141b4c95fdc9f101a00214b4d49e0a8c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

141b4c95fdc9f101a00214b4d49e0a8c_JaffaCakes118
Size

357KB
MD5

141b4c95fdc9f101a00214b4d49e0a8c
SHA1

2e61626e8568e6b816bb703b71bd7861247ab66b
SHA256

04169ad77fa298d975f11d75d63d4d97ffd165427f3ec4cf38e56806135c75fe
SHA512

fd6e2f6d4520afa3153a2749f5e3fb46e2923b35866fbe8c7d935a37ddee8a4732a0a4398c639e9e23e1519beb016cd9876f76a916f2b5bf635e93f2131013c8
SSDEEP

6144:a7HVyvtlBYDq/f/61kc6wCsDAgL7bsiJAtkkql:BHIowCsD6idh

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Files

141b4c95fdc9f101a00214b4d49e0a8c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4772da232da7f66ae88233ae3420e39a

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

cd:d2:a4:d4:4b:ba:55:08:7e:2c:62:e2:83:51:d2:d6:16:29:8f:7d:cc:e4:5c:79:fb:40:47:6c:10:c2:95:cb
Signer

Actual PE Digest

cd:d2:a4:d4:4b:ba:55:08:7e:2c:62:e2:83:51:d2:d6:16:29:8f:7d:cc:e4:5c:79:fb:40:47:6c:10:c2:95:cb

Digest Algorithm

sha256

PE Digest Matches

true

21:5a:b9:57:9b:09:47:73:28:32:96:44:e1:ae:47:88:55:ae:80:f5
Signer

Actual PE Digest

21:5a:b9:57:9b:09:47:73:28:32:96:44:e1:ae:47:88:55:ae:80:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\BrowsingHistoryView\Release\BrowsingHistoryView.pdb

Imports

msvcrt

__wgetmainargs
wcscat
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
strlen
qsort
_itow
strchr
_wcsnicmp
_wcmdln
wcsrchr
malloc
free
_c_exit
modf
memcmp
_memicmp
wcstoul
??3@YAXPAX@Z
??2@YAPAXI@Z
_purecall
wcslen
_ultow
exit
_cexit
_XcptFilter
_exit
abs
_wcsupr
_wcsicmp
wcschr
memcpy
_wtoi
wcscpy
memset
_snwprintf
wcsncat
_except_handler3
_onexit
__dllonexit
strcmp
realloc
_gmtime64
strftime
wcscmp
_wcslwr

comctl32

ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked
ImageList_SetImageCount
CreateToolbarEx
CreateStatusWindowW
ImageList_ReplaceIcon

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
FindCloseUrlCache

kernel32

QueryPerformanceCounter
GetFileAttributesA
SetEndOfFile
LeaveCriticalSection
GetSystemInfo
Sleep
CreateFileA
GetFullPathNameA
InitializeCriticalSection
DeleteFileA
GetDiskFreeSpaceW
GetFullPathNameW
AreFileApisANSI
EnterCriticalSection
GetSystemTime
GetFileAttributesExW
DeleteCriticalSection
InterlockedCompareExchange
UnlockFile
FlushFileBuffers
GetModuleHandleA
GetStartupInfoW
GetDiskFreeSpaceA
LockFileEx
FormatMessageA
GetTempPathA
UnlockFileEx
LockFile
EnumResourceTypesW
CreateToolhelp32Snapshot
SystemTimeToFileTime
FileTimeToSystemTime
CloseHandle
GetFileSize
CompareFileTime
GetSystemTimeAsFileTime
CreateFileW
DeleteFileW
CopyFileW
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetTickCount
GetLastError
SetFilePointerEx
LocalFileTimeToFileTime
FindResourceW
LoadResource
GlobalAlloc
GlobalUnlock
LoadLibraryExW
GetTempPathW
WideCharToMultiByte
FindNextFileW
SizeofResource
FormatMessageW
GlobalLock
FindClose
GetVersionExW
GetDateFormatW
GetTempFileNameW
FindFirstFileW
GetTimeFormatW
GetWindowsDirectoryW
GetFileAttributesW
FileTimeToLocalFileTime
SetFilePointer
ReadFile
GetModuleFileNameW
LocalFree
LockResource
WriteFile
lstrcpyW
MultiByteToWideChar
lstrlenW
DosDateTimeToFileTime
GetCurrentProcessId
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
GetCurrentProcess
CreateFileMappingW
OpenProcess
DuplicateHandle
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetStdHandle
SetErrorMode
ExpandEnvironmentStringsW
ExitProcess
ReadProcessMemory
Process32FirstW
Process32NextW

user32

MonitorFromWindow
GetMonitorInfoW
PeekMessageW
GetKeyState
DrawTextExW
TranslateMessage
IsDialogMessageW
GetMessageW
PostQuitMessage
TrackPopupMenu
DispatchMessageW
RegisterWindowMessageW
DestroyMenu
GetDlgCtrlID
GetMenuItemInfoW
ModifyMenuW
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
GetWindowPlacement
GetDlgItemInt
DeferWindowPos
SetDlgItemInt
CreateWindowExW
BeginPaint
GetWindow
EndPaint
GetClientRect
SendDlgItemMessageW
DrawFrameControl
EndDialog
SetWindowLongW
GetDlgItem
SetWindowTextW
UpdateWindow
SendMessageW
SetDlgItemTextW
InvalidateRect
GetDlgItemTextW
GetSystemMetrics
GetWindowRect
PostMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPos
LoadAcceleratorsW
DefWindowProcW
LoadImageW
LoadIconW
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetParent
KillTimer
SetTimer
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
GetMenuStringW
CloseClipboard
GetMenuItemCount
CheckMenuItem
CheckMenuRadioItem
GetCursorPos
SetClipboardData
EnableWindow
GetMenu
MapWindowPoints
GetSubMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
DestroyWindow
LoadStringW
GetDesktopWindow
GetWindowTextW
LoadMenuW

gdi32

SetBkColor
GetObjectW
DeleteDC
GetPixel
SetPixel
SelectObject
CreateCompatibleDC
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectW
GetStockObject
GetTextExtentPoint32W
GetDeviceCaps

comdlg32

GetOpenFileNameW
GetSaveFileNameW
FindTextW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
ShellExecuteW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4772da232da7f66ae88233ae3420e39a

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate

Extended Key Usages

Key Usages

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

cd:d2:a4:d4:4b:ba:55:08:7e:2c:62:e2:83:51:d2:d6:16:29:8f:7d:cc:e4:5c:79:fb:40:47:6c:10:c2:95:cbSigner

21:5a:b9:57:9b:09:47:73:28:32:96:44:e1:ae:47:88:55:ae:80:f5Signer

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 264KB - Virtual size: 263KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 3KB - Virtual size: 8KB

.rsrc Size: 36KB - Virtual size: 36KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

cd:d2:a4:d4:4b:ba:55:08:7e:2c:62:e2:83:51:d2:d6:16:29:8f:7d:cc:e4:5c:79:fb:40:47:6c:10:c2:95:cb
Signer

21:5a:b9:57:9b:09:47:73:28:32:96:44:e1:ae:47:88:55:ae:80:f5
Signer

.text
Size: 264KB - Virtual size: 263KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 3KB - Virtual size: 8KB

.rsrc
Size: 36KB - Virtual size: 36KB