1497e24417b5c6a9e236c8cb93b4b528_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1497e24417b5c6a9e236c8cb93b4b528_JaffaCakes118
Size

561KB
MD5

1497e24417b5c6a9e236c8cb93b4b528
SHA1

50f2fd0e8eeaea36837235d79f9f57a2924571cd
SHA256

f1ea4764f15c41932aa2b521604511a5b660205796e427ee0cae415e755bedd3
SHA512

c853685fd9117a5cbeec325aefa5e803da798fec4aa1f4cdd3961fab2a605befe01087f4e68ca92ad37829caa0690a19021c8477b7d9aed331bf8e22f2862ba3
SSDEEP

12288:gU/kmKi5JXoSR/5ruN5rMzRRVxNmmWLdNPzR:QmB5V/duDrM3BmPLDPt

Score

1^/10

Malware Config

Signatures

Files

1497e24417b5c6a9e236c8cb93b4b528_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5f4e708646da2b906dad03c3ab1f32fd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:96:6c:77:e3:df:90:24:e4:ec:26:92:cf:dd:e7:43:d8
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

05/06/2014, 11:35

Not After

23/08/2016, 05:27

Subject

CN=Max Secure Software India Pvt. Ltd.,OU=Development,O=Max Secure Software India Pvt. Ltd.,L=Pune,ST=MH,C=IN,1.2.840.113549.1.9.1=#0c1474656368406d617870637365637572652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

af:3a:13:e0:c8:32:9f:8b:95:4f:38:8c:51:81:5d:f5:fc:a5:f6:80
Signer

Actual PE Digest

af:3a:13:e0:c8:32:9f:8b:95:4f:38:8c:51:81:5d:f5:fc:a5:f6:80

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Development-2015\MaxSecureTools\Output\Win32\Release\PDB\MaxAVDM.pdb

Imports

winhttp

WinHttpCrackUrl
WinHttpOpen
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpAddRequestHeaders
WinHttpConnect
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpCloseHandle

kernel32

GetFileTime
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
HeapReAlloc
ExitProcess
HeapSize
VirtualProtect
VirtualAlloc
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
VirtualFree
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
LCMapStringA
GetStringTypeA
GetStringTypeW
GetCurrentDirectoryA
GetDriveTypeA
CreateFileA
SetEnvironmentVariableA
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
lstrlenA
GetFullPathNameW
FindFirstFileW
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
GetThreadLocale
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
GetModuleHandleA
GlobalAddAtomW
GlobalDeleteAtom
GetFileSizeEx
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
CompareStringA
lstrcmpW
WideCharToMultiByte
SetFilePointer
SuspendThread
WriteFile
ReadFile
GetTickCount
FlushFileBuffers
GetFileSize
HeapFree
GetProcessHeap
HeapAlloc
GetFileAttributesW
SetLastError
TerminateProcess
ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetFileAttributesW
WritePrivateProfileStringW
GetPrivateProfileStringW
DeleteFileW
GetCurrentProcessId
GetLocalTime
SetUnhandledExceptionFilter
SetErrorMode
GetCurrentThreadId
FreeLibrary
LoadLibraryW
DeviceIoControl
CreateFileW
GetCurrentProcess
GetLocaleInfoW
GetVolumeInformationW
GetSystemInfo
GetProcAddress
GetModuleHandleW
GetVersionExW
LocalAlloc
FormatMessageW
LocalFree
InterlockedDecrement
GetPrivateProfileIntW
FreeResource
GlobalAlloc
ResumeThread
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
MultiByteToWideChar
ResetEvent
WaitForMultipleObjects
CreateDirectoryW
GetTempPathW
Sleep
OutputDebugStringW
TerminateThread
CreateEventW
GetModuleFileNameW
lstrlenW
WaitForSingleObject
SetEvent
CreateThread
InterlockedExchange
InterlockedIncrement
CloseHandle
GetLastError
CreateMutexW
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentThread
HeapCreate

user32

InvalidateRgn
CopyAcceleratorTableW
IsRectEmpty
CharNextW
UnregisterClassW
GetSysColorBrush
CharUpperW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
IntersectRect
SystemParametersInfoA
MessageBeep
GetWindowPlacement
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxW
SetWindowsHookExW
CallNextHookEx
IsWindowVisible
GetKeyState
ValidateRect
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
UnhookWindowsHookEx
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
wsprintfW
GetNextDlgGroupItem
ClientToScreen
SetWindowRgn
DrawFocusRect
OffsetRect
DrawEdge
WindowFromPoint
GetCursorPos
GetCapture
LoadBitmapW
DestroyMenu
GetSystemMetrics
PostThreadMessageW
IsIconic
RegisterClipboardFormatW
GetDesktopWindow
GetWindowLongW
CopyRect
SetRect
IsZoomed
CopyIcon
LoadCursorW
InflateRect
ReleaseDC
GetDC
GetParent
GetWindowRect
IsWindow
SetCursor
SetCapture
ReleaseCapture
PtInRect
GetSysColor
KillTimer
InvalidateRect
SetForegroundWindow
PostMessageW
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetClientRect
SendMessageW
LoadIconW
EnableWindow
TranslateMessage
PeekMessageW
DispatchMessageW
GetMessageW
ScreenToClient

gdi32

GetRgnBox
GetTextColor
GetViewportExtEx
GetBkColor
GetMapMode
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
DeleteObject
DeleteDC
SelectObject
GetDeviceCaps
EnumFontFamiliesExW
GetTextExtentPoint32W
CreateFontIndirectW
PtVisible
GetObjectW
CreateSolidBrush
GetStockObject
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
CombineRgn
CreateRectRgn
GetPixel
SelectClipRgn
StretchBlt
CreateRectRgnIndirect
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetWindowExtEx

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyExW
RegEnumKeyW
RegDeleteValueW
RegOpenKeyW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueW
RegSetValueExW

shell32

ShellExecuteW
Shell_NotifyIconW
ShellExecuteExW
SHGetFolderPathW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathIsDirectoryW
PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitialize
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject

oleaut32

SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
SysAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantClear
SysFreeString
SysAllocString
OleCreateFontIndirect

Sections

.text
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f4e708646da2b906dad03c3ab1f32fd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:96:6c:77:e3:df:90:24:e4:ec:26:92:cf:dd:e7:43:d8Certificate

Extended Key Usages

Key Usages

61:0b:7f:6b:00:00:00:00:00:19Certificate

Key Usages

af:3a:13:e0:c8:32:9f:8b:95:4f:38:8c:51:81:5d:f5:fc:a5:f6:80Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winhttp

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 306KB - Virtual size: 305KB

.rdata Size: 88KB - Virtual size: 87KB

.data Size: 12KB - Virtual size: 28KB

.rsrc Size: 104KB - Virtual size: 104KB

.reloc Size: 42KB - Virtual size: 42KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:96:6c:77:e3:df:90:24:e4:ec:26:92:cf:dd:e7:43:d8
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

af:3a:13:e0:c8:32:9f:8b:95:4f:38:8c:51:81:5d:f5:fc:a5:f6:80
Signer

.text
Size: 306KB - Virtual size: 305KB

.rdata
Size: 88KB - Virtual size: 87KB

.data
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 104KB - Virtual size: 104KB

.reloc
Size: 42KB - Virtual size: 42KB