05e2dbc05c4edfc6d2d5393e892edd97_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

05e2dbc05c4edfc6d2d5393e892edd97_JaffaCakes118
Size

1.5MB
MD5

05e2dbc05c4edfc6d2d5393e892edd97
SHA1

ff01c4858a62b70e4ea0bb1912e4698fe85f6a98
SHA256

050aa37b9bc8d434d73d2978586813cce43c0b439ee21ffef3d1dfec0eef3ed1
SHA512

60f7cbc0ba678222f08edee9e6526e3df8601a7d6072ec73be23efeb9413bb55551d5503ac8af2bb4032cedc4f74dd6afbaa8f16ad6fb153242f4cea61134c8f
SSDEEP

49152:MJzGJu2bp5yMhrPNVvNVF4WJlnJhS/uoM5lx:48r39

Score

1^/10

Malware Config

Signatures

Files

05e2dbc05c4edfc6d2d5393e892edd97_JaffaCakes118
.exe windows:5 windows x64 arch:x64

7c7b5ca310eb546423cdd1c36d83f182

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:4f:40:ed:c7:0c:dd:e5:a0:56:f5:57:3a:a3:09:50
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/08/2013, 00:00

Not After

11/10/2016, 23:59

Subject

CN=uvnc bvba,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=uvnc bvba,L=Antwerpen,ST=Antwerpen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fe:62:4c:bb:6d:08:c0:9d:d3:14:69:20:ec:38:91:40:e7:0d:05:9c
Signer

Actual PE Digest

fe:62:4c:bb:6d:08:c0:9d:d3:14:69:20:ec:38:91:40:e7:0d:05:9c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

L:\UltraVNC_INSTALLER_OTHER\ultravnc\UltraVNC Project Root\UltraVNC\vncviewer\x64\Release\vncviewer.pdb

Imports

comctl32

ImageList_ReplaceIcon
ord6
CreateToolbarEx
InitCommonControlsEx
ImageList_Create
ord17

winmm

timeGetTime
timeSetEvent
timeKillEvent
PlaySoundA

ws2_32

getpeername
connect
inet_addr
select
WSACleanup
WSAStartup
accept
htons
shutdown
setsockopt
socket
__WSAFDIsSet
closesocket
gethostbyname
send
listen
WSAAsyncSelect
bind
recv
WSAGetLastError
ioctlsocket

kernel32

FindNextFileA
GetTempPathA
DeleteFileA
lstrcpyA
CreateFileA
SetFilePointer
lstrlenA
MoveFileExA
SetEndOfFile
SetErrorMode
SystemTimeToFileTime
CompareFileTime
SetFileTime
WriteFile
GetDriveTypeA
InitializeCriticalSection
LeaveCriticalSection
GetFileAttributesA
FileTimeToSystemTime
ReadFile
FlushFileBuffers
CreateDirectoryA
GetLogicalDriveStringsA
lstrcmpiA
EnterCriticalSection
MoveFileA
GetFileTime
DeleteCriticalSection
FileTimeToLocalFileTime
MulDiv
AllocConsole
GetStdHandle
WriteConsoleA
OutputDebugStringA
GetComputerNameA
GetVersionExA
LoadLibraryW
SetConsoleCtrlHandler
LCMapStringW
HeapSize
SetHandleCount
FatalAppExitA
GetLocaleInfoW
GetModuleFileNameW
HeapDestroy
HeapCreate
HeapSetInformation
FlsAlloc
FindClose
FlsFree
FlsSetValue
FlsGetValue
IsValidCodePage
GetOEMCP
GetACP
RtlCaptureContext
RtlVirtualUnwind
GetModuleFileNameA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
ExitThread
RtlLookupFunctionEntry
RtlPcToFileHeader
RaiseException
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
RtlUnwindEx
GetCPInfo
HeapReAlloc
GetConsoleMode
GetConsoleCP
GetStartupInfoW
GetCommandLineA
FindFirstFileExA
ExitProcess
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetTimeZoneInformation
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
TlsAlloc
GetCurrentThread
DuplicateHandle
GetCurrentThreadId
TlsSetValue
SetThreadPriority
GetSystemTime
TlsGetValue
CreateSemaphoreA
ReleaseSemaphore
GetFileType
lstrcatA
ReleaseMutex
CreateMutexA
GetProcessHeap
HeapFree
GetCurrentProcess
HeapAlloc
lstrcpynA
LocalFileTimeToFileTime
GetVersion
GetLocalTime
SetFileAttributesA
GetVolumeInformationA
GetLocaleInfoA
SetVolumeLabelA
DosDateTimeToFileTime
GetFullPathNameA
QueryPerformanceFrequency
QueryPerformanceCounter
IsDebuggerPresent
LoadLibraryA
CopyFileA
GetProcAddress
FindFirstFileA
FreeLibrary
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
GlobalSize
GetPrivateProfileStringA
WritePrivateProfileStringA
GlobalUnlock
GetPrivateProfileIntA
GlobalAlloc
GlobalLock
CreateThread
RemoveDirectoryA
ResumeThread
LocalFree
CloseHandle
GetLastError
Beep
CreateEventA
Sleep
FormatMessageA
GetTickCount
SetEvent
WaitForSingleObject
GetModuleHandleA
GetCurrentDirectoryW
SetCurrentDirectoryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
WriteConsoleW
SetEnvironmentVariableW
CompareStringW
CreateFileW
SetLastError

