2cd137d2ef7fa0d330e7163d193af03b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2cd137d2ef7fa0d330e7163d193af03b_JaffaCakes118
Size

364KB
MD5

2cd137d2ef7fa0d330e7163d193af03b
SHA1

451f837b84fc37d1591a41bb388974f5000e1208
SHA256

21e6b7c53c3d48c64c15bb7b385ab445cc682fcd0493ca8f1987dfce4ee31119
SHA512

e41f1f9b0be9756148ba730142a730a62732d633bf388c4f626af1a01e43619754dbc8b854abedce08db28131c3bdb7a9cddc70ee9e5014d032b734d2b9b995a
SSDEEP

6144:RUMPFgM0PN4ueysgunRQn+m/lG+eXhAcQgEKwxhW1GdTCJ8DoP3e8q:RdPFgMCNLey7oRQn+WeXhAcoKse17G8

Score

1^/10

Malware Config

Signatures

Files

2cd137d2ef7fa0d330e7163d193af03b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3c640c36a4db3d0e3065d41ecc5e5e78

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:bc:3a:51:b5:89:e5:af:43:29:1d:f8:4e:a4:c5:71
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/12/2011, 00:00

Not After

25/12/2014, 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Kingsoft Security software Co.\,Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ca:f5:33:21:44:dd:1f:cc:9c:67:c0:7f:19:02:19:73:6b:38:3a:98
Signer

Actual PE Digest

ca:f5:33:21:44:dd:1f:cc:9c:67:c0:7f:19:02:19:73:6b:38:3a:98

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\code\p2p\client\BTKernel\Release\ksgamedown.pdb

Imports

kernel32

SetFileAttributesA
GetCommandLineA
GetTickCount
CreateEventA
CreateProcessA
CreateThread
ExitProcess
GetCurrentThreadId
FindFirstFileA
ResumeThread
FindClose
GetExitCodeThread
FindNextFileA
GetDiskFreeSpaceExA
IsBadReadPtr
LoadLibraryW
VirtualFree
FreeLibrary
LoadLibraryA
VirtualAlloc
ReadProcessMemory
VirtualQuery
VirtualProtect
WriteProcessMemory
CreateNamedPipeA
WaitNamedPipeA
ConnectNamedPipe
DisconnectNamedPipe
ReadFile
SetUnhandledExceptionFilter
IsBadWritePtr
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
CloseHandle
DeleteCriticalSection
GetFileSizeEx
WritePrivateProfileStringA
SetLastError
GetPrivateProfileSectionA
WritePrivateProfileSectionA
GetComputerNameA
lstrlenA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
SystemTimeToFileTime
WriteFile
CopyFileA
CreateFileA
SetFilePointer
GetModuleHandleA
RemoveDirectoryA
Sleep
GetProcAddress
DeleteFileA
WaitForSingleObject
OpenProcess
SetEvent
GetLocalTime
GetModuleFileNameA
GetCurrentProcessId
ReleaseMutex
GetLastError
CreateMutexA
SetPriorityClass
GetPriorityClass
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
InitializeCriticalSection
InterlockedExchange
SetEndOfFile
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
WinExec
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
HeapReAlloc
HeapCreate
HeapDestroy
HeapSize
LCMapStringW
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
GetProcessHeap
GetStartupInfoA
RaiseException
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar

user32

PeekMessageA
SetTimer
SetPropA
GetDesktopWindow
GetMessageA
MessageBoxA
wsprintfA
PostMessageA

advapi32

CloseServiceHandle
QueryServiceConfigA
ChangeServiceConfigA
QueryServiceStatus
StartServiceA
DeleteService
ControlService
ChangeServiceConfig2A
CreateServiceA
OpenServiceA
OpenSCManagerA
SetServiceStatus
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA

shlwapi

PathIsDirectoryA
PathIsRootA
StrStrIA
PathFileExistsA

ws2_32

htons
gethostbyname
send
recv
shutdown
setsockopt
WSASend
WSARecv
WSAIoctl
WSASocketA
socket
ioctlsocket
connect
select
WSAGetLastError
WSAStartup
WSACleanup
WSACreateEvent
inet_addr
WSAEventSelect
closesocket

btkernel

?GetInterface@IBTKernel@BTKERNEL@@SAPAU12@XZ
?ReleaseInterface@IBTKernel@BTKERNEL@@SAXAAPAU12@@Z

psapi

GetModuleBaseNameA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

rpcrt4

UuidCreateSequential

ole32

OleRun
CoInitialize
CoCreateInstance
CLSIDFromProgID
CoUninitialize
CLSIDFromString

oleaut32

SysFreeString
SafeArrayDestroy
SafeArrayCreate
VariantCopy
VariantClear
GetErrorInfo
SysAllocString
VariantInit
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
SafeArrayPutElement

Sections

.text
Size: 192KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3c640c36a4db3d0e3065d41ecc5e5e78

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

07:bc:3a:51:b5:89:e5:af:43:29:1d:f8:4e:a4:c5:71Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

ca:f5:33:21:44:dd:1f:cc:9c:67:c0:7f:19:02:19:73:6b:38:3a:98Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shlwapi

ws2_32

btkernel

psapi

version

rpcrt4

ole32

oleaut32

Sections

.text Size: 192KB - Virtual size: 189KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 68KB - Virtual size: 73KB

.rsrc Size: 60KB - Virtual size: 60KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

07:bc:3a:51:b5:89:e5:af:43:29:1d:f8:4e:a4:c5:71
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ca:f5:33:21:44:dd:1f:cc:9c:67:c0:7f:19:02:19:73:6b:38:3a:98
Signer

.text
Size: 192KB - Virtual size: 189KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 68KB - Virtual size: 73KB

.rsrc
Size: 60KB - Virtual size: 60KB