General

Malware Config

Signatures

Files

• faedecbc8ac500275e912b6e22d8f9a2_JaffaCakes118

  .exe windows:4 windows x86 arch:x86

  6eb054e03f1be9ccf49548ee097cad32

  
  

  Code Sign

  0a

  Certificate

  Issuer

  CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

  Not Before

  06-08-2003 00:00

  Not After

  05-08-2013 23:59

  Subject

  CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5

  Certificate

  Issuer

  CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

  Not Before

  15-06-2007 00:00

  Not After

  14-06-2012 23:59

  Subject

  CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  04-12-2003 00:00

  Not After

  03-12-2013 23:59

  Subject

  CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  18:aa:f9:22:46:b9:2d:24:94:54:d1:6d:a8:99:f1:2e

  Certificate

  Issuer

  CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

  Not Before

  11-01-2008 00:00

  Not After

  14-01-2010 23:59

  Subject

  CN=Blizzard Entertainment,OU=TECHNICAL SUPPORT,O=Blizzard Entertainment,L=Irvine,ST=California,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageMicrosoftCommercialCodeSigning

  e9:db:54:a1:37:d7:71:c2:c8:a9:55:53:17:65:8b:31:da:3f:be:f2

  Signer

  Actual PE Digest

  e9:db:54:a1:37:d7:71:c2:c8:a9:55:53:17:65:8b:31:da:3f:be:f2

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  d:\buildserver\work-launcher-2-0\core-repository\branches\launcher-2-0\downloader\release\BlizzardDownloader.pdb

