5f24d340f6098130b1f387f9d423c947_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5f24d340f6098130b1f387f9d423c947_JaffaCakes118
Size

638KB
MD5

5f24d340f6098130b1f387f9d423c947
SHA1

64e8d4ab6a15cc27428cf7936a1cb110c52845cf
SHA256

a3464cd6b22757df015560949352d2087c568fee89348696e587040e855c7113
SHA512

17c15ebfc256699a5ebc892ad7001af0e4abd5caf93c45094818ed5e870cdcece2eb24f2e8eb9886749b5ebc4e40826c3df2e56a7e9a50926908ca70a9384071
SSDEEP

12288:8UjRCZpH5qgfS7n3/jZ3i7Y7FXSusNetKWokK:5RhSwrA7oJBfnK

Score

1^/10

Malware Config

Signatures

Files

5f24d340f6098130b1f387f9d423c947_JaffaCakes118
.exe windows:4 windows x86 arch:x86

467f4e6017bcdf6c532e423d81c7e729

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

39:65:92:a7:59:30:9a:28:f5:d9:83:a5:a3:76:da:47
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/01/2013, 00:00

Not After

04/01/2015, 23:59

Subject

CN=Slimware Utilities\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Slimware Utilities\, Inc.,L=Ocean Springs,ST=Mississippi,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

02:2e:d7:1d:cf:f7:e6:5b:91:0a:ce:39:ec:05:9f:c5:02:c8:2c:fc
Signer

Actual PE Digest

02:2e:d7:1d:cf:f7:e6:5b:91:0a:ce:39:ec:05:9f:c5:02:c8:2c:fc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Dev\LittleInstaller\bin\Release\LittleInstaller.pdb

Imports

kernel32

SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
ExitProcess
HeapReAlloc
RtlUnwind
RaiseException
ExitThread
CreateThread
SetStdHandle
GetFileType
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
VirtualAlloc
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
WriteFile
GetFileTime
GetFileSize
GetFileAttributesW
FindFirstFileW
FindClose
WritePrivateProfileStringW
ReleaseMutex
CreateMutexW
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
LoadLibraryExW
CompareStringA
InterlockedExchange
CreateEventW
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
lstrcmpA
GlobalAlloc
GetModuleHandleA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
FreeLibrary
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
CopyFileW
CreateDirectoryW
GetTickCount
InterlockedDecrement
InterlockedIncrement
MulDiv
GetProcAddress
LoadLibraryW
SetLastError
lstrlenA
CreateProcessW
MultiByteToWideChar
WideCharToMultiByte
GetThreadLocale
VerSetConditionMask
GetVersionExW
VerifyVersionInfoW
WaitForSingleObject
Sleep
FileTimeToLocalFileTime
FileTimeToSystemTime
GetUserDefaultLangID
LocalHandle
GetTempPathW
DeleteFileW
ReadFile
GetModuleHandleW
GetLastError
GetModuleFileNameW
SetFilePointer
FlushFileBuffers
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileW
GetTempFileNameW
lstrlenW
CloseHandle
ExpandEnvironmentStringsW
FormatMessageW
FindResