f8c8a0be4c83a4db0cd836f568ce9c2c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f8c8a0be4c83a4db0cd836f568ce9c2c_JaffaCakes118
Size

1.7MB
MD5

f8c8a0be4c83a4db0cd836f568ce9c2c
SHA1

c34235e594335d9e91e25c036400de213160a7de
SHA256

dd28d6e5c73951621b52d1af51bdc2068d52c3bcd5f8143a840d87dab1ee284a
SHA512

617a3cdc2a108c95a33e9acf66f77b3a6acf1722bc8335edd5ec2f3f330fa1e32983e1fcfa982ca194772fa350fcd99e6bbd4084c2883f57106e9ee0db663ae5
SSDEEP

49152:JyG4miBVFu2cPBuA2SeEqJzChNWbHAgpE6ExwNntk9E3KPtX2I4cQ3UDK2To0:JomIFnc5iSeE8zChNWbH7prGwJtk3tGu

Score

1^/10

Malware Config

Signatures

Files

f8c8a0be4c83a4db0cd836f568ce9c2c_JaffaCakes118
.exe windows:5 windows

ecee780aad507676dc3025ca148d0012

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

64:33:a2:5d:b5:49:8d:25:b5:d5:37:20:ad:23:74:b6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/09/2012, 00:00

Not After

27/11/2013, 23:59

Subject

CN=LENOVO(JAPAN)LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LENOVO(JAPAN)LTD.,L=Minato-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:71:45:82:d8:64:f8:0d:25:57:c3:38:30:85:94:a8:c4:6f:c6:3e
Signer

Actual PE Digest

13:71:45:82:d8:64:f8:0d:25:57:c3:38:30:85:94:a8:c4:6f:c6:3e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\build_que\pm-u4\src\RUN\US\PWMDBSVC.pdb

Imports

kernel32

GetProcessHeap
SetEnvironmentVariableA
WriteConsoleW
GetConsoleMode
GetConsoleCP
LCMapStringW
GetTimeZoneInformation
GetStringTypeW
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
lstrlenW
GetACP
GetCPInfo
IsProcessorFeaturePresent
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
HeapDestroy
HeapCreate
GetStdHandle
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
GetSystemTimeAsFileTime
ExitProcess
HeapQueryInformation
HeapSize
HeapReAlloc
GetStartupInfoW
HeapSetInformation
ExitThread
DecodePointer
EncodePointer
RtlUnwind
HeapFree
HeapAlloc
VirtualProtect
SearchPathW
GetProfileIntW
GetNumberFormatW
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
GetCurrentDirectoryW
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
GetFileAttributesExW
lstrcpyW
GetSystemDirectoryW
GetUserDefaultUILanguage
GetLocaleInfoW
InterlockedExchange
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
CreateFileW
GlobalFlags
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
lstrcmpW
FileTimeToSystemTime
lstrlenA
lstrcmpA
GlobalGetAtomNameW
CompareStringW
ResumeThread
SetThreadPriority
CopyFileW
GlobalSize
MulDiv
WideCharToMultiByte
GetCurrentProcessId
ActivateActCtx
ReleaseActCtx
DeactivateActCtx
TlsFree
GlobalFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
TlsGetValue
LocalFree
LocalAlloc
SetLastError
LeaveCriticalSection
EnterCriticalSection
GetTickCount
OpenMutexW
WaitForMultipleObjects
ReleaseMutex
OpenProcess
SetProcessWorkingSetSize
CreateFileA
ReadFile
CreateMutexW
WTSGetActiveConsoleSessionId
WritePrivateProfileStringW
OpenEventW
ResetEvent
GetSystemPowerStatus
InterlockedIncrement
GetCommandLineW
SetUnhandledExceptionFilter
LoadLibraryW
LoadLibraryExW
MultiByteToWideChar
FreeLibrary
SetEvent
InterlockedDecrement
CreateEventW
CreateThread
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
GetModuleFileNameW
WaitForSingleObject
CloseHandle
Sleep
lstrcmpiW
GetModuleHandleW
GetProcAddress
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
DeviceIoControl

user32

IsClipboardFormatAvailable
SetMenuDefaultItem
WaitMessage
CreateMenu
IsMenu
UpdateLayeredWindow
UnionRect
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
TranslateAcceleratorW
CreateDialogIndirectParamW
EndDialog
GetNextDlgGroupItem
LoadImageW
GetIconInfo
GetNextDlgTabItem
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
LockWindowUpdate
BringWindowToTop
SetCursorPos
SetRect
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
CopyAcceleratorTableW
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateW
MessageBeep
ReleaseCapture
SetCapture
GetSystemMenu
LoadMenuW
SetClassLongW
GetAsyncKeyState
NotifyWinEvent
WindowFromPoint
CreatePopupMenu
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
OffsetRect
IsRectEmpty
KillTimer
SetTimer
DeleteMenu
ShowOwnedPopups
SetCursor
IntersectRect
InvalidateRect
IsIconic
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
SystemParametersInfoW
DestroyMenu
FrameRect
InflateRect
DestroyIcon
GetDesktopWindow
RealChildWindowFromPoint
ClientToScreen
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
LoadStringW
CharNextW
CharUpperW
TranslateMessage
DispatchMessageW
CheckDlgButton
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
UpdateWindow
GetClientRect
PostMessageW
CreateWindowExW
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetDoubleClickTime
IsCharLowerW
GetKeyNameTextW
MapVirtualKeyExW
SubtractRect
GetMessageW
PostThreadMessageW
MessageBoxW
wsprintfW
UnhookWindowsHookEx
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongW
GetParent
SendMessageW
GetWindowThreadProcessId
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
MapDialogRect
DrawIcon
DestroyCursor
GetWindowRgn
GetMenuItemInfoW
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
IsWindowVisible
GetActiveWindow
CallNextHookEx
SetWindowsHookExW
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetSystemMetrics
LoadCursorW
GetWindowTextW
GetWindowTextLengthW
CheckMenuItem
EnableMenuItem
ModifyMenuW
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetWindow
PtInRect
CopyRect
SetWindowPos
SetWindowLongW
GetMenu
CallWindowProcW
DefWindowProcW
GetDlgCtrlID
GetWindowPlacement
SetWindowPlacement
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
ScreenToClient
GetWindowRect
AdjustWindowRectEx
RegisterClassW
GetClassInfoW
GetClassInfoExW

gdi32

SetPixel
Rectangle
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
StretchBlt
GetTextFaceW
SetPixelV
GetRgnBox
OffsetRgn
GetSystemPaletteEntries
RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
Polygon
Ellipse
Polyline
CreateEllipticRgn
GetTextColor
GetBkColor
CreatePolygonRgn
CreateRoundRectRgn
CreateDIBSection
DPtoLP
PatBlt
CombineRgn
SetRectRgn
GetTextCharsetInfo
EnumFontFamiliesW
GetTextMetricsW
CreateRectRgnIndirect
CreateCompatibleBitmap
CreateDIBitmap
CreateHatchBrush
CreateSolidBrush
CreatePen
GetObjectType
SelectPalette
GetStockObject
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
GetDeviceCaps
CopyMetaFileW
CreateDCW
CreateBitmap
SetTextColor
SetBkColor
GetObjectW
DeleteObject
CreateFontIndirectW
CreateCompatibleDC
BitBlt
ExtTextOutW
GetTextExtentPoint32W
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetDIBColorTable
SetWindowOrgEx

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

comdlg32

GetFileTitleW

advapi32

GetLengthSid
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
CopySid
QueryServiceStatus
SetTokenInformation
CreateProcessAsUserW
LookupPrivilegeValueW
AdjustTokenPrivileges
ChangeServiceConfigW
ChangeServiceConfig2W
StartServiceW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
ControlService
DeleteService
CreateServiceW
OpenThreadToken
OpenProcessToken
RegEnumKeyExW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
RegOpenKeyExW

shell32

SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
SHBrowseForFolderW
SHAppBarMessage
DragQueryFileW
DragFinish
ShellExecuteW

ole32

CreateStreamOnHGlobal
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
DoDragDrop
CoInitialize
CoTaskMemAlloc
ReleaseStgMedium
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoInitializeEx
OleRun
CLSIDFromString
CoSetProxyBlanket
CoInitializeSecurity
CoUninitialize
OleDuplicateData
CoTaskMemRealloc
CoRevokeClassObject
CoReleaseServerProcess
CoAddRefServerProcess
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoRegisterClassObject

oleaut32

VarBstrCat
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
LoadRegTypeLi
VarUI4FromStr
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
RegisterTypeLi
UnRegisterTypeLi
SysAllocString
LoadTypeLi
SysFreeString
SysStringLen
GetErrorInfo

shlwapi

PathFindExtensionW
PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathRemoveFileSpecW

userenv

CreateEnvironmentBlock

pdh

PdhOpenQueryW
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhCloseQuery
PdhAddCounterW

psapi

EnumProcesses

wtsapi32

WTSQueryUserToken
WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

gdiplus

GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipGetImagePalette
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipDrawImageI

msimg32

AlphaBlend
TransparentBlt

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

comctl32

ImageList_GetIconSize

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 273KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ecee780aad507676dc3025ca148d0012

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

64:33:a2:5d:b5:49:8d:25:b5:d5:37:20:ad:23:74:b6Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

13:71:45:82:d8:64:f8:0d:25:57:c3:38:30:85:94:a8:c4:6f:c6:3eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

pdh

psapi

wtsapi32

oleacc

gdiplus

msimg32

imm32

winmm

comctl32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 273KB - Virtual size: 272KB

.data Size: 26KB - Virtual size: 56KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 167KB - Virtual size: 166KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

64:33:a2:5d:b5:49:8d:25:b5:d5:37:20:ad:23:74:b6
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

13:71:45:82:d8:64:f8:0d:25:57:c3:38:30:85:94:a8:c4:6f:c6:3e
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 273KB - Virtual size: 272KB

.data
Size: 26KB - Virtual size: 56KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 167KB - Virtual size: 166KB