426ea7d09edc38de8aa1291ba61cdbfb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

426ea7d09edc38de8aa1291ba61cdbfb_JaffaCakes118
Size

1.9MB
MD5

426ea7d09edc38de8aa1291ba61cdbfb
SHA1

b5a684ce5f5fc825b963a2ff5c7ebedcdc81041b
SHA256

7acb026b3d6abb4ed0523640fa2f840e8a7c8bea2d39edcff8ab5224849aab24
SHA512

c7f020a1a37352f73951ab92bbf9cdbeb58ce8159111b565f19f8f68014dc3ecc44f6e26ada8e95b6e82d7ab22044e809f267cbf8e04b54f6356203b6ad474fd
SSDEEP

12288:NkVHNdxQH2Fwh6IjSyocefG14nG95QKH45JQJ6sEzf4Js1xbOpZt7JXZMYrU3h:Wt5ZsjInh5eJ6sIBxbO7RJJdU3h

Score

1^/10

Malware Config

Signatures

Files

426ea7d09edc38de8aa1291ba61cdbfb_JaffaCakes118
.dll windows:6 windows x86 arch:x86

e84e4f75dcf98e8ae50835fe675dc41d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

21/04/2016, 10:04

Not After

22/04/2017, 10:04

Subject

CN=WinZip Computing LLC,OU=IT Infrastructure,O=WinZip Computing LLC,L=Mansfield,ST=CT,C=US,1.2.840.113549.1.9.1=#0c0f68656c704077696e7a69702e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

21/04/2016, 10:04

Not After

22/04/2017, 10:04

Subject

CN=WinZip Computing LLC,OU=IT Infrastructure,O=WinZip Computing LLC,L=Mansfield,ST=CT,C=US,1.2.840.113549.1.9.1=#0c0f68656c704077696e7a69702e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

89:72:60:53:70:87:64:e5:c3:b6:b0:24:5b:19:c3:cc:99:db:3c:a5:75:0e:8a:c6:7a:93:b0:15:b0:df:f5:1a
Signer

Actual PE Digest

89:72:60:53:70:87:64:e5:c3:b6:b0:24:5b:19:c3:cc:99:db:3c:a5:75:0e:8a:c6:7a:93:b0:15:b0:df:f5:1a

Digest Algorithm

sha256

PE Digest Matches

true

93:d3:8d:51:95:ae:68:4a:29:a0:04:69:b7:a9:f8:d4:d6:44:d9:3c
Signer

Actual PE Digest

93:d3:8d:51:95:ae:68:4a:29:a0:04:69:b7:a9:f8:d4:d6:44:d9:3c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WzWIA32.pdb

Imports

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetAllPropertyItems
GdipGetPropertySize
GdipLoadImageFromFile
GdipGetImageThumbnail
GdipImageRotateFlip
GdipSaveImageToFile
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectI
GdipGetImageWidth
GdipGetImageHeight
GdipGetImageRawFormat
GdipLoadImageFromStream
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdiplusStartup
GdiplusShutdown
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushI
GdipFlush
GdipFillRectangleI
GdipFree

kernel32

GetUserDefaultUILanguage
SetThreadUILanguage
FormatMessageW
LocalFree
FindFirstFileW
FindClose
CreateDirectoryW
ExitProcess
SetErrorMode
GlobalAlloc
VerifyVersionInfoW
LoadLibraryExW
GetModuleFileNameW
FreeLibrary
VerSetConditionMask
SetFilePointer
CreateFileA
CreateDirectoryA
SetFileTime
SystemTimeToFileTime
WriteFile
CreateFileW
GlobalUnlock
GlobalLock
GetTickCount
Sleep
DeleteCriticalSection
DecodePointer
RaiseException
CloseHandle
SetEvent
SetStdHandle
GetCommandLineW
GetCommandLineA
GetLastError
InitializeCriticalSectionAndSpinCount
CreateEventA
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetOEMCP
IsValidCodePage
GetCPInfo
HeapSize
HeapReAlloc
GetTimeZoneInformation
CreateThread
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetStringTypeW
HeapAlloc
HeapFree
GlobalFree
IsDebuggerPresent
SetEnvironmentVariableA
WriteConsoleW
GetModuleHandleExW
GetStdHandle
InterlockedFlushSList
CreateFileMappingW
SetLastError
MultiByteToWideChar
GetVersionExW
GetLocaleInfoW
LoadResource
FindResourceExW
GetSystemDefaultUILanguage
UnmapViewOfFile
MapViewOfFile
SearchPathW
WaitForSingleObjectEx
ExpandEnvironmentStringsW
GetModuleHandleW
GetProcAddress
GetTempPathW
GetSystemDirectoryW
GetWindowsDirectoryW
LoadLibraryW
GetSystemTimeAsFileTime
FlushFileBuffers
GetFileType
ReadFile
SetFilePointerEx
OutputDebugStringW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
WideCharToMultiByte
OpenEventA
ResetEvent
LockResource
IsBadReadPtr
IsBadWritePtr
SizeofResource
FindResourceW
MulDiv
FreeResource
GlobalSize
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
GetACP
FormatMessageA
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
EncodePointer
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

user32

GetWindowTextW
GetWindowTextLengthW
LoadStringW
DestroyWindow
GetDlgItem
GetDlgCtrlID
DrawTextW
BeginPaint
EndPaint
InvalidateRect
GetSysColor
GetWindowLongW
SetWindowLongW
CreateWindowExW
CreateDialogParamW
EndDialog
GetClassNameW
GetWindow
CallWindowProcW
SetFocus
GetFocus
LoadMenuW
DestroyMenu
GetSubMenu
TrackPopupMenu
GetMenuItemInfoW
SetCursor
LoadCursorW
CheckRadioButton
GetSystemMetrics
DestroyIcon
IsIconic
GetCursorPos
SetRectEmpty
IsRectEmpty
PtInRect
GetDesktopWindow
LoadImageW
SystemParametersInfoW
MonitorFromPoint
TranslateMessage
GetMonitorInfoW
GetKeyState
SetTimer
KillTimer
IsWindowEnabled
GetWindowDC
SetPropW
DrawFocusRect
FillRect
FrameRect
DispatchMessageW
GetPropW
CreateDialogIndirectParamW
DialogBoxParamW
DialogBoxIndirectParamW
CharNextW
CheckDlgButton
IsDlgButtonChecked
SetForegroundWindow
MapDialogRect
TrackMouseEvent
AnimateWindow
SetCapture
ReleaseCapture
DefWindowProcW
RegisterClassExW
GetClassInfoExW
CreatePopupMenu
AppendMenuW
SetParent
SetScrollInfo
GetScrollInfo
GetClassLongW
SetClassLongW
GetComboBoxInfo
DrawTextExW
DrawIconEx
PeekMessageW
ReleaseDC
GetDC
MoveWindow
GetParent
MapWindowPoints
SetWindowPos
ScreenToClient
GetWindowRect
GetClientRect
IsWindowVisible
EnableWindow
MessageBoxW
ShowWindow
SendMessageW
PostMessageW
SetWindowTextW
IsWindow
UpdateWindow
MonitorFromRect
InflateRect

advapi32

RegEnumValueW
RegOpenKeyExW
RegCreateKeyW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
SystemFunction036
RegEnumKeyExW
RegSetValueExW
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyW

shell32

SHGetSpecialFolderPathW
ShellExecuteExW

ole32

CoTaskMemRealloc
GetHGlobalFromStream
CreateStreamOnHGlobal
CoTaskMemFree
PropVariantClear
CoCreateInstance
CoTaskMemAlloc
CLSIDFromProgID

oleaut32

VarUI4FromStr
VariantTimeToSystemTime
SysAllocString
SysFreeString

shlwapi

ord176
SHDeleteKeyW
SHDeleteValueW

comctl32

ord412
ord413
_TrackMouseEvent
ImageList_Create
ImageList_Destroy
ord410
ImageList_GetIcon

gdi32

Ellipse
MoveToEx
LineTo
SetDCBrushColor
GetTextExtentPoint32W
CreateFontIndirectW
DeleteObject
GetStockObject
SelectObject
SetBkColor
SetBkMode
GetObjectW
CreateSolidBrush
SetTextColor
BitBlt
CreateCompatibleDC
DeleteDC
GetBkColor
GetDeviceCaps
GetDIBits
SetDIBits
GetTextExtentExPointW
CreateCompatibleBitmap
CreatePen
TextOutW

msimg32

AlphaBlend

Exports

Exports

AcquireImages
DeleteImages
DestroyDeviceSession
DevNameFromID
DisconnectFromDevice
EnumerateDevices
ImageFilePropertiesDlg
ImagePropertiesDlg
NewDeviceSession
ResetDeviceSession
ScanImages
WiaRegisterHandler
WiaUnregisterHandler
WpdRegisterHandler
WpdUnregisterHandler

Sections

.text
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e84e4f75dcf98e8ae50835fe675dc41d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:37:e8Certificate

Extended Key Usages

Key Usages

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:37:e8Certificate

Extended Key Usages

Key Usages

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41Certificate

Extended Key Usages

Key Usages

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80Certificate

Extended Key Usages

Key Usages

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9Certificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

89:72:60:53:70:87:64:e5:c3:b6:b0:24:5b:19:c3:cc:99:db:3c:a5:75:0e:8a:c6:7a:93:b0:15:b0:df:f5:1aSigner

93:d3:8d:51:95:ae:68:4a:29:a0:04:69:b7:a9:f8:d4:d6:44:d9:3cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdi32

msimg32

Exports

Exports

Sections

.text Size: 478KB - Virtual size: 477KB

.rdata Size: 164KB - Virtual size: 164KB

.data Size: 13KB - Virtual size: 78KB

.gfids Size: 512B - Virtual size: 344B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 36KB - Virtual size: 36KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

89:72:60:53:70:87:64:e5:c3:b6:b0:24:5b:19:c3:cc:99:db:3c:a5:75:0e:8a:c6:7a:93:b0:15:b0:df:f5:1a
Signer

93:d3:8d:51:95:ae:68:4a:29:a0:04:69:b7:a9:f8:d4:d6:44:d9:3c
Signer

.text
Size: 478KB - Virtual size: 477KB

.rdata
Size: 164KB - Virtual size: 164KB

.data
Size: 13KB - Virtual size: 78KB

.gfids
Size: 512B - Virtual size: 344B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 36KB - Virtual size: 36KB