4a5cb0b29ea191aa118d4a0591df6a16_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4a5cb0b29ea191aa118d4a0591df6a16_JaffaCakes118
Size

1.9MB
MD5

4a5cb0b29ea191aa118d4a0591df6a16
SHA1

bc6ce6a8c26b5feada156d7f4b1c549ddbd3de98
SHA256

2df48316f86db3994b3e23319a456a5e519da47062e46d6a94f559466723ece0
SHA512

c791018a1df01a9dde991a0999eb141a4cb48e6ed6148ab59792d8c0520d6db7dbcd4a66bbb2ce008be343a899895e8b0abceeae6077a3eb9e88a32d5b54b03f
SSDEEP

24576:rZsonQHxM3RxxQ4SMix6y6YqEe7RoNHphhIXro5EjV7r7A6Rf+ADStVIlu6+q5wj:+p6y6bUphmrL7o655DSoIq5B86TWL31

Score

1^/10

Malware Config

Signatures

Files

4a5cb0b29ea191aa118d4a0591df6a16_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d9cdead5407531b98ec5c0343e9c2535

Code Sign

0f:4d:18:81:92:31:8d:28:51:0f:c8:86:cb:b8:55:e6
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/03/2014, 00:00

Not After

08/04/2015, 12:00

Subject

CN=InstallX\, LLC,O=InstallX\, LLC,L=Sartell,ST=Minnesota,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f9:da:08:84:6c:4b:6e:94:f1:16:df:86:0e:3c:f8:0d:b4:7f:ef:db
Signer

Actual PE Digest

f9:da:08:84:6c:4b:6e:94:f1:16:df:86:0e:3c:f8:0d:b4:7f:ef:db

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\winapps\Windows\MAIN\Installer.QuickStart.Application\ReleaseNoMFC\quickstart.pdb

Imports

kernel32

AreFileApisANSI
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
GetStdHandle
WriteFile
GetModuleFileNameW
SetLastError
InterlockedIncrement
GetCurrentThread
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
FreeLibrary
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
OutputDebugStringW
LoadLibraryW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetProcAddress
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
WriteConsoleW
FlushFileBuffers
EnterCriticalSection
CreateToolhelp32Snapshot
OpenProcess
CreateProcessA
VirtualQuery
GetModuleHandleExW
ExitProcess
GetLongPathNameA
GetFullPathNameA
GetCurrentDirectoryA
RaiseException
GetTempPathA
CloseHandle
MultiByteToWideChar
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
WaitForSingleObject
CreateMutexA
WideCharToMultiByte
RtlCaptureStackBackTrace
ReleaseMutex
Sleep
GetTickCount
GetCurrentThreadId
SetUnhandledExceptionFilter
GetLastError
Process32First
Process32Next
GetExitCodeProcess
Module32First
Module32Next
InitializeCriticalSectionAndSpinCount
FindResourceExW
FindResourceW
InterlockedDecrement
GetCommandLineA
DecodePointer
EncodePointer
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
MoveFileA
SetEnvironmentVariableA
ReadConsoleW
ExitThread
CreateThread
DeleteFileW
GetFileAttributesExW
GetDiskFreeSpaceA
CreateFileMappingA
GetDiskFreeSpaceW
LockFileEx
GetTempPathW
GetFileAttributesW
FormatMessageW
InitializeCriticalSection
UnlockFileEx
LockFile
UnlockFile
InterlockedCompareExchange
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
GetFullPathNameW
GetTimeZoneInformation
GetPrivateProfileSectionNamesA
GetPrivateProfileIntA
GetPrivateProfileStringA
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventA
WritePrivateProfileStringA
SetFilePointer
ReadFile
GetFileSize
CreateFileA
ExpandEnvironmentStringsA
GetSystemDirectoryA
GetWindowsDirectoryA
GetFileAttributesA
GetSystemInfo
LoadResource
LockResource
SizeofResource
CreateFileW
FormatMessageA
GetModuleHandleA
LocalAlloc
lstrlenA
LocalFree
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
LoadLibraryA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
LoadLibraryExA
FindResourceExA
GetUserDefaultUILanguage
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
GetSystemTime
GetTempFileNameA
DeleteFileA
RemoveDirectoryA
SetFileAttributesA
CopyFileA
GetVersionExA

user32

UpdateWindow
DestroyWindow
IsWindow
SetWindowTextA
SetForegroundWindow
EnableWindow
GetWindowTextA
AnimateWindow
SetWindowLongA
GetWindowLongA
PostMessageA
SendMessageA
ScreenToClient
ClientToScreen
SetWindowPos
SetTimer
KillTimer
ShowWindow
GetParent
SetParent
GetWindowRect
GetClientRect
MessageBoxExA
MessageBoxA
LoadStringA
GetWindowTextLengthA
IsWindowEnabled
GetWindowThreadProcessId
FindWindowExA
GetClassNameA
EnumChildWindows
GetSystemMetrics
GetShellWindow
FindWindowA
GetDesktopWindow
SetCursor
LoadCursorA
CreateWindowExA
GetClassInfoExA
RegisterClassExA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
CallWindowProcA
DefWindowProcA
LoadBitmapA
LoadImageA
DialogBoxParamA
CreateDialogParamA
EndDialog
GetDlgItem
CreatePopupMenu
DestroyMenu
MoveWindow
TrackPopupMenu
ReleaseCapture
GetKeyboardState
SendMessageW
CopyRect
InflateRect
FrameRect
BeginPaint
EndPaint
InvalidateRect
InvalidateRgn
IsWindowVisible
SetFocus
EnumWindows
AppendMenuA
WaitForInputIdle
SetDlgItemTextA
GetCursorPos
OffsetRect
SystemParametersInfoA
AdjustWindowRectEx
GetSystemMenu
EnableMenuItem
SetClassLongA
LoadIconA
PostQuitMessage
IsIconic
GetFocus
LoadAcceleratorsA

