2a694900f7320d4692a8ea836bc49e2e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2a694900f7320d4692a8ea836bc49e2e_JaffaCakes118
Size

4.1MB
MD5

2a694900f7320d4692a8ea836bc49e2e
SHA1

8862127e21e161eaa8a898d6edfd95263b6fb798
SHA256

0a1826918ac5f03e26f0a439656c0ff8032e53995d6319f361d5f6996ec56a2d
SHA512

8755f0c434c59faa21ac05bf51d93d8242cde31680ad91207eea93d3ec568ffcd4fb2eeb78c1635b98010384a7855dc1868701e06d3e814072920c62280b2b90
SSDEEP

49152:Lmz0/x2vnxLeJjc5xgm66aaw/6Mzkbg3unndgXrqnGaUdwlpUtg1bxWGTc2bp/yl:I0/eNeJ0OThCMzvbCHUdyYIye2uq

Score

1^/10

Malware Config

Signatures

Files

2a694900f7320d4692a8ea836bc49e2e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9341b621c807f32213cabe3d36df0f30

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

82:00:a1:d4:b7:c3:95:97:9c:a0:95:ac:ac:93:65:22
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27/06/2014, 00:00

Not After

27/06/2015, 23:59

Subject

CN=Atom Security OOO,OU=development,O=Atom Security OOO,POSTALCODE=630090,STREET=Academician Koptyuga Prospect\, 4\,office 158,L=Novosibirsk,ST=nso,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:e3:45:d1:d7:a9:a3:77:7e:21:25:eb:a7:c0:81:ed:ba:8a:78:53
Signer

Actual PE Digest

fe:e3:45:d1:d7:a9:a3:77:7e:21:25:eb:a7:c0:81:ed:ba:8a:78:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipCloneImage
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipFillPieI
GdipFillRectangleI
GdipDrawEllipseI
GdipDrawArcI
GdipSetPenColor
GdipDeletePen
GdipCreatePen1
GdipSetSolidFillColor
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFree
GdipDisposeImage
GdipScaleWorldTransform
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipSaveImageToFile
GdipAlloc

advapi32

RegCloseKey
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegCreateKeyExA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
ReportEventA
RegisterEventSourceA
CryptEnumProvidersA
CryptDestroyKey
CryptGetProvParam
CryptAcquireContextA
CryptGetUserKey
CryptExportKey
CryptSignHashA
CryptSetHashParam
CryptDecrypt
RegDeleteValueW
StartServiceW
StartServiceCtrlDispatcherW
RegCreateKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptAcquireContextW
CryptGenRandom
DeregisterEventSource
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
RegisterServiceCtrlHandlerExW
SetServiceStatus

