4d419a8343f7880d9632ec33de02c0f6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4d419a8343f7880d9632ec33de02c0f6_JaffaCakes118
Size

1.9MB
MD5

4d419a8343f7880d9632ec33de02c0f6
SHA1

072b8db9b82d8d0069ccf4002944fcb6acda8a15
SHA256

3127b1daea49474709fba860e48d46592a83c6ff5a984a237c898fbb4e6e09cd
SHA512

35373adb3c1216a4b81960423d5a9f50ee4b66cf7244d6604d9ea99ffc2aa1acc425c5bb71f031b578fa2fe6e4b75d2e3cdc59b0e16af4f4a0a75228bbbe842a
SSDEEP

49152:XKBGilF2eA7Ky7VoNU9f2AtaCAi/65DC2qZqNtwCc:XEfA7KsoNU9f2TCP/EDGZq/+

Score

1^/10

Malware Config

Signatures

Files

4d419a8343f7880d9632ec33de02c0f6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

53d61e4e9fa3859b90f66db4b922fbf3

Code Sign

4e:bb:dd:1f:16:15:2c:56:bc:c1:f8:a1:2c:d7:8c:ad
Certificate

Issuer

CN=greenfish CA

Not Before

13-01-2018 13:49

Not After

31-12-2039 23:59

Subject

CN=greenfish CA

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

80:99:d6:e7:39:28:59:0f:93:c4:d1:0c:24:ef:19:c2:59:52:c2:8f
Signer

Actual PE Digest

80:99:d6:e7:39:28:59:0f:93:c4:d1:0c:24:ef:19:c2:59:52:c2:8f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

ioctlsocket
WSAStartup
connect
getpeername
select
htons
recv
setsockopt
send
socket
closesocket
getsockname

kernel32

GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
LCMapStringA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTimeZoneInformation
GetDriveTypeA
InitializeCriticalSectionAndSpinCount
CompareStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetACP
GetFileType
SetStdHandle
HeapSize
VirtualQuery
VirtualAlloc
RaiseException
ExitProcess
HeapReAlloc
RtlUnwind
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
CreateDirectoryA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateThread
ExitThread
FindResourceExA
VirtualProtect
GetProfileIntA
SearchPathA
GetTempPathA
GetTempFileNameA
GetTickCount
GetFileTime
GetFileSizeEx
SetErrorMode
GetOEMCP
GetCPInfo
GetModuleHandleW
CreateFileA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetCurrentDirectoryA
GetStringTypeA
GlobalFlags
DeleteCriticalSection
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
CopyFileA
GlobalSize
FormatMessageA
lstrlenW
MulDiv
ResumeThread
SetThreadPriority
GlobalFree
GlobalAddAtomA
GetCurrentProcessId
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
CompareStringA
InterlockedExchange
lstrcmpA
FreeLibrary
MultiByteToWideChar
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcpyA
WriteProcessMemory
GetSystemTime
Module32Next
GetModuleHandleA
GetSystemInfo
VirtualAllocEx
GetProcAddress
Module32First
TerminateProcess
VirtualFreeEx
OpenProcess
GetWindowsDirectoryA
CreateRemoteThread
WaitForSingleObject
FreeResource
DeleteFileA
FindNextVolumeA
LocalFree
CloseHandle
GetVersionExA
FindFirstVolumeA
CreateToolhelp32Snapshot
FindNextFileA
GetModuleFileNameA
GetVolumePathNamesForVolumeNameA
LockResource
Process32Next
FindClose
SetFileAttributesA
RemoveDirectoryA
lstrcmpiA
GetLastError
FindFirstFileA
GlobalUnlock
CreateProcessA
GetExitCodeProcess
GetFileAttributesA
SizeofResource
Sleep
WideCharToMultiByte
GlobalAlloc
GlobalLock
Process32First
QueryDosDeviceA
GetCurrentProcess
DeleteVolumeMountPointA
LoadResource
FindVolumeClose
FindResourceA
GetStdHandle
SetHandleCount
LCMapStringW
GetEnvironmentStringsW

