4857a424bf992504306aaf7c58c6530e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4857a424bf992504306aaf7c58c6530e_JaffaCakes118
Size

2.1MB
MD5

4857a424bf992504306aaf7c58c6530e
SHA1

14eb0d03200aa74027d83dcea61db4a6bedbefb9
SHA256

9c574bb0c58b899efad8be94674a8106b7aeca376b72c0972ea5234d5d822497
SHA512

8be8f0607fe8271fedbef556646a62bd8fd457e08450e2d934c43d4b9c2364b9fc13449347aa7a45bf81f2865c9b2ee7a44f980a68f71b13eb522addcf560fe8
SSDEEP

49152:eCGVlA8OrgzznpytSqXM0eGtPtyodg5/0EGMdOJsTES4Y:eCalA8O0zznYJXM0eKcodg5/0EGFaL

Score

1^/10

Malware Config

Signatures

Files

4857a424bf992504306aaf7c58c6530e_JaffaCakes118
.dll windows:5 windows x86 arch:x86

7dea2fe067785d534b74b50a0272ac30

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05:d7:f2:d3:05:a2:78:ee:e7:1e:58:40:3e:06:21:f3
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

19/01/2016, 00:00

Not After

17/04/2016, 23:59

Subject

CN=yssoft,O=yssoft,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b6:c7:d5:d6:35:13:eb:70:36:fd:8d:23:0c:41:0b:30:06:3b:b9:22
Signer

Actual PE Digest

b6:c7:d5:d6:35:13:eb:70:36:fd:8d:23:0c:41:0b:30:06:3b:b9:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\pop\Release\subpop.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wininet

HttpOpenRequestA
HttpSendRequestA
InternetQueryDataAvailable
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA

netapi32

Netbios

kernel32

HeapSize
HeapQueryInformation
GetSystemTimeAsFileTime
SetStdHandle
GetFileType
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
IsValidCodePage
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetStdHandle
GetConsoleCP
ExitThread
GetStringTypeW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
LCMapStringW
WriteConsoleW
OutputDebugStringW
CreateFileW
SetEnvironmentVariableA
CreateThread
ExitProcess
AreFileApisANSI
GetProcessHeap
GetModuleHandleExW
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
GetACP
MultiByteToWideChar
GetLastError
FormatMessageA
CreateFileA
GetFileSize
CloseHandle
ReadFile
InitializeCriticalSectionAndSpinCount
GetLocalTime
GetModuleFileNameA
GetFileAttributesA
LoadLibraryA
FreeLibrary
Sleep
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
LocalFree
RaiseException
VirtualQuery
VirtualAlloc
GetSystemInfo
RtlUnwind
HeapReAlloc
GetCommandLineA
HeapFree
HeapAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
FindResourceExW
MulDiv
CopyFileA
SetLastError
InterlockedExchange
GetCurrentThread
GetCurrentThreadId
GetVersionExA
LoadLibraryExW
VirtualProtect
SearchPathA
GetProfileIntA
GetTickCount
GetTempFileNameA
GetTempPathA
VerifyVersionInfoA
VerSetConditionMask
GetWindowsDirectoryA
lstrcpyA
GetCPInfo
GetOEMCP
GlobalFindAtomA
lstrcmpW
FreeResource
GetFileTime
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetCurrentDirectoryA
FindResourceA
GetSystemDirectoryW
DecodePointer
EncodePointer
InterlockedIncrement
FileTimeToSystemTime
GlobalGetAtomNameA
SetErrorMode
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCurrentProcessId
GlobalAddAtomA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
ResumeThread
SetThreadPriority
WaitForSingleObject
GetVolumeInformationA
LoadLibraryW
lstrcmpiA
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetVersion
GetCurrentProcess
DuplicateHandle
OutputDebugStringA
WriteFile
UnlockFile
GlobalDeleteAtom
SetFilePointer
SetEndOfFile
LockFile
GetFullPathNameA
GetFileAttributesW
FlushFileBuffers
FindFirstFileA
FindClose
DeleteFileA
InterlockedDecrement
CompareStringA
lstrcmpA

