JaffaCakes118_7ae46c57ab0c2f3ba45f9ffce40694bd

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_7ae46c57ab0c2f3ba45f9ffce40694bd
Size

249KB
MD5

7ae46c57ab0c2f3ba45f9ffce40694bd
SHA1

7e1f2b2b05266a82db96c3ca61f66cb84176bbf8
SHA256

33d392a0688b647bb11ebccd07641b5997dd748d2bf23919f0feaa00a8182665
SHA512

4c93086927860dd8dce7e8fa96dfe6528b64cea2208f3ca3ab276929b8252400b7d76aa47ba99316c92013659ad30704330fda1db06a5eeb241c539ad8fd9376
SSDEEP

6144:5ApjlcK3jvdByYKvXMlDLMjwuGR0Ournll0dXbpFm9:UjlJ3r3i8hLMj9GyxDlQXFFO

Score

1^/10

Malware Config

Signatures

Files

JaffaCakes118_7ae46c57ab0c2f3ba45f9ffce40694bd
.exe windows:4 windows x86 arch:x86

333c18068e9b1bb91e230f1d7db14470

Code Sign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:75:e9:97:f3:d7:0b:b8:c1:82:d5:6b:25:b7:d8:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/12/2011, 00:00

Not After

18/12/2014, 23:59

Subject

CN=Primetech Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Primetech Ltd.,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

be:aa:da:96:44:59:14:14:32:cc:8d:ad:b3:3d:ce:1b:1c:75:29:6b
Signer

Actual PE Digest

be:aa:da:96:44:59:14:14:32:cc:8d:ad:b3:3d:ce:1b:1c:75:29:6b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
lstrlenW
GetFileAttributesW
lstrcpynA
lstrlenA
GetFullPathNameA
GetFileAttributesA
lstrcpynW
FreeLibrary
MultiByteToWideChar
GetModuleHandleW
LoadLibraryW
GetLastError
GetLogicalDriveStringsW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetCurrentProcess
GetVersionExW
LocalFree
LocalAlloc
GetTickCount
GetModuleFileNameW
lstrcmpA
GetProcAddress
LoadLibraryA

user32

PostMessageW
InvalidateRect
SetForegroundWindow
DestroyIcon
LoadImageW
GetCursorPos
EnableWindow
IsWindow
SendMessageW
GetDCEx
FindWindowW
IsMenu
SetWindowPos
SetWindowTextW
DialogBoxParamW
ShowCaret
SetWindowRgn
WinHelpW
EndMenu
GetActiveWindow
EndDialog
GetWindowRgn
CreateWindowExA
MessageBoxW
LoadMenuIndirectA
CharNextA
GetKeyboardType
GetSubMenu
RegisterClassW
SendDlgItemMessageA
EnumClipboardFormats
MoveWindow
SetDlgItemTextW
LoadMenuW
SetTimer
LoadMenuA
GetMenuItemCount
GetClassInfoW
LoadCursorA
UpdateLayeredWindow

gdi32

CreateCompatibleDC
CreateSolidBrush
DeleteObject
UpdateICMRegKeyW
SetWinMetaFileBits
StretchDIBits
CreateMetaFileA
CreateEllipticRgn
GetMetaFileW
CreateRoundRectRgn
GdiGetBatchLimit
CreateColorSpaceW

advapi32

RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyW
RegSetValueExW
RegDeleteKeyW
RegDeleteKeyA

shell32

SHGetDesktopFolder

resutils

ResUtilGetSzProperty
ResUtilGetPropertiesToParameterBlock

Sections

CODE
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sNCiX
Size: 104KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ucXcrq
Size: 108KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

333c18068e9b1bb91e230f1d7db14470

Code Sign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

5e:75:e9:97:f3:d7:0b:b8:c1:82:d5:6b:25:b7:d8:36Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

be:aa:da:96:44:59:14:14:32:cc:8d:ad:b3:3d:ce:1b:1c:75:29:6bSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

resutils

Sections

CODE Size: 3KB - Virtual size: 2KB

.edata Size: 13KB - Virtual size: 16KB

.rdata Size: 3KB - Virtual size: 17KB

.sNCiX Size: 104KB - Virtual size: 153KB

.data Size: 5KB - Virtual size: 360KB

.ucXcrq Size: 108KB - Virtual size: 194KB

.rsrc Size: 6KB - Virtual size: 6KB

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

5e:75:e9:97:f3:d7:0b:b8:c1:82:d5:6b:25:b7:d8:36
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

be:aa:da:96:44:59:14:14:32:cc:8d:ad:b3:3d:ce:1b:1c:75:29:6b
Signer

CODE
Size: 3KB - Virtual size: 2KB

.edata
Size: 13KB - Virtual size: 16KB

.rdata
Size: 3KB - Virtual size: 17KB

.sNCiX
Size: 104KB - Virtual size: 153KB

.data
Size: 5KB - Virtual size: 360KB

.ucXcrq
Size: 108KB - Virtual size: 194KB

.rsrc
Size: 6KB - Virtual size: 6KB