  Imports

  iphlpapi

  GetTcpTable

  GetAdaptersInfo

  wininet

  HttpQueryInfoA

  InternetReadFileExA

  InternetCloseHandle

  InternetGetConnectedState

  InternetSetStatusCallbackA

  InternetReadFile

  InternetCrackUrlA

  InternetSetStatusCallback

  InternetSetCookieA

  HttpSendRequestA

  HttpOpenRequestA

  InternetSetOptionA

  InternetConnectA

  InternetOpenA

  version

  GetFileVersionInfoA

  VerQueryValueA

  GetFileVersionInfoSizeA

  comctl32

  ord17

  rpcrt4

  UuidCreate

  ws2_32

  __WSAFDIsSet

  gethostname

  connect

  closesocket

  bind

  ntohs

  send

  recv

  getsockname

  htons

  gethostbyname

  ntohl

  htonl

  inet_ntoa

  socket

  getsockopt

  setsockopt

  WSAStartup

  WSASetLastError

  WSAGetLastError

  select

  ioctlsocket

  accept

  WSACleanup

  listen

  getpeername

  kernel32

  InterlockedExchange

  OpenMutexA

  WriteFile

  SetEvent

  CompareStringA

  CompareStringW

  DeleteFileA

  CopyFileA

  GetCurrentDirectoryA

  CreateThread

  WaitForSingleObject

  CreateFileA

  CreateMutexA

  GetModuleHandleA

  MulDiv

  GetFileSize

  GlobalFree

  GlobalAlloc

  FreeResource

  SizeofResource

  LockResource

  LoadResource

  FindResourceA

  FreeLibrary

  GetCurrentProcessId

  GetCurrentThreadId

  CreateEventA

  GetThreadLocale

  SetEnvironmentVariableA

  SetStdHandle

  WriteConsoleW

  GetConsoleOutputCP

  WriteConsoleA

  GetLocaleInfoW

  IsValidLocale

  EnumSystemLocalesA

  GetUserDefaultLCID

  EnterCriticalSection

  GetLastError

  GetStringTypeA

  GetLocaleInfoA

  GetDriveTypeA

  QueryPerformanceCounter

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetEnvironmentStrings

  FreeEnvironmentStringsA

  IsValidCodePage

  GetOEMCP

  GetACP

  GetConsoleMode

  GetConsoleCP

  GetFileType

  SetHandleCount

  HeapCreate

  HeapDestroy

  HeapSize

  GetStdHandle

  GetCPInfo

  LCMapStringW

  LCMapStringA

  SetConsoleCtrlHandler

  ExitThread

  GetFullPathNameA

  GetStartupInfoA

  GetProcessHeap

  GetCommandLineA

  VirtualQuery

  HeapAlloc

  HeapReAlloc

  ExitProcess

  HeapFree

  UnhandledExceptionFilter

  TerminateProcess

  RaiseException

  RtlUnwind

  VirtualFree

  VirtualAlloc

  SetLastError

  SetFileTime

  SetEndOfFile

  RemoveDirectoryA

  CreateDirectoryA

  GetShortPathNameA

  FlushFileBuffers

  FindFirstFileA

  FindNextFileA

  FindClose

  SetCurrentDirectoryA

  TlsSetValue

  DuplicateHandle

  CreateProcessA

  WaitForSingleObjectEx

  MoveFileA

  GetFileAttributesA

  GetFileAttributesExA

  GetCurrentThread

  InterlockedIncrement

  InterlockedDecrement

  SetFilePointer

  ReadFile

  GetDiskFreeSpaceA

  GetComputerNameA

  GetVersionExA

  GetDiskFreeSpaceExA

  SetFileAttributesA

  CloseHandle

  LoadLibraryA

  GetProcAddress

  MultiByteToWideChar

  WideCharToMultiByte

  GetUserDefaultLangID

  GetTempFileNameA

  GetModuleFileNameA

  Sleep

  LeaveCriticalSection

  DeleteCriticalSection

  GetStringTypeW

  TlsAlloc

  InitializeCriticalSection

  GetSystemInfo

  GetCurrentProcess

  IsDebuggerPresent

  GetExitCodeProcess

  TlsGetValue

  TlsFree

  SignalObjectAndWait

  GetSystemTimeAsFileTime

  FileTimeToLocalFileTime

  GetTempPathA

  GetTickCount

  FileTimeToSystemTime

  SetUnhandledExceptionFilter

  user32

  ReleaseDC

  wsprintfA

  TrackPopupMenu

  GetMenuItemInfoA

  GetMenuStringA

  GetMenuItemID

  IsMenu

  GetClassNameA

  GetFocus

  DrawFocusRect

  BeginPaint

  EndPaint

  DestroyIcon

  IsZoomed

  CreateWindowExA

  DrawIconEx

  IsWindowEnabled

  SetWindowRgn

  TrackMouseEvent

  MsgWaitForMultipleObjects

  WaitForInputIdle

  SetTimer

  KillTimer

  GetWindowTextA

  SendMessageA

  GetDlgItem

  MoveWindow

  DefWindowProcA

  GetWindowDC

  OffsetRect

  SetRect

  InflateRect

  LoadMenuA

  LoadAcceleratorsA

  SetWindowsHookExA

  GetMenuItemCount

  GetSubMenu

  IsIconic

  DrawIcon

  DestroyMenu

  UnhookWindowsHookEx

  TranslateAcceleratorA

  CallNextHookEx

  GetDlgCtrlID

  GetClientRect

  GetSystemMetrics

  GetScrollInfo

  SystemParametersInfoA

  SetWindowPos

  CopyImage

  DrawTextA

  EnumChildWindows

  GetWindowTextLengthA

  GetParent

  SetPropA

  GetWindowLongA

  GetCapture

  SetCapture

  ClientToScreen

  PtInRect

  ReleaseCapture

  LoadCursorA

  SetCursor

  GetPropA

  CallWindowProcA

  RemovePropA

  GetDesktopWindow

  IsWindowVisible

  EnableWindow

  LoadImageA

  CreateDialogParamA

  BringWindowToTop

  SetFocus

  GetMenu

  ModifyMenuA

  DialogBoxParamA

  SetForegroundWindow

  SetWindowLongA

  GetDC

  ScreenToClient

  FillRect

  DestroyWindow

  CheckDlgButton

  IsDlgButtonChecked

  EndDialog

  MessageBoxA

  SetDlgItemTextA

  SetWindowTextA

  LoadIconA

  ShowWindow

  InvalidateRect

  FindWindowA

  EnumWindows

  GetWindowThreadProcessId

  PostMessageA

  IsWindow

  GetWindowRect

  gdi32

  CreatePen

  MoveToEx

  LineTo

  Rectangle

  GetPixel

  BitBlt

  GetTextExtentPoint32A

  CreateRectRgnIndirect

  CreateRectRgn

  GetDeviceCaps

  GetObjectA

  SelectClipRgn

  GetTextColor

  SaveDC

  RestoreDC

  DeleteDC

  CreatePolygonRgn

  CreateFontIndirectA

  DeleteObject

  SetBkMode

  SetBkColor

  SetTextColor

  GetStockObject

  StretchBlt

  CreateCompatibleDC

  CreateCompatibleBitmap

  CreateSolidBrush

  SelectObject

  SetPixel

  ExcludeClipRect

  CreateEllipticRgn

  comdlg32

  GetSaveFileNameA

  advapi32

  RegEnumKeyExA

  RegCloseKey

  RegQueryValueExA

  GetUserNameA

  RegOpenKeyExA

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  RegDeleteKeyA

  RegSetValueExA

  RegCreateKeyExA

  shell32

  SHGetPathFromIDListA

  SHGetSpecialFolderLocation

  SHGetMalloc

  SHBrowseForFolderA

  ShellExecuteA

  Shell_NotifyIconA

  ole32

  OleCreate

  OleInitialize

  CreateStreamOnHGlobal

  OleSetContainedObject

  CoCreateInstance

  CoInitialize

  CoUninitialize

  oleaut32

  OleLoadPicture

  VariantInit

  VariantClear

  SysStringLen

  SysFreeString

  SysAllocString

  msimg32

  TransparentBlt

  Sections

  .text

  Size: 768KB - Virtual size: 764KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 248KB - Virtual size: 244KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 24KB - Virtual size: 77KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 132KB - Virtual size: 131KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