4dab1c3b36dc3522c4872627237ff497_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4dab1c3b36dc3522c4872627237ff497_JaffaCakes118
Size

64KB
MD5

4dab1c3b36dc3522c4872627237ff497
SHA1

ea5f6702dcdb94541994a6359db7d07eeb1aaf8a
SHA256

124546c1c6174a72e60df53b03d61ed97be38e723714369833804e77899b6c93
SHA512

c23d34fa41f3960c68f17878309309605ceddb54b528f5e8e38528ed6a7a94261b4ee68ac50a90b18db5e8c1283f6ca6986d5a319db1b782032908dda3df90dd
SSDEEP

1536:SAS/6efkr+CeCQ/GfFCvBlu7ZwdTzvJpusuz6/MOKgODlh6:SASSZA84v3u7ZwdXJAoSlE

Score

1^/10

Malware Config

Signatures

Files

4dab1c3b36dc3522c4872627237ff497_JaffaCakes118
.zip
UniversalTermsrvPatch_20090425/Readme.txt
UniversalTermsrvPatch_20090425/UniversalTermsrvPatch-x64.exe
.exe windows:5 windows x64 arch:x64

42ca3b62e2637f6eeb184ff39580baf2

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

Issuer

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

Not Before

18/01/2008, 16:00

Not After

31/12/2011, 16:00

Subject

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9e:63:17:c1:95:5b:f3:b5:f1:c0:0e:f1:8e:91:d3:7b:c0:78:65:f6
Signer

Actual PE Digest

9e:63:17:c1:95:5b:f3:b5:f1:c0:0e:f1:8e:91:d3:7b:c0:78:65:f6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

b:\universaltermsrvpatch\universaltermsrvpatch\x64\objfre_wnet_AMD64\amd64\UniversalTermsrvPatch-x64.pdb

Imports

mfc42u

ord3783
ord2903
ord2393
ord1441
ord1126
ord6660
ord5687
ord4721
ord5245
ord5406
ord6437
ord1777
ord5663
ord5702
ord4771
ord3761
ord337
ord4557
ord984
ord525
ord3177
ord6328
ord1499
ord4548
ord1287
ord1284
ord2846
ord626
ord6614
ord4214
ord5077
ord1647
ord1812
ord1771
ord6243
ord4014
ord4826
ord620
ord6886
ord1122
ord6147
ord6050
ord4436
ord6021
ord2900
ord665
ord624
ord1930
ord4599
ord4131
ord2517
ord852
ord1063
ord659
ord3916
ord4983
ord6053
ord5711
ord5730
ord1584
ord5065
ord4368
ord2752
ord5724
ord5722
ord3468
ord2412
ord5615
ord1388
ord4191
ord6071
ord2515
ord2559
ord4836
ord6813
ord4598
ord1035
ord4770
ord4988
ord4371
ord3164
ord4077
ord4083
ord4082
ord3046
ord3166
ord3052
ord3366
ord3231
ord4815
ord3362
ord3243
ord3049
ord5699
ord2140
ord2457
ord5683
ord1736
ord5484
ord3933
ord6814
ord2060
ord2670
ord4789
ord5229
ord4017
ord5712
ord4694
ord6812
ord5586
ord2399
ord4752
ord1778
ord4365
ord6440
ord1040
ord2427
ord3790
ord1463
ord6887
ord3830
ord4473
ord5039

msvcrt

_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_commode
_c_exit
exit
??1type_info@@UEAA@XZ
__dllonexit
_XcptFilter
__C_specific_handler
_wcsicmp
_cexit
__set_app_type
_exit
memset
__CxxFrameHandler
malloc
__argc
__wargv
wcsrchr
_wcslwr
wcsstr
_fmode
_onexit
?terminate@@YAXXZ
memcpy
free

advapi32

GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

kernel32

GlobalLock
GlobalUnlock
GlobalFree
GetVersion
GetWindowsDirectoryW
LoadLibraryW
FreeLibrary
GetPrivateProfileStringW
GetLocaleInfoW
lstrcmpiW
GetModuleFileNameW
GetVersionExW
GetModuleHandleW
GetProcAddress
GetSystemInfo
CopyFileW
lstrcpyW
lstrcmpW
lstrcatW
GetExitCodeProcess
GetLastError
GlobalAlloc
GetCurrentProcess
UnmapViewOfFile
IsBadReadPtr
MapViewOfFile
CreateFileW
WriteFile
SetFilePointer
Sleep
ReadFile
lstrcpynW
LockResource
LoadResource
FindResourceExW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStartupInfoW
DeleteFileW
MoveFileExW
GetTempFileNameW
WaitForSingleObject
CloseHandle
CreateMutexW
GetFileSize
CreateFileMappingW

gdi32

GetObjectW
GetStockObject
CreateFontIndirectW

user32

CharNextW
MessageBeep
LoadCursorW
SetCursor
InvalidateRect
ExitWindowsEx
GetClassNameW
GetSystemMetrics
LoadIconW
GetClientRect
IsIconic
GetSystemMenu
PostMessageW
SendMessageW
AppendMenuW
EnableWindow
MessageBoxW
DrawIcon
wsprintfW

shell32

DragQueryFileW
ShellExecuteExW
ShellExecuteW
DragFinish

shlwapi

PathFileExistsW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

imagehlp

CheckSumMappedFile
MapFileAndCheckSumW

comctl32

CreateStatusWindowW

wintrust

CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext

netapi32

NetUserGetInfo
NetApiBufferFree

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UniversalTermsrvPatch_20090425/UniversalTermsrvPatch-x86.exe
.exe windows:5 windows x86 arch:x86

c670f21a3754ee6a335632ae9781b734

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

Issuer

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

Not Before

18/01/2008, 16:00

Not After

31/12/2011, 16:00

Subject

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bf:c0:50:59:71:a9:dc:90:31:ea:bd:06:89:26:28:53:4c:e0:a6:96
Signer