oleaut32

SysAllocStringLen
SysStringLen
VariantInit
VariantClear
VariantChangeType
SysAllocString
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SysFreeString

shlwapi

PathCombineA
PathFindExtensionA
PathRenameExtensionA
PathStripPathA
PathRemoveFileSpecA
PathIsDirectoryEmptyA
SHCopyKeyA
SHDeleteEmptyKeyA
UrlEscapeA

comctl32

ImageList_Create
ImageList_Add
ImageList_LoadImageA
InitCommonControlsEx
ImageList_Destroy

shell32

ShellExecuteExA
Shell_NotifyIconA
SHGetSpecialFolderPathA

ole32

CoInitialize
StringFromGUID2
CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc
OleUninitialize
CoInitializeSecurity
CoCreateInstance
OleInitialize

psapi

GetModuleFileNameExA
EnumProcesses

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

userenv

ExpandEnvironmentStringsForUserA

wininet

InternetReadFileExA
HttpQueryInfoA
InternetErrorDlg
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetCombineUrlA
InternetGetCookieA
InternetSetCookieA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetCloseHandle
InternetOpenA
InternetSetStatusCallback
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetSetOptionA

gdiplus

GdipSetCompositingMode
GdipCreateFromHDC
GdipDeleteGraphics

urlmon

IsValidURL

gdi32

CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
BitBlt
DeleteDC
GetStockObject
PatBlt
SetWindowOrgEx
GetObjectA
DeleteObject

advapi32

RegEnumKeyExA
AdjustTokenPrivileges
GetLengthSid
ImpersonateLoggedOnUser
RevertToSelf
OpenProcessToken
GetTokenInformation
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegOpenCurrentUser
RegOpenUserClassesRoot
RegCloseKey
DuplicateTokenEx
LookupPrivilegeValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
SetTokenInformation

crypt32

CryptUnprotectData

Sections

.text
Size: 499KB - Virtual size: 498KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-qu
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-ti
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 512B - Virtual size: 59B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 263KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-qu
Size: 512B - Virtual size: 41B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 41B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-ti
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 549KB - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9cdead5407531b98ec5c0343e9c2535

Code Sign

0f:4d:18:81:92:31:8d:28:51:0f:c8:86:cb:b8:55:e6Certificate

Extended Key Usages

Key Usages

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1Certificate

Extended Key Usages

Key Usages

f9:da:08:84:6c:4b:6e:94:f1:16:df:86:0e:3c:f8:0d:b4:7f:ef:dbSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

oleaut32

shlwapi

comctl32

shell32

ole32

psapi

version

userenv

wininet

gdiplus

urlmon

gdi32

advapi32

crypt32

Sections

.text Size: 499KB - Virtual size: 498KB

.text-qu Size: 4KB - Virtual size: 3KB

.text-co Size: 84KB - Virtual size: 84KB

.text-co Size: 74KB - Virtual size: 73KB

.text-co Size: 47KB - Virtual size: 47KB

.text-co Size: 14KB - Virtual size: 13KB

.text-co Size: 28KB - Virtual size: 27KB

.text-co Size: 10KB - Virtual size: 10KB

.text-co Size: 257KB - Virtual size: 257KB

.text-ti Size: 42KB - Virtual size: 42KB

.text-co Size: 16KB - Virtual size: 15KB

.text-co Size: 512B - Virtual size: 59B

.text-co Size: 12KB - Virtual size: 12KB

.rdata Size: 263KB - Virtual size: 262KB

.data Size: 17KB - Virtual size: 26KB

.data-qu Size: 512B - Virtual size: 41B

.data-co Size: 512B - Virtual size: 188B

.data-co Size: 512B - Virtual size: 56B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 44B

.data-co Size: 512B - Virtual size: 41B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 3KB - Virtual size: 2KB

.data-ti Size: 1KB - Virtual size: 1KB

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 4B

.data-co Size: 512B - Virtual size: 40B

.rsrc Size: 549KB - Virtual size: 548KB

0f:4d:18:81:92:31:8d:28:51:0f:c8:86:cb:b8:55:e6
Certificate

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1
Certificate

f9:da:08:84:6c:4b:6e:94:f1:16:df:86:0e:3c:f8:0d:b4:7f:ef:db
Signer

.text
Size: 499KB - Virtual size: 498KB

.text-qu
Size: 4KB - Virtual size: 3KB

.text-co
Size: 84KB - Virtual size: 84KB

.text-co
Size: 74KB - Virtual size: 73KB

.text-co
Size: 47KB - Virtual size: 47KB

.text-co
Size: 14KB - Virtual size: 13KB

.text-co
Size: 28KB - Virtual size: 27KB

.text-co
Size: 10KB - Virtual size: 10KB

.text-co
Size: 257KB - Virtual size: 257KB

.text-ti
Size: 42KB - Virtual size: 42KB

.text-co
Size: 16KB - Virtual size: 15KB

.text-co
Size: 512B - Virtual size: 59B

.text-co
Size: 12KB - Virtual size: 12KB

.rdata
Size: 263KB - Virtual size: 262KB

.data
Size: 17KB - Virtual size: 26KB

.data-qu
Size: 512B - Virtual size: 41B

.data-co
Size: 512B - Virtual size: 188B

.data-co
Size: 512B - Virtual size: 56B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 44B

.data-co
Size: 512B - Virtual size: 41B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 3KB - Virtual size: 2KB

.data-ti
Size: 1KB - Virtual size: 1KB

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 4B

.data-co
Size: 512B - Virtual size: 40B

.rsrc
Size: 549KB - Virtual size: 548KB