35f0f108ca0e215e5404284f12a61e3d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

35f0f108ca0e215e5404284f12a61e3d_JaffaCakes118
Size

15.7MB
MD5

35f0f108ca0e215e5404284f12a61e3d
SHA1

3c27ba180d23ab9d9ad17b8e663ab3477476a395
SHA256

2fc96939589154179a8c403a3d1f096333f148bf7572cb51715b9e846a1ebcf4
SHA512

0f9a6ef8dcbaf35a3a9eb883a38f949d0ab9c2aaf7b5d081f22afc83a3be318510a692c8d0462040289b922268057ddc222994b63ddc921840452e9deb353d0b
SSDEEP

393216:LEvj37qDjdo2SjIZmGdcSyI0/pACSewo5gWxiFnNVMG:Ivj3SjdodjIZX5ro5XiFNF

Score

1^/10

Malware Config

Signatures

Files

35f0f108ca0e215e5404284f12a61e3d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

64584c317b4ddc6dcb986870bbeb2615

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

49:d6:5a:c5:38:2c:94:a3:1d:60:07:9e:1c:65:01:49
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14/11/2017, 00:00

Not After

14/11/2018, 23:59

Subject

CN=Advanced System Repair\, Inc.,O=Advanced System Repair\, Inc.,L=Newport Coast,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:20:70:29:6b:cd:c2:e1:e0:cd:57:34:71:c6:57:e5:fb:6d:a3:20
Signer

Actual PE Digest

2b:20:70:29:6b:cd:c2:e1:e0:cd:57:34:71:c6:57:e5:fb:6d:a3:20

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetStartupInfoA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
GetFileType
SetStdHandle
HeapSize
ExitProcess
VirtualQuery
GetSystemInfo
RtlUnwind
IsDebuggerPresent
UnhandledExceptionFilter
HeapReAlloc
CreateThread
ExitThread
GetStartupInfoW
VirtualProtect
SearchPathW
GetProfileIntW
SetErrorMode
GetTempFileNameW
GetCurrentDirectoryW
GetFullPathNameW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
lstrcpyW
GlobalFlags
GetThreadLocale
lstrlenA
GlobalGetAtomNameW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
GetCurrentProcessId
InterlockedIncrement
SetThreadPriority
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
LoadLibraryExW
CompareStringA
GlobalReAlloc
InterlockedExchange
RaiseException
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
LoadLibraryW
CompareStringW
LoadLibraryA
FreeLibrary
lstrcmpW
GetVersionExA
GetModuleHandleA
SetLastError
GlobalFree
GlobalSize
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
IsBadReadPtr
GetFileTime
GetFileAttributesW
GetFileSizeEx
SetFilePointer
GetVolumeInformationW
lstrlenW
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoW
SuspendThread
GetCommandLineW
SetUnhandledExceptionFilter
WritePrivateProfileStringW
GetPrivateProfileIntW
GlobalUnlock
GlobalLock
GlobalAlloc
ResumeThread
FindResourceExW
GetSystemDirectoryW
GetModuleFileNameW
FileTimeToSystemTime
SystemTimeToFileTime
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThread
WideCharToMultiByte
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
GetTickCount
GetLocalTime
GetTempPathW
CreateProcessW
ReadFile
GetFileSize
LocalAlloc
CreateDirectoryW
MultiByteToWideChar
FindNextFileW
SetFileAttributesW
RemoveDirectoryW
FindFirstFileW
FlushFileBuffers
WriteFile
CreateFileW
GetModuleHandleW
GetProcAddress
CopyFileW
DeleteFileW
LocalFree
FreeResource
FindClose
CloseHandle
MulDiv
InterlockedDecrement
FindResourceW
LoadResource
LockResource
SizeofResource
FormatMessageW
GetLastError
GetCurrentProcess
TerminateProcess
Sleep
SetDllDirectoryW
WaitForSingleObject
SetEnvironmentVariableA