user32

IsClipboardFormatAvailable
MapVirtualKeyExA
GetKeyNameTextA
IsCharLowerA
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
UnionRect
SetCursorPos
DrawIconEx
DrawFocusRect
DrawFrameControl
DrawEdge
UnpackDDElParam
ReuseDDElParam
InsertMenuItemA
TranslateAcceleratorA
UnregisterClassA
EmptyClipboard
CloseClipboard
LoadImageA
CopyImage
OpenClipboard
DrawStateA
RegisterClipboardFormatA
EnumChildWindows
LockWindowUpdate
BringWindowToTop
IsMenu
SetClassLongA
SetParent
CreatePopupMenu
NotifyWinEvent
SetWindowRgn
CreateAcceleratorTableA
LoadAcceleratorsA
DestroyAcceleratorTable
GetAsyncKeyState
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyA
ToAsciiEx
PostThreadMessageA
LoadMenuA
SetRectEmpty
GetNextDlgGroupItem
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharUpperA
DestroyIcon
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
DeleteMenu
LoadCursorA
GetSysColorBrush
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
CheckDlgButton
RegisterWindowMessageA
SendDlgItemMessageA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
PtInRect
GetMenu
SetWindowLongA
IntersectRect
GetWindowPlacement
GetWindowRect
DestroyMenu
GetMenuItemInfoA
InflateRect
CopyRect
UnhookWindowsHookEx
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
WinHelpA
SystemParametersInfoA
OffsetRect
MessageBeep
RedrawWindow
IsZoomed
GetMenuStringA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MapDialogRect
SetWindowPos
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
SetCursor
DefFrameProcA
DefMDIChildProcA
DrawMenuBar
DestroyCursor
GetWindowRgn
CreateMenu
GetDoubleClickTime
GetIconInfo
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetSystemMenu
IsIconic
SubtractRect
CopyIcon
CharUpperBuffA
GetUpdateRect
FrameRect
ScrollWindow
TranslateMDISysAccel
LoadIconA
DrawIcon
GetClientRect
SendMessageA
AppendMenuA
GetSystemMetrics
EnableWindow
GetMessageA
SetTimer
KillTimer
GetParent
WaitForInputIdle
wsprintfA
TranslateMessage
MessageBoxA
PostMessageA
DispatchMessageA
GetWindowThreadProcessId
GetWindow
SetFocus
SetClipboardData

gdi32

GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetTextMetricsA
OffsetRgn
CreateDIBitmap
CreateCompatibleBitmap
EnumFontFamiliesA
GetTextCharsetInfo
CreateRoundRectRgn
SetDIBColorTable
PatBlt
GetDIBits
SelectObject
RealizePalette
CombineRgn
StretchBlt
SetPixel
CreateDIBSection
SetRectRgn
DPtoLP
CreateEllipticRgn
CreatePolygonRgn
Polyline
Ellipse
Polygon
Rectangle
RoundRect
GetDCOrgEx
GetPaletteEntries
GetWindowOrgEx
CreateFontIndirectA
FillRgn
FrameRgn
GetBoundsRect
GetViewportOrgEx
LPtoDP
ExtFloodFill
SetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExA
GetTextFaceA
SetPixelV
Escape
ExtTextOutA
TextOutA
CreatePalette
GetTextExtentPoint32A
RectVisible
PtVisible
GetPixel
BitBlt
CreateHatchBrush
CreateSolidBrush
CreatePen
GetObjectType
SelectPalette
GetStockObject
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CopyMetaFileA
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetDeviceCaps
PtInRegion
CreateBitmap
GetWindowExtEx
GetViewportExtEx
GetObjectA
CreateRectRgn
SelectClipRgn
DeleteObject
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetViewportOrgEx

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

CryptHashData
SetEntriesInAclA
SetNamedSecurityInfoA
RegSetValueExA
RegQueryValueExA
LookupPrivilegeValueA
RegCreateKeyExA
RegOpenKeyExA
AllocateAndInitializeSid
FreeSid
RegEnumKeyExA
RegDeleteValueA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
OpenProcessToken
CryptDestroyHash
CryptDecrypt
CheckTokenMembership
CryptCreateHash
CryptEncrypt
CryptAcquireContextA
CryptReleaseContext
GetTokenInformation
CryptDeriveKey
RegCloseKey
AdjustTokenPrivileges

shell32

SHBrowseForFolderA
ShellExecuteExA
SHGetFileInfoA
SHAppBarMessage
DragQueryFileA
DragFinish
ShellExecuteA
SHGetPathFromIDListA

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathRemoveFileSpecW

ole32

CoCreateInstance
IsAccelerator
CoTaskMemAlloc
ReleaseStgMedium
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleGetClipboard
DoDragDrop
OleLockRunning
CoInitializeEx
CoUninitialize
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CoTaskMemFree
OleDuplicateData
CreateStreamOnHGlobal

oleaut32

VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen

urlmon

URLDownloadToFileA

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCloneImage

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53d61e4e9fa3859b90f66db4b922fbf3

Code Sign

4e:bb:dd:1f:16:15:2c:56:bc:c1:f8:a1:2c:d7:8c:adCertificate

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

80:99:d6:e7:39:28:59:0f:93:c4:d1:0c:24:ef:19:c2:59:52:c2:8fSigner

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

urlmon

gdiplus

imm32

winmm

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 257KB - Virtual size: 257KB

.data Size: 22KB - Virtual size: 51KB

.rsrc Size: 349KB - Virtual size: 349KB

.reloc Size: 142KB - Virtual size: 142KB

4e:bb:dd:1f:16:15:2c:56:bc:c1:f8:a1:2c:d7:8c:ad
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

80:99:d6:e7:39:28:59:0f:93:c4:d1:0c:24:ef:19:c2:59:52:c2:8f
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 257KB - Virtual size: 257KB

.data
Size: 22KB - Virtual size: 51KB

.rsrc
Size: 349KB - Virtual size: 349KB

.reloc
Size: 142KB - Virtual size: 142KB