateResource_@24
_CopyMetaFile_@8
__lopen_@8
_FindWindowEx_@16
_BeginUpdateResource_@8
_GetServiceDisplayName_@16

Sections

.rvJH
Size: 1024B - Virtual size: 635B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.I
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.NTHo
Size: 3KB - Virtual size: 478KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qYC
Size: 1KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CZ
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.mwmI
Size: 4KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trEUrt
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.YmaCRC
Size: 12KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rMmJC
Size: 5KB - Virtual size: 347KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cccbb1f84c576246754f793988b41313

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

5c:b2:d3:c2:21:07:bc:a3:05:4c:66:a7:95:9f:1b:5fCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

39:6b:8e:04:5e:e0:59:93:ff:70:45:df:36:fd:68:9a:22:a2:25:beSigner

Headers

File Characteristics

Imports

kernel32

user32

shell32

comdlg32

ole32

version

imm32

oledlg

sqlunirl

Sections

.rvJH Size: 1024B - Virtual size: 635B

.I Size: 88KB - Virtual size: 88KB

.NTHo Size: 3KB - Virtual size: 478KB

.qYC Size: 1KB - Virtual size: 182KB

.CZ Size: 11KB - Virtual size: 11KB

.mwmI Size: 4KB - Virtual size: 52KB

.trEUrt Size: 88KB - Virtual size: 88KB

.YmaCRC Size: 12KB - Virtual size: 360KB

.rMmJC Size: 5KB - Virtual size: 347KB

.rsrc Size: 6KB - Virtual size: 5KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

5c:b2:d3:c2:21:07:bc:a3:05:4c:66:a7:95:9f:1b:5f
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

39:6b:8e:04:5e:e0:59:93:ff:70:45:df:36:fd:68:9a:22:a2:25:be
Signer

.rvJH
Size: 1024B - Virtual size: 635B

.I
Size: 88KB - Virtual size: 88KB

.NTHo
Size: 3KB - Virtual size: 478KB

.qYC
Size: 1KB - Virtual size: 182KB

.CZ
Size: 11KB - Virtual size: 11KB

.mwmI
Size: 4KB - Virtual size: 52KB

.trEUrt
Size: 88KB - Virtual size: 88KB

.YmaCRC
Size: 12KB - Virtual size: 360KB

.rMmJC
Size: 5KB - Virtual size: 347KB

.rsrc
Size: 6KB - Virtual size: 5KB