user32

ToUnicodeEx
DestroyAcceleratorTable
SetClassLongW
GetDoubleClickTime
CopyIcon
GetIconInfo
SetCursorPos
GetMenuDefaultItem
SetMenuDefaultItem
IsMenu
SetParent
LockWindowUpdate
IsZoomed
GetAsyncKeyState
NotifyWinEvent
GetSystemMenu
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
TranslateAcceleratorW
RegisterClipboardFormatW
MessageBeep
GetNextDlgGroupItem
DeleteMenu
WaitMessage
UnregisterClassW
CharUpperW
UnionRect
SetWindowRgn
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
CharNextW
ReleaseCapture
SetCapture
InvalidateRgn
CopyAcceleratorTableW
GetWindowThreadProcessId
GetSysColorBrush
MapVirtualKeyW
GetKeyNameTextW
ShowOwnedPopups
GetMessageW
TranslateMessage
ValidateRect
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
WindowFromPoint
LoadMenuW
EmptyClipboard
CloseClipboard
SetClipboardData
DestroyIcon
CopyImage
OpenClipboard
SetRectEmpty
DrawStateW
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
GetKeyboardLayout
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
RemovePropW
GetFocus
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetClientRect
KillTimer
SetTimer
PostMessageW
EnableWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
ShowScrollBar
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowTextLengthW
GetWindowTextW
GetScrollPos
SetScrollPos
SetFocus
GetDesktopWindow
GetActiveWindow
SetActiveWindow
GetKeyboardState
CreateAcceleratorTableW
PostThreadMessageW
EnableScrollBar
UpdateLayeredWindow
FrameRect
CharUpperBuffW
GetUpdateRect
IsClipboardFormatAvailable
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
IsCharLowerW
MapVirtualKeyExW
CreateMenu
DestroyCursor
GetWindowRgn
UpdateWindow
SendMessageW
CreatePopupMenu
AppendMenuW
GetCursorPos
ScreenToClient
GetParent
GetPropW
SetPropW
GetWindow
GetWindowRect
FindWindowW
SendMessageTimeoutW
MessageBoxW
RedrawWindow
InvalidateRect
SetCursor
LoadCursorW
SetRect
LoadImageW
GetDC
ReleaseDC
FillRect
LoadIconW
IsIconic
GetSystemMetrics
DrawIcon
SetForegroundWindow
LoadBitmapW
IsWindowVisible
SetWindowPos
IsRectEmpty
PtInRect
BringWindowToTop
GetSysColor
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
GetMenuStringW
GetMenuState
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
SubtractRect

gdi32

OffsetRgn
CreatePalette
GetPaletteEntries
RoundRect
ExtFloodFill
SetPaletteEntries
GetViewportOrgEx
LPtoDP
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExW
GetWindowOrgEx
CreateRoundRectRgn
GetTextFaceW
SetPixelV
ExtTextOutW
TextOutW
RectVisible
GetTextCharsetInfo
Rectangle
EnumFontFamiliesW
CreateDIBitmap
Polygon
Ellipse
Polyline
CreatePolygonRgn
CreateEllipticRgn
GetTextColor
GetBkColor
GetRgnBox
GetTextMetricsW
DPtoLP
GetMapMode
SetRectRgn
CreateRectRgnIndirect
CreateDIBSection
SetPixel
StretchBlt
CombineRgn
RealizePalette
SetDIBColorTable
GetDCOrgEx
CreateHatchBrush
CreatePen
GetObjectType
SelectPalette
CreateBitmap
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
CopyMetaFileW
SaveDC
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
PatBlt
GetObjectW
CreatePatternBrush
GetDeviceCaps
DeleteDC
CreateCompatibleDC
BitBlt
GetTextExtentPoint32W
CreateFontIndirectW
CreateSolidBrush
CreateFontW
GetStockObject
CreateCompatibleBitmap
Escape

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

LookupAccountSidW
CryptImportKey
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptDecrypt
RegCloseKey
CloseServiceHandle
FreeSid
AllocateAndInitializeSid
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegFlushKey
StartServiceW
AdjustTokenPrivileges
CryptAcquireContextW
GetTokenInformation
OpenProcessToken
OpenThreadToken
DeleteService
ControlService
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
RegQueryValueExW
RegCreateKeyExW
SetFileSecurityW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW

shell32

SHGetSpecialFolderPathW
SHAppBarMessage
SHGetFileInfoW
DragFinish
DragQueryFileW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW

comctl32

_TrackMouseEvent
InitCommonControlsEx
ImageList_GetIconSize

shlwapi

SHSetValueW
SHDeleteKeyW
SHDeleteValueW
SHGetValueW
PathFileExistsW
PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoInitializeEx
CoUninitialize
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoRegisterMessageFilter
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
IsAccelerator
OleTranslateAccelerator
DoDragDrop
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard
OleLockRunning
CLSIDFromProgID
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CLSIDFromString

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
VariantChangeType
SysStringLen
SysAllocStringLen
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect

gdiplus

GdipGetImageGraphicsContext
GdiplusShutdown
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdiplusStartup
GdipDeleteGraphics
GdipGetImageWidth
GdipGetImageHeight
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipDrawImageI

imm32

ImmGetOpenStatus
ImmGetContext
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 725KB - Virtual size: 725KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64584c317b4ddc6dcb986870bbeb2615

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

49:d6:5a:c5:38:2c:94:a3:1d:60:07:9e:1c:65:01:49Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

2b:20:70:29:6b:cd:c2:e1:e0:cd:57:34:71:c6:57:e5:fb:6d:a3:20Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

imm32

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 299KB - Virtual size: 299KB

.data Size: 25KB - Virtual size: 53KB

.rsrc Size: 725KB - Virtual size: 725KB

.reloc Size: 155KB - Virtual size: 154KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

49:d6:5a:c5:38:2c:94:a3:1d:60:07:9e:1c:65:01:49
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

2b:20:70:29:6b:cd:c2:e1:e0:cd:57:34:71:c6:57:e5:fb:6d:a3:20
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 299KB - Virtual size: 299KB

.data
Size: 25KB - Virtual size: 53KB

.rsrc
Size: 725KB - Virtual size: 725KB

.reloc
Size: 155KB - Virtual size: 154KB