user32

IsDlgButtonChecked
LoadKeyboardLayoutA
SetWindowLongPtrA
GetMessageA
PostThreadMessageA
CallNextHookEx
GetForegroundWindow
SetWindowsHookExA
GetWindowThreadProcessId
ToAscii
GetKeyState
keybd_event
VkKeyScanW
GetKeyboardState
ToUnicode
SetWindowRgn
LoadBitmapA
PtInRect
IntersectRect
GetDesktopWindow
GetMenuStringA
ScreenToClient
MapWindowPoints
ModifyMenuA
SendDlgItemMessageA
DrawTextA
GetParent
GetWindowTextLengthA
TranslateMessage
SendMessageTimeoutA
GetMenuItemCount
DispatchMessageA
GetComboBoxInfo
EnableWindow
DestroyIcon
EnumDisplaySettingsExA
MonitorFromPoint
GetMonitorInfoA
SystemParametersInfoA
GetSystemMetrics
EnumDisplayDevicesA
ValidateRect
RegisterClassExA
TrackPopupMenu
SetCapture
GetScrollInfo
SetCaretBlinkTime
ReleaseCapture
CallWindowProcA
WindowFromDC
GetCaretBlinkTime
GetMenuItemID
GetSubMenu
LoadStringA
LoadMenuA
SetMenuDefaultItem
IsClipboardFormatAvailable
RegisterClipboardFormatA
SetWindowLongA
SetCursorPos
RedrawWindow
GetCursorPos
CloseClipboard
GetClipboardData
EmptyClipboard
OpenClipboard
SetClipboardData
GetClipboardOwner
EndPaint
DestroyWindow
SetCursor
GetDlgItemInt
GetSystemMenu
SetTimer
GetWindowRect
PostQuitMessage
IsIconic
FillRect
SendNotifyMessageA
KillTimer
GetFocus
LoadIconA
InvalidateRgn
wsprintfA
GetClientRect
SetFocus
RegisterWindowMessageA
BeginPaint
GetDC
SetDlgItemInt
SetRect
MessageBoxA
InvalidateRect
GetWindowLongA
CreateWindowExA
ReleaseDC
EnableMenuItem
ChangeClipboardChain
DefWindowProcA
SetWindowPos
ShowWindow
CreatePopupMenu
GetSysColorBrush
DrawMenuBar
AppendMenuA
IsWindow
ShowScrollBar
PostMessageA
AdjustWindowRectEx
ScrollWindowEx
UpdateWindow
DestroyMenu
LoadCursorA
SetClipboardViewer
SetScrollInfo
CheckMenuItem
RegisterClassA
MoveWindow
GetKeyboardLayoutNameA
GetWindowLongPtrA
SendMessageA
GetWindowTextA
GetDlgItem
SetWindowTextA
GetDlgItemTextA
DestroyAcceleratorTable
CreateAcceleratorTableA
TranslateAcceleratorA
SetForegroundWindow
EndDialog
LoadImageA
DialogBoxParamA
SetDlgItemTextA
IsRectEmpty
wvsprintfA
CharToOemA
OemToCharA
PeekMessageA

gdi32

DeleteDC
SetStretchBltMode
SelectPalette
RealizePalette
CombineRgn
CreatePalette
SetDIBColorTable
SetBrushOrgEx
StretchBlt
GetDeviceCaps
GetStockObject
CreateRectRgnIndirect
Rectangle
CreatePen
SetBkMode
CreateFontA
SetTextColor
LineTo
MoveToEx
CreatePolygonRgn
SetROP2
UpdateColors
BitBlt
CreateDIBSection
PatBlt
DeleteObject
SelectObject
CreateCompatibleDC
GetClipBox
CreateRectRgn
CreateSolidBrush

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
IsValidAcl
OpenProcessToken
GetKernelObjectSecurity
GetSecurityDescriptorLength
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
AdjustTokenPrivileges
IsValidSecurityDescriptor
GetSecurityDescriptorSacl
IsValidSid
GetSecurityDescriptorOwner
SetKernelObjectSecurity
LookupPrivilegeValueA
GetSecurityDescriptorControl
RegSetValueExA

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHFileOperationA
Shell_NotifyIconA
SHGetFolderPathA

imm32

ImmAssociateContext

Sections

.text
Size: 858KB - Virtual size: 857KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 474KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c7b5ca310eb546423cdd1c36d83f182

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

77:4f:40:ed:c7:0c:dd:e5:a0:56:f5:57:3a:a3:09:50Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

fe:62:4c:bb:6d:08:c0:9d:d3:14:69:20:ec:38:91:40:e7:0d:05:9cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

winmm

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

imm32

Sections

.text Size: 858KB - Virtual size: 857KB

.rdata Size: 177KB - Virtual size: 176KB

.data Size: 12KB - Virtual size: 352KB

.pdata Size: 34KB - Virtual size: 34KB

.rsrc Size: 474KB - Virtual size: 473KB

.reloc Size: 6KB - Virtual size: 6KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

77:4f:40:ed:c7:0c:dd:e5:a0:56:f5:57:3a:a3:09:50
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

fe:62:4c:bb:6d:08:c0:9d:d3:14:69:20:ec:38:91:40:e7:0d:05:9c
Signer

.text
Size: 858KB - Virtual size: 857KB

.rdata
Size: 177KB - Virtual size: 176KB

.data
Size: 12KB - Virtual size: 352KB

.pdata
Size: 34KB - Virtual size: 34KB

.rsrc
Size: 474KB - Virtual size: 473KB

.reloc
Size: 6KB - Virtual size: 6KB