15b4549a97dd1012fb6b58114c9c8846_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

15b4549a97dd1012fb6b58114c9c8846_JaffaCakes118
Size

4.5MB
MD5

15b4549a97dd1012fb6b58114c9c8846
SHA1

a59210fa9d094771cdfe78757d059ea5a3d61ed9
SHA256

45f600e97d3e3ed3490c146e02c063647a2f13f3587576a71f05cabe80a1dbb0
SHA512

69757845871c496e98c1b47c7c40ce23c76cf8ee3a54c5e70234528062da1c37fb1136761de2fbc35d29e58ae15756ca78bca47d89efe60f02e3a6c70897c40e
SSDEEP

98304:TONsaQyPPWWA+woQP4+37Jzz0B5N2uqhk0sHu2NxoRL/iw52qGMsvLs:KNFnP+KOJzu5N2+02bHwB9

Score

1^/10

Malware Config

Signatures

Files

15b4549a97dd1012fb6b58114c9c8846_JaffaCakes118
.exe windows:5 windows x86 arch:x86

236d441acf93896ef90399ad5b59e964

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:37:98:be:7f:17:9e:a9:62:92:57:13:e8:e5:a5:8c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24/07/2006, 00:00

Not After

04/10/2008, 23:59

Subject

CN=Patchou,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software Development,O=Patchou,L=Laval,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Patchou\Documents\Programmation\Messenger Plus! Live\Code\Release\Setup.pdb

Imports

riched20

ord4

comctl32

ImageList_Destroy
ImageList_Create
ImageList_SetOverlayImage
ImageList_Add

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wtsapi32

WTSEnumerateProcessesW
WTSQuerySessionInformationW
WTSFreeMemory

kernel32

SetFileAttributesA
FileTimeToLocalFileTime
InterlockedDecrement
FormatMessageW
SetFilePointer
ReadFile
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
MulDiv
lstrcmpW
FreeLibrary
GetLocaleInfoW
DuplicateHandle
WaitForMultipleObjects
SetFileTime
MoveFileA
FlushFileBuffers
GetStdHandle
SetEndOfFile
GetFileType
CreateDirectoryA
GetModuleHandleA
DeviceIoControl
FindFirstFileA
FindNextFileA
GetModuleFileNameA
FileTimeToSystemTime
SystemTimeToFileTime
GetFileAttributesA
MultiByteToWideChar
GetCPInfo
IsDBCSLeadByte
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringA
HeapCreate
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
CreateThread
ExitThread
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
LoadLibraryA
InterlockedExchange
LocalAlloc
GetTempPathW
GetTickCount
DeleteFileA
CreateFileA
GetProcAddress
RaiseException
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
SetLastError
FlushInstructionCache
GetCommandLineW
GetBinaryTypeW
GetUserDefaultLangID
FindClose
FindNextFileW
GetPrivateProfileIntW
GetPrivateProfileStringW
FindFirstFileW
GetModuleHandleW
CreateMutexW
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentProcess
GetVersionExW
WriteFile
CreateProcessW
lstrlenW
RemoveDirectoryW
LocalFree
CreateDirectoryW
CopyFileW
SetFileAttributesW
CreateFileW
GetLastError
GetFileAttributesW
TerminateProcess
OpenProcess
Sleep
WaitForSingleObject
DeleteFileW
SetEvent
CreateEventW
CloseHandle
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LocalFileTimeToFileTime