netapi32

NetUseAdd
NetUseDel

mswsock

TransmitFile

kernel32

GetVersion
RaiseException
HeapSize
HeapReAlloc
HeapDestroy
LocalFree
GetLastError
GetFileSize
GetStdHandle
ReadFile
CloseHandle
FormatMessageA
CreateFileW
WriteConsoleA
DeviceIoControl
GetModuleFileNameA
GetVolumeInformationA
WideCharToMultiByte
LockResource
LoadResource
SizeofResource
lstrlenA
lstrlenW
FindResourceW
FindResourceExW
MultiByteToWideChar
FindClose
GetFullPathNameW
GetFileAttributesW
FindFirstFileW
FindNextFileW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetFilePointer
SystemTimeToFileTime
FileTimeToSystemTime
FormatMessageW
InterlockedIncrement
InterlockedDecrement
CopyFileW
CreateDirectoryA
CreateDirectoryW
SetFileTime
CompareFileTime
HeapFree
GetProcessHeap
WaitForSingleObject
GetStringTypeW
GetModuleFileNameW
SystemTimeToTzSpecificLocalTime
SetThreadLocale
GetSystemDefaultLCID
WriteFile
GetSystemTime
lstrcmpW
lstrcpyW
InterlockedExchange
FreeLibrary
GetCurrentThreadId
SetErrorMode
SetEvent
WaitForMultipleObjects
Sleep
FlushFileBuffers
GetLocalTime
GetTickCount
ConnectNamedPipe
DisconnectNamedPipe
CreateEventW
LoadLibraryW
OutputDebugStringW
GetTempPathW
SetFileAttributesW
DeleteFileW
CreateNamedPipeW
LocalAlloc
CreateMutexW
GetProcAddress
GetCurrentProcess
GetCurrentProcessId
ResetEvent
GetLocaleInfoA
ReleaseMutex
FileTimeToLocalFileTime
RemoveDirectoryW
lstrcatW
GetVersionExW
ExitProcess
VirtualAlloc
VirtualFree
SetLastError
MoveFileW
MoveFileExW
OpenProcess
TerminateProcess
GetModuleHandleW
VerLanguageNameW
GetSystemTimeAsFileTime
GetSystemInfo
GetEnvironmentVariableA
SetEnvironmentVariableA
GetComputerNameA
GetVersionExA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
LoadLibraryA
ExpandEnvironmentStringsA
CreateFileA
RemoveDirectoryA
GetCurrentDirectoryA
GetTempPathA
GetLongPathNameA
FlushConsoleInputBuffer
GlobalMemoryStatus
FindFirstFileA
FindNextFileA
GetModuleHandleA
SetEndOfFile
SetConsoleCtrlHandler
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileAttributesA
GetFileAttributesExA
DeleteFileA
MoveFileA
SetStdHandle
LocalFileTimeToFileTime
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
SetFilePointerEx
ReadConsoleW
AreFileApisANSI
GetOEMCP
SetThreadPriority
GetExitCodeThread
CompareStringW
ReadConsoleInputA
HeapAlloc
IsValidCodePage
IsDebuggerPresent
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetTimeFormatW
GetDateFormatW
IsProcessorFeaturePresent
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualQuery
WriteConsoleW
GetModuleHandleExW
GetFileType
GetCommandLineW
GetConsoleMode
GetConsoleCP
GetDriveTypeW
FindFirstFileExW
GetCPInfo
LoadLibraryExW
ExitThread
CreateThread
GetACP
RtlUnwind
DecodePointer
EncodePointer
SetConsoleMode

user32

MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
UnregisterClassA
wsprintfW
MessageBoxW
EnumDisplaySettingsW
ShowWindow
IsIconic
SetForegroundWindow
TranslateMessage
DispatchMessageW
PeekMessageW
IsDialogMessageW
PostMessageW
InSendMessage
GetWindowThreadProcessId
SendMessageTimeoutW
FindWindowW
DestroyIcon

gdi32

DeleteObject

shell32

SHFileOperationW
ExtractIconExW
SHGetFolderPathA
SHCreateDirectoryExW
ord165
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoCreateGuid
CoInitializeEx
CoCreateInstance
OleRun
CLSIDFromString
StringFromGUID2
CoInitialize
CoInitializeSecurity
CreateStreamOnHGlobal
CoUninitialize

oleaut32

VariantChangeType
VariantClear
VariantInit
SysAllocStringByteLen
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocString
VariantTimeToSystemTime
SystemTimeToVariantTime
GetErrorInfo
SysStringByteLen

shlwapi

SHCreateStreamOnFileW
StrStrW

ws2_32

connect
closesocket
WSAGetLastError
WSAStartup
ioctlsocket
htons
inet_addr
shutdown
sendto
recvfrom
WSASetLastError
listen
getsockopt
getsockname
getpeername
bind
accept
getnameinfo
recv
select
send
setsockopt
socket
gethostbyaddr
gethostbyname
ntohs
getservbyname
ntohl
WSACleanup
getaddrinfo
freeaddrinfo

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

psapi

EnumProcesses
GetModuleBaseNameW
EnumProcessModules

crypt32

CertFreeCertificateContext
CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertGetCertificateContextProperty

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 860KB - Virtual size: 860KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9341b621c807f32213cabe3d36df0f30

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

82:00:a1:d4:b7:c3:95:97:9c:a0:95:ac:ac:93:65:22Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

fe:e3:45:d1:d7:a9:a3:77:7e:21:25:eb:a7:c0:81:ed:ba:8a:78:53Signer

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

advapi32

netapi32

mswsock

kernel32

user32

gdi32

shell32

ole32

oleaut32

shlwapi

ws2_32

version

iphlpapi

psapi

crypt32

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 860KB - Virtual size: 860KB

.data Size: 77KB - Virtual size: 183KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 156KB - Virtual size: 156KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

82:00:a1:d4:b7:c3:95:97:9c:a0:95:ac:ac:93:65:22
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

fe:e3:45:d1:d7:a9:a3:77:7e:21:25:eb:a7:c0:81:ed:ba:8a:78:53
Signer

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 860KB - Virtual size: 860KB

.data
Size: 77KB - Virtual size: 183KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 156KB - Virtual size: 156KB