Actual PE Digest

bf:c0:50:59:71:a9:dc:90:31:ea:bd:06:89:26:28:53:4c:e0:a6:96

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

b:\universaltermsrvpatch\universaltermsrvpatch\x86\objfre_wnet_x86\i386\UniversalTermsrvPatch-x86.pdb

Imports

mfc42u

ord815
ord641
ord2506
ord3948
ord2858
ord2371
ord1143
ord861
ord6237
ord5261
ord4370
ord4847
ord4992
ord6048
ord1767
ord5237
ord5276
ord4419
ord3592
ord324
ord4229
ord755
ord470
ord3087
ord5949
ord1197
ord4219
ord942
ord940
ord2810
ord540
ord561
ord4155
ord4704
ord1634
ord1808
ord1761
ord5871
ord3792
ord4470
ord535
ord823
ord858
ord5798
ord5706
ord4124
ord5679
ord2855
ord3397
ord3716
ord567
ord538
ord1921
ord4270
ord3871
ord1569
ord3733
ord4616
ord5710
ord5285
ord5303
ord4692
ord4074
ord2717
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord825
ord795
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord4401
ord1768
ord4073
ord6051
ord800
ord3614
ord2406
ord3621
ord1165
ord3658
ord6195
ord4667

msvcrt

__p__commode
__p__fmode
__set_app_type
_except_handler3
__wgetmainargs
_adjust_fdiv
_onexit
_wcmdln
exit
_cexit
__setusermatherr
__dllonexit
_initterm
wcslen
_XcptFilter
_exit
_wcsicmp
malloc
free
__argc
__wargv
??1type_info@@UAE@XZ
_controlfp
?terminate@@YAXXZ
wcsrchr
_wcslwr
wcsstr
__CxxFrameHandler
_c_exit

advapi32

GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

kernel32

DeleteFileW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetVersion
GetEnvironmentVariableW
GetLocaleInfoW
GetPrivateProfileStringW
lstrcmpiW
GetModuleFileNameW
GetVersionExW
GetModuleHandleW
GetProcAddress
GetSystemInfo
CopyFileW
lstrcpyW
lstrcmpW
GetWindowsDirectoryW
CreateMutexW
GetLastError
MoveFileExW
FreeLibrary
LoadLibraryW
UnmapViewOfFile
IsBadReadPtr
GetFileSize
CreateFileW
WriteFile
SetFilePointer
Sleep
ReadFile
lstrcpynW
LockResource
LoadResource
FindResourceExW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetTempFileNameW
CloseHandle
GetExitCodeProcess
GetCurrentProcess
WaitForSingleObject
lstrcatW
CreateFileMappingW
MapViewOfFile

gdi32

GetObjectW
GetStockObject
CreateFontIndirectW

user32

CharNextW
MessageBeep
LoadCursorW
SetCursor
InvalidateRect
ExitWindowsEx
GetClassNameW
wsprintfW
GetSystemMetrics
LoadIconW
GetClientRect
IsIconic
GetSystemMenu
PostMessageW
EnableWindow
MessageBoxW
DrawIcon
AppendMenuW
SendMessageW

shell32

DragQueryFileW
ShellExecuteExW
ShellExecuteW
DragFinish

shlwapi

PathFileExistsW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

imagehlp

CheckSumMappedFile
MapFileAndCheckSumW

comctl32

CreateStatusWindowW

wintrust

CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext

netapi32

NetUserGetInfo
NetApiBufferFree

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UniversalTermsrvPatch_20090425/vista.reg
UniversalTermsrvPatch_20090425/xp.reg

Sharing

General

Malware Config

Signatures

Files

42ca3b62e2637f6eeb184ff39580baf2

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4cCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

9e:63:17:c1:95:5b:f3:b5:f1:c0:0e:f1:8e:91:d3:7b:c0:78:65:f6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

advapi32

kernel32

gdi32

user32

shell32

shlwapi

version

imagehlp

comctl32

wintrust

netapi32

Sections

.text Size: 48KB - Virtual size: 48KB

.data Size: 1024B - Virtual size: 3KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 24KB - Virtual size: 23KB

c670f21a3754ee6a335632ae9781b734

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4cCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

bf:c0:50:59:71:a9:dc:90:31:ea:bd:06:89:26:28:53:4c:e0:a6:96Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

advapi32

kernel32

gdi32

user32

shell32

shlwapi

version

imagehlp

comctl32

wintrust

netapi32

Sections

.text Size: 34KB - Virtual size: 34KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 24KB - Virtual size: 23KB

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

9e:63:17:c1:95:5b:f3:b5:f1:c0:0e:f1:8e:91:d3:7b:c0:78:65:f6
Signer

.text
Size: 48KB - Virtual size: 48KB

.data
Size: 1024B - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 24KB - Virtual size: 23KB

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

bf:c0:50:59:71:a9:dc:90:31:ea:bd:06:89:26:28:53:4c:e0:a6:96
Signer

.text
Size: 34KB - Virtual size: 34KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 24KB - Virtual size: 23KB