user32

MapDialogRect
ScrollWindow
UpdateWindow
SetActiveWindow
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowRgn
GetActiveWindow
IntersectRect
GetWindowPlacement
IsZoomed
AdjustWindowRectEx
GetWindowInfo
SetForegroundWindow
BringWindowToTop
IsIconic
LockSetForegroundWindow
EqualRect
TrackPopupMenu
SetMenuItemInfoW
GetMenuItemCount
EnableMenuItem
AppendMenuW
SetMenuInfo
DialogBoxIndirectParamW
DestroyMenu
KillTimer
SetTimer
GetSysColorBrush
GetWindowDC
ShowWindow
CopyRect
GetSystemMetrics
DrawTextW
SystemParametersInfoW
DestroyIcon
DrawFocusRect
IsWindowEnabled
GetWindowTextLengthW
IsChild
GetFocus
GetSysColor
CharNextW
RedrawWindow
GetClassInfoExW
CreateWindowExW
CreateAcceleratorTableW
ClientToScreen
ScreenToClient
MoveWindow
SetCapture
CreateDialogIndirectParamW
CheckDlgButton
IsDlgButtonChecked
PostQuitMessage
OemToCharBuffA
OemToCharA
CharUpperW
CharToOemA
CharLowerA
CreatePopupMenu
CharLowerW
UnregisterClassA
SendMessageW
GetDlgItem
SetWindowTextW
GetDesktopWindow
IsWindowVisible
MessageBoxW
EnableWindow
SetCursor
LoadCursorW
EndDialog
SetWindowLongW
EnumWindows
RegisterWindowMessageW
SendMessageTimeoutW
ReleaseCapture
FillRect
InvalidateRgn
DestroyAcceleratorTable
DefWindowProcW
RegisterClassExW
SetFocus
EndPaint
BeginPaint
GetUpdateRect
FindWindowExW
CallWindowProcW
MessageBeep
GetKeyState
InflateRect
DestroyWindow
IsWindow
PostThreadMessageW
LoadImageW
PostMessageW
PeekMessageW
SetWindowPos
MapWindowPoints
GetClientRect
GetCursorPos
GetWindow
InvalidateRect
GetWindowLongW
OffsetRect
PtInRect
ReleaseDC
GetDC
GetWindowRect
MonitorFromRect
GetMonitorInfoW
MonitorFromPoint
GetParent
DialogBoxParamW
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
GetShellWindow
GetWindowThreadProcessId
GetWindowTextW
GetClassNameW

gdi32

ExcludeClipRect
SetBkColor
CreateRoundRectRgn
SelectClipRgn
GetClipRgn
CombineRgn
CreateRectRgn
SetBitmapDimensionEx
RoundRect
GetBitmapDimensionEx
GetObjectA
GetPixel
LineTo
MoveToEx
GetObjectW
DeleteObject
RestoreDC
SetBkMode
SaveDC
SetTextColor
StretchBlt
SetLayout
GetLayout
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
Rectangle
SelectObject
GetStockObject
CreatePen
GetDeviceCaps
CreateFontIndirectW
GetTextExtentPoint32W

advapi32

AdjustTokenPrivileges
CreateWellKnownSid
GetNamedSecurityInfoW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
SetEntriesInAclW
RegCloseKey
LookupPrivilegeValueW
SetFileSecurityA
SetFileSecurityW
RegNotifyChangeKeyValue
CopySid
GetLengthSid
EqualSid
GetTokenInformation
OpenProcessToken
RegFlushKey
RegSetValueExW
RegQueryValueExW
SetNamedSecurityInfoW
BuildTrusteeWithSidW

shell32

ShellExecuteW
SHBrowseForFolderW
CommandLineToArgvW
SHFileOperationW
SHChangeNotify
SHGetMalloc
SHGetPathFromIDListW
SHGetFolderLocation
SHGetFolderPathW
SHCreateDirectoryExW

ole32

OleUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemAlloc
StringFromGUID2
CoGetClassObject
CLSIDFromString
OleLockRunning
CLSIDFromProgID
OleInitialize
OleRun
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SysFreeString
VariantInit
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
VariantChangeType
VariantCopy
DispCallFunc
OleCreateFontIndirect
SysStringLen
LoadRegTypeLi
LoadTypeLi
GetErrorInfo

Sections

.text
Size: 674KB - Virtual size: 673KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

236d441acf93896ef90399ad5b59e964

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

75:37:98:be:7f:17:9e:a9:62:92:57:13:e8:e5:a5:8cCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

riched20

comctl32

version

wtsapi32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 674KB - Virtual size: 673KB

.rdata Size: 124KB - Virtual size: 124KB

.data Size: 20KB - Virtual size: 45KB

.rsrc Size: 3.7MB - Virtual size: 3.7MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:37:98:be:7f:17:9e:a9:62:92:57:13:e8:e5:a5:8c
Certificate

.text
Size: 674KB - Virtual size: 673KB

.rdata
Size: 124KB - Virtual size: 124KB

.data
Size: 20KB - Virtual size: 45KB

.rsrc
Size: 3.7MB - Virtual size: 3.7MB