user32

CharUpperBuffA
FrameRect
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
CreateMenu
MapDialogRect
DestroyCursor
GetWindowRgn
DrawIcon
LoadMenuW
TrackMouseEvent
GetKeyNameTextA
ReuseDDElParam
UnpackDDElParam
InsertMenuItemA
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
BringWindowToTop
MonitorFromPoint
UpdateLayeredWindow
IsMenu
UnionRect
SetWindowRgn
DrawFrameControl
DrawEdge
LoadImageW
DrawStateA
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
SetLayeredWindowAttributes
MapVirtualKeyA
GetMenuDefaultItem
CreatePopupMenu
NotifyWinEvent
LoadCursorW
InvertRect
HideCaret
EnableScrollBar
GetAsyncKeyState
MessageBeep
GetIconInfo
DrawIconEx
LoadImageA
IsRectEmpty
OffsetRect
SetRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
IntersectRect
InflateRect
GetMenuItemInfoA
DestroyMenu
DestroyIcon
IsIconic
IsDialogMessageA
SendDlgItemMessageA
CheckDlgButton
MoveWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
RegisterClipboardFormatA
GetTopWindow
GetClassLongA
SetWindowLongA
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
GetClassInfoExA
GetClassInfoA
CallWindowProcA
GetMessageTime
GetMessagePos
FillRect
ScreenToClient
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
InvalidateRect
UpdateWindow
RealChildWindowFromPoint
GetWindow
GetDesktopWindow
PtInRect
ClientToScreen
GetDlgCtrlID
DeleteMenu
SystemParametersInfoA
CopyImage
GetClientRect
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetWindowTextLengthA
UnregisterClassA
GetLastActivePopup
GetWindowThreadProcessId
GetWindowLongA
MessageBoxA
IsWindowEnabled
EnableWindow
SetCursor
ShowOwnedPopups
CallNextHookEx
SetWindowsHookExA
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
IsWindowVisible
PeekMessageA
DispatchMessageA
TranslateMessage
GetMessageA
LoadBitmapW
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
SendMessageA
GetSystemMetrics
ModifyMenuA
SetMenuDefaultItem
CopyIcon
GetDoubleClickTime
SetClassLongA
LockWindowUpdate
SetParent
SetRect
SetCursorPos
CopyAcceleratorTableA
DestroyAcceleratorTable
CreateAcceleratorTableA
LoadAcceleratorsW
ToAsciiEx
GetKeyboardState
MapVirtualKeyExA
IsCharLowerA
GetComboBoxInfo
WaitMessage
PostThreadMessageA
GetSystemMenu
LoadIconW
IsZoomed
CharUpperA
UnhookWindowsHookEx
PostMessageA
RemoveMenu
AppendMenuA
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringA
SetWindowPos
SetWindowTextA
GetWindowTextA
GetWindowRect
GetParent
ShowWindow
CreateWindowExA
RegisterClassA
LoadIconA
LoadCursorA
DefWindowProcA
PostQuitMessage
IsWindow
EnumWindows
FindWindowExA
GetClassNameA
SendMessageTimeoutA
RegisterWindowMessageA
KillTimer
SetTimer
wsprintfA
GetKeyboardLayout

gdi32

GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
GetObjectA
MoveToEx
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectA
GetTextExtentPoint32A
CombineRgn
CreateRectRgnIndirect
ExcludeClipRect
PatBlt
SetRectRgn
DPtoLP
GetTextMetricsA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
Rectangle
EnumFontFamiliesExA
GetRgnBox
OffsetRgn
CreateRoundRectRgn
RoundRect
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
GetTextFaceA
Escape
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
BitBlt
DeleteObject
CreateBitmap
GetDeviceCaps
CreateDCA
GetStockObject
CopyMetaFileA

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegEnumKeyExA
RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetFileInfoA
ShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHAppBarMessage
SHBrowseForFolderA
SHGetSpecialFolderPathA
DragFinish
DragQueryFileA
SHGetDesktopFolder

shlwapi

PathIsUNCA
PathStripToRootA
PathFindFileNameA
PathRemoveFileSpecW
PathFindExtensionA
StrFormatKBSizeA

uxtheme

GetThemePartSize
GetWindowTheme
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData
DrawThemeParentBackground
DrawThemeText

ole32

OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
DoDragDrop
CreateStreamOnHGlobal
CoInitializeEx
CoCreateGuid
IsAccelerator
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitialize
RevokeDragDrop
CoUninitialize
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard

oleaut32

SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VarBstrFromDate
VariantChangeType
SysAllocString
SysFreeString
SysAllocStringLen
VariantClear
VariantInit

oleacc

LresultFromObject
AccessibleObjectFromWindow
ObjectFromLresult
CreateStdAccessibleObject

gdiplus

GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipDrawImageI
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipGetImagePalette
GdipDrawImageRectI

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundA

Exports

Exports

AdStart
AdStop

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7dea2fe067785d534b74b50a0272ac30

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

05:d7:f2:d3:05:a2:78:ee:e7:1e:58:40:3e:06:21:f3Certificate

Extended Key Usages

Key Usages

b6:c7:d5:d6:35:13:eb:70:36:fd:8d:23:0c:41:0b:30:06:3b:b9:22Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

wininet

netapi32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

oleacc

gdiplus

imm32

winmm

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 311KB - Virtual size: 311KB

.data Size: 25KB - Virtual size: 58KB

.rsrc Size: 74KB - Virtual size: 73KB

.reloc Size: 385KB - Virtual size: 385KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

05:d7:f2:d3:05:a2:78:ee:e7:1e:58:40:3e:06:21:f3
Certificate

b6:c7:d5:d6:35:13:eb:70:36:fd:8d:23:0c:41:0b:30:06:3b:b9:22
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 311KB - Virtual size: 311KB

.data
Size: 25KB - Virtual size: 58KB

.rsrc
Size: 74KB - Virtual size: 73KB

.reloc
Size: 385KB - Virtual size: 385KB