d1a5daebc1db0193e3647544a56e2f6e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d1a5daebc1db0193e3647544a56e2f6e_JaffaCakes118
Size

1.2MB
MD5

d1a5daebc1db0193e3647544a56e2f6e
SHA1

cfc470a357b5eeb7f69762cd82ed437adc7c3d38
SHA256

f85d9f8c15fb5e36ea0044414a9d6e83001a78a86ccf15f68ba762c3661fedac
SHA512

036852b12b4c60fc1b5cd937dbd98ce64573af0125faf0ca59887ad1e600ba11ab4c5a1e93263caba3e6ab276ed297a3f19baeb507072a772fd9f211358fefdd
SSDEEP

24576:kp2kew0VL77drtjifMVXBj5jud7dcPJxJSHTyLQU0:kpOVL7lofMVRNjud7uPJxc2Ls

Score

1^/10

Malware Config

Signatures

Files

d1a5daebc1db0193e3647544a56e2f6e_JaffaCakes118
.exe windows:5 windows x64 arch:x64

d53207d80a43af6ac453c0abfc43c409

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:11:d5:80:ab:75:ed:f1:c6:25:3e:f2:39:b5:14:dc
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

13/10/2017, 00:00

Not After

25/11/2020, 23:59

Subject

CN=TeamSpeak Systems GmbH,O=TeamSpeak Systems GmbH,L=Krün,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8f:82:8f:4d:17:5d:71:b9:ad:25:4e:1c:22:86:1b:c8:01:c1:76:f8
Signer

Actual PE Digest

8f:82:8f:4d:17:5d:71:b9:ad:25:4e:1c:22:86:1b:c8:01:c1:76:f8

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wsock32

WSACleanup
inet_addr
gethostbyname
gethostname
WSAStartup

winmm

mixerSetControlDetails
waveOutGetVolume
joyGetPosEx
mixerGetControlDetailsW
mixerOpen
mixerGetDevCapsW
mixerGetLineControlsW
waveOutSetVolume
mixerClose
mciSendStringW
joyGetDevCapsW
mixerGetLineInfoW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

comctl32

ImageList_Create
CreateStatusWindowW
ImageList_ReplaceIcon
ord17
ImageList_GetIconSize
ImageList_Destroy
ImageList_AddMasked

psapi

GetModuleBaseNameW
GetModuleFileNameExW

kernel32

FindNextFileW
FindClose
FileTimeToLocalFileTime
SetEnvironmentVariableW
Beep
MoveFileW
OutputDebugStringW
CreateProcessW
GetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
GetExitCodeProcess
WriteProcessMemory
ReadProcessMemory
GetCurrentProcessId
OpenProcess
TerminateProcess
SetPriorityClass
SetLastError
GetEnvironmentVariableW
GetLocalTime
GetDateFormatW
GetTimeFormatW
SetErrorMode
GetDiskFreeSpaceW
SetVolumeLabelW
CreateFileW
DeviceIoControl
GetDriveTypeW
GetVolumeInformationW
CreateDirectoryW
ReadFile
WriteFile
GlobalSize
DeleteFileW
SetFileAttributesW
LocalFileTimeToFileTime
SetFileTime
GetSystemTime
GetComputerNameW
GetWindowsDirectoryW
GetTempPathW
GetFullPathNameW
GetShortPathNameW
LoadLibraryW
FindFirstFileW
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
QueryDosDeviceW
CompareStringW
RemoveDirectoryW
CopyFileW
GetCurrentProcess
FormatMessageW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
WritePrivateProfileSectionW
SetEndOfFile
GetACP
GetFileType
SetFilePointerEx
GetFileSizeEx
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
IsWow64Process
VirtualAllocEx
VirtualFreeEx
EnumResourceNamesW
LoadLibraryExW
FlsFree
FlsSetValue
FlsGetValue
IsValidCodePage
GetOEMCP
GetStartupInfoW
GetCommandLineW
HeapQueryInformation
HeapSize
HeapFree
HeapReAlloc
EncodePointer
DecodePointer
ExitProcess
HeapAlloc
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStdHandle
HeapSetInformation
GetVersion
HeapCreate
InitializeCriticalSectionAndSpinCount
LockResource
LoadResource
SizeofResource
FindResourceW
GetSystemTimeAsFileTime
MulDiv
GetModuleFileNameW
DeleteCriticalSection
GetCPInfo
GetVersionExW
GetLastError
CreateMutexW
CloseHandle
GetExitCodeThread
SetThreadPriority
CreateThread
lstrcmpiW
GetCurrentThreadId
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
GetModuleHandleW
GetProcAddress
GetCurrentDirectoryW
InitializeCriticalSection
SetCurrentDirectoryW
Sleep
GetTickCount
FlsAlloc
UnhandledExceptionFilter
RtlUnwindEx
SetHandleCount
GetStringTypeW
LCMapStringW
RaiseException
RtlPcToFileHeader
GetConsoleCP
GetConsoleMode
SetUnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetFilePointer
FlushFileBuffers
WriteConsoleW
SetStdHandle
FreeLibrary
GetProcessHeap

user32

ExitWindowsEx
SetMenu
FlashWindow
MapWindowPoints
RedrawWindow
SetWindowLongPtrW
SetParent
UpdateWindow
GetMessagePos
GetClassLongPtrW
DefDlgProcW
CallWindowProcW
CheckRadioButton
IntersectRect
PtInRect
CreateAcceleratorTableW
DestroyAcceleratorTable
AppendMenuW
SetMenuDefaultItem
RemoveMenu
SetMenuItemInfoW
IsMenu
CreateMenu
CreatePopupMenu
SetMenuInfo
DestroyMenu
TrackPopupMenuEx
CreateIconIndirect
GetDesktopWindow
CopyImage
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
GetWindow
BringWindowToTop
GetTopWindow
AdjustWindowRectEx
DrawTextW
SetRect
GetIconInfo
SetWindowTextW
IsWindowVisible
CheckMenuItem
MessageBoxW
SetClipboardViewer
IsWindowEnabled
ReleaseDC
GetDC
EnableMenuItem
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadImageW
ChangeClipboardChain
DestroyIcon
DestroyWindow
IsCharAlphaW
MapVirtualKeyW
DialogBoxParamW
GetWindowTextW
mouse_event
WindowFromPoint
GetSystemMetrics
keybd_event
SetKeyboardState
GetKeyboardState
GetCursorPos
GetAsyncKeyState
AttachThreadInput
SendInput
UnregisterHotKey
RegisterHotKey
PostQuitMessage
SendMessageTimeoutW
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
IsCharUpperW
IsCharLowerW
IsCharAlphaNumericW
ToUnicodeEx
GetKeyboardLayout
CallNextHookEx
CharLowerW
OpenClipboard
GetClipboardData
GetClipboardFormatNameW
CloseClipboard
SetClipboardData
EmptyClipboard
PostMessageW
FindWindowW
GetMenuStringW
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetCursor
ClientToScreen
GetCaretPos
EnumClipboardFormats
MessageBeep
SetDlgItemTextW
GetDlgItem
LoadAcceleratorsW
SendDlgItemMessageW
EndDialog
IsWindow
DispatchMessageW
TranslateMessage
ShowWindow
CountClipboardFormats
SetWindowLongW
ScreenToClient
IsDialogMessageW
SendMessageW
SetForegroundWindow
DefWindowProcW
FillRect
DrawIconEx
GetSysColorBrush
GetSysColor
RegisterWindowMessageW
IsIconic
IsZoomed
EnumWindows
GetWindowTextLengthW
EnableWindow
InvalidateRect
SetWindowPos
SetWindowRgn
SetFocus
SetActiveWindow
EnumChildWindows
MoveWindow
GetQueueStatus
GetWindowRect
GetWindowLongW
GetKeyState
TranslateAcceleratorW
KillTimer
PeekMessageW
GetFocus
GetClassNameW
GetWindowThreadProcessId
GetForegroundWindow
GetMessageW
SetTimer
GetParent
GetDlgCtrlID
CharUpperW
IsClipboardFormatAvailable
GetClientRect
VkKeyScanExW
SystemParametersInfoW
GetMenu

gdi32

FillRgn
GetClipBox
SetBkMode
EnumFontFamiliesExW
CreateDIBSection
GdiFlush
ExcludeClipRect
SetTextColor
SetBkColor
GetPixel
BitBlt
CreateCompatibleBitmap
GetSystemPaletteEntries
GetDIBits
CreateCompatibleDC
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateEllipticRgn
DeleteDC
GetObjectW
GetTextMetricsW
GetTextFaceW
SelectObject
GetStockObject
CreateDCW
CreateSolidBrush
GetDeviceCaps
GetClipRgn
DeleteObject
CreateFontW

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

advapi32

RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerW
GetUserNameW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegConnectRegistryW
RegDeleteValueW

shell32

DragQueryPoint
SHFileOperationW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetMalloc
SHGetFolderPathW
ShellExecuteExW
Shell_NotifyIconW
DragFinish
DragQueryFileW
ExtractIconW

ole32

OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
CLSIDFromString
CoGetObject
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

SafeArrayGetDim
GetActiveObject
OleLoadPicture
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayUnlock
VariantCopy
SafeArrayGetElemsize
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCopy
SysAllocString
VariantChangeType
VariantClear
SafeArrayCreate
SysFreeString
SysStringLen

Sections

.text
Size: 848KB - Virtual size: 848KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d53207d80a43af6ac453c0abfc43c409

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4d:11:d5:80:ab:75:ed:f1:c6:25:3e:f2:39:b5:14:dcCertificate

Extended Key Usages

Key Usages

8f:82:8f:4d:17:5d:71:b9:ad:25:4e:1c:22:86:1b:c8:01:c1:76:f8Signer

Headers

File Characteristics

Imports

wsock32

winmm

version

comctl32

psapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 848KB - Virtual size: 848KB

.rdata Size: 189KB - Virtual size: 189KB

.data Size: 16KB - Virtual size: 54KB

.pdata Size: 28KB - Virtual size: 28KB

text Size: 7KB - Virtual size: 7KB

data Size: 25KB - Virtual size: 24KB

.rsrc Size: 77KB - Virtual size: 77KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4d:11:d5:80:ab:75:ed:f1:c6:25:3e:f2:39:b5:14:dc
Certificate

8f:82:8f:4d:17:5d:71:b9:ad:25:4e:1c:22:86:1b:c8:01:c1:76:f8
Signer

.text
Size: 848KB - Virtual size: 848KB

.rdata
Size: 189KB - Virtual size: 189KB

.data
Size: 16KB - Virtual size: 54KB

.pdata
Size: 28KB - Virtual size: 28KB

text
Size: 7KB - Virtual size: 7KB

data
Size: 25KB - Virtual size: 24KB

.rsrc
Size: 77KB - Virtual size: 77KB