JaffaCakes118_b4e1f36a1e02cba9cfdcf86f1ab4c66e

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_b4e1f36a1e02cba9cfdcf86f1ab4c66e
Size

266KB
MD5

b4e1f36a1e02cba9cfdcf86f1ab4c66e
SHA1

11b9825105361e5a71644de482c59531700541a5
SHA256

942664ff4893cfedb50d58f49a484b5bbf8bbc7deab4ff4f8ee1bed6c76b0759
SHA512

98a1970c17980ff497fd786770d842ca7af12ab17da8d36766c87afd66aa8f7044bd3af9c6d182d982220e3d9e402490dc210dd85195c66b3fa28a9845a8d04b
SSDEEP

6144:5kEUickjWCPgmiuLuLjVhzVOEW+U2gcmE2i/Es1NSD4GRGQRureoB:5k2LgmiuLDWPgxiMs1AD4GRGQREB

Score

1^/10

Malware Config

Signatures

Files

JaffaCakes118_b4e1f36a1e02cba9cfdcf86f1ab4c66e
.exe windows:4 windows x86 arch:x86

6f95a73d3d850529b811507ddb065c44

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/09/2006, 00:00

Not After

18/12/2009, 23:59

Subject

CN=Agnitum Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Agnitum Ltd.,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d7:c4:08:17:3d:d1:2e:7f:68:0b:47:bd:df:00:28:88:c7:eb:fd:44
Signer

Actual PE Digest

d7:c4:08:17:3d:d1:2e:7f:68:0b:47:bd:df:00:28:88:c7:eb:fd:44

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
lstrcmpi
lstrcmpW
ExpandEnvironmentStringsW
FatalAppExitA
GlobalGetAtomNameA
GetLocaleInfoW
CreateDirectoryA
GetNumberFormatA
FileTimeToDosDateTime
GetStringTypeW
GetVolumeInformationA
DosDateTimeToFileTime
GlobalFindAtomW
GetSystemDirectoryA
DisconnectNamedPipe
ReplaceFileA
CreateEventW
ConnectNamedPipe
GlobalAlloc
GetAtomNameW
SetComputerNameA
lstrcmp
GetDateFormatW
CreateMailslotA
GetCalendarInfoW
SetLocaleInfoW
OpenSemaphoreW
LoadResource
OpenEventW
GetExpandedNameW
GetProcAddress
ExpandEnvironmentStringsA
GetLogicalDrives
CompareFileTime
SetErrorMode
GetCurrentDirectoryA
QueryPerformanceCounter
SetCalendarInfoA
OpenSemaphoreA
GetFullPathNameA
CreateSemaphoreA
IsValidLocale
GetProcessHeaps
IsDebuggerPresent
lstrcmpA
GetSystemInfo
GetProcessHeap
SystemTimeToFileTime
EnumCalendarInfoW
GetCurrentThreadId
LoadLibraryW
LocalFree
GetExpandedNameA
IsBadWritePtr
GetEnvironmentVariableW
FileTimeToLocalFileTime
FindResourceA
GetDateFormatA
GetEnvironmentStringsW
SearchPathA
FindResourceW
ExitProcess
OpenFile
MultiByteToWideChar
BeginUpdateResourceW
GetLogicalDriveStringsW
AddAtomA
IsValidCodePage
CopyFileExA
ReplaceFileW
GetUserDefaultLCID
LocalAlloc
lstrlenA
SetCurrentDirectoryW
GetDiskFreeSpaceA
GetHandleInformation
CreateSemaphoreW
EnumDateFormatsW
SetLocaleInfoA
GetModuleHandleW
QueryPerformanceFrequency
OpenWaitableTimerA
FileTimeToSystemTime
GetModuleFileNameA
TlsAlloc
CreateNamedPipeA
GetComputerNameA
GetExitCodeThread
GetTempPathA
GetAtomNameA
CreateMutexA
CreateNamedPipeW
GetModuleFileNameW
GetWindowsDirectoryW
GetFileAttributesA
EnumCalendarInfoA
AddAtomW
LoadLibraryA

user32

InsertMenuA
RegisterWindowMessageW
InvalidateRgn
CharUpperA
WinHelpA
GetCaretPos
GetMenuItemInfoA
LoadCursorW
OffsetRect
LoadImageA
CreateAcceleratorTableA
GetDlgItemTextW
CreateDesktopA
CharPrevW
LoadBitmapA
GetMenuInfo
LoadMenuIndirectW
SetForegroundWindow
SetCursor
SetMenu
SetDlgItemTextW
GetKeyboardType
DialogBoxIndirectParamW
MonitorFromWindow
EnableWindow
FindWindowW
CharNextW
GetDlgItemTextA
GetCapture
CreatePopupMenu
SetWindowPos
GetClassInfoA
AppendMenuW
SetCapture
EnumClipboardFormats
GetSysColor
UnregisterClassW
PostQuitMessage
SetTimer
SetWindowLongW
SendDlgItemMessageW
GetDlgItemInt
GetWindowRgn
RemoveMenu
TrackPopupMenuEx
CharLowerA
CheckMenuItem
IsIconic
GetClassInfoExW
wvsprintfW
EndDialog
GetDesktopWindow
SendMessageW
MoveWindow
MonitorFromPoint
OpenClipboard
RegisterClassW
SetDlgItemInt
UnregisterClassA
EnableMenuItem
TrackPopupMenu
IsMenu
SetParent
IsChild
RegisterClassExA
GetActiveWindow
GetMenuItemRect
CreateAcceleratorTableW
MonitorFromRect
GetKeyState
GetScrollPos
EmptyClipboard
PeekMessageA
LoadBitmapW
DestroyIcon
AppendMenuA
FindWindowA
CopyIcon
ShowCursor
RegisterWindowMessageA
MessageBoxIndirectW
CreateDialogParamA
SetWindowTextW
SendDlgItemMessageA
EnumWindows
IsDlgButtonChecked
CreateMenu
DialogBoxParamA
InsertMenuItemW
LoadIconW
DialogBoxIndirectParamA
InsertMenuItemA
GetMessageA
RegisterClassA
SetFocus
DialogBoxParamW
CreateDesktopW
IsWindow
SetCursorPos
ActivateKeyboardLayout
CreateDialogParamW
GetFocus
WaitMessage
DestroyCursor
InvalidateRect
MessageBoxA
SetWindowRgn
MessageBeep
MessageBoxW
EndMenu
LoadMenuA
CreateWindowExA
GetSysColorBrush

gdi32

CreateDIBSection
CreateDIBPatternBrushPt
GetRasterizerCaps
CreatePolygonRgn
SelectBrushLocal
GdiGetBatchLimit
CreateRoundRectRgn
GetEnhMetaFileW
CreateHatchBrush
CreateColorSpaceA
RemoveFontResourceExA
GetStockObject
CreateFontIndirectA
CreateFontIndirectExW
UpdateICMRegKeyA
CreateMetaFileA
CreateRectRgn
RemoveFontResourceExW
DeleteObject
CreatePalette
CreateScalableFontResourceA
ExtCreateRegion
CreateMetaFileW
GetTextExtentPointA
GetEnhMetaFilePixelFormat
SetEnhMetaFileBits
CreateBitmapIndirect
RemoveFontResourceA
CreateFontA
GetEnhMetaFileA
SetMetaFileBitsEx
CreatePatternBrush

advapi32

RegisterServiceCtrlHandlerExA
SetSecurityInfoExW
CryptGetKeyParam
QueryServiceConfig2A
DeregisterEventSource
RegLoadKeyW
WmiSetSingleInstanceW
SetSecurityDescriptorControl
WmiOpenBlock
ChangeServiceConfig2W
LsaSetTrustedDomainInformation
CreateServiceW
SaferCreateLevel
CredGetTargetInfoA

shell32

StrRStrIA
StrChrW

comctl32

FlatSB_SetScrollRange
FlatSB_GetScrollPos
CreateStatusWindow
CreateStatusWindowA
ImageList_DragLeave
ImageList_Remove

ole32

CLSIDFromProgID

wininet

FtpGetFileW
InternetWriteFile
FtpGetCurrentDirectoryA
InternetOpenUrlW
InternetCombineUrlA
InternetDialA
DetectAutoProxyUrl
RegisterUrlCacheNotification
FtpPutFileA
HttpSendRequestExW
FindCloseUrlCache
SetUrlCacheGroupAttributeW
InternetInitializeAutoProxyDll
GopherCreateLocatorA
FtpPutFileEx
ShowCertificate
InternetSetPerSiteCookieDecisionW

urlmon

GetComponentIDFromCLSSPEC
GetSoftwareUpdateInfo
DllCanUnloadNow
CreateFormatEnumerator
DllGetClassObject
CoInternetGetProtocolFlags
CoInstall
DllUnregisterServer
CopyBindInfo
URLOpenPullStreamW
HlinkNavigateString
RegisterMediaTypes
RevokeFormatEnumerator
URLDownloadToFileW
RegisterBindStatusCallback
UrlMkGetSessionOption

hid

HidD_GetFeature
HidD_Hello

inetcomm

MimeOleCreateVirtualStream
MimeOleGetCertsFromThumbprints
HrGetLastOpenFileDirectoryW
MimeOleSMimeCapRelease
MimeEditCreateMimeDocument
MimeOleGetFileExtension
MimeOleCreateHeaderTable
EssReceiptDecodeEx

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f95a73d3d850529b811507ddb065c44

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6Certificate

Extended Key Usages

Key Usages

d7:c4:08:17:3d:d1:2e:7f:68:0b:47:bd:df:00:28:88:c7:eb:fd:44Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

wininet

urlmon

hid

inetcomm

Sections

.text Size: 12KB - Virtual size: 12KB

.edata Size: 108KB - Virtual size: 108KB

.rdata Size: 9KB - Virtual size: 40KB

.data Size: 12KB - Virtual size: 236KB

.edata Size: 108KB - Virtual size: 107KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 1KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

4f:53:8f:24:25:65:7e:95:05:19:3a:68:06:5f:ed:f6
Certificate

d7:c4:08:17:3d:d1:2e:7f:68:0b:47:bd:df:00:28:88:c7:eb:fd:44
Signer

.text
Size: 12KB - Virtual size: 12KB

.edata
Size: 108KB - Virtual size: 108KB

.rdata
Size: 9KB - Virtual size: 40KB

.data
Size: 12KB - Virtual size: 236KB

.edata
Size: 108KB - Virtual size: 107KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 1KB - Virtual size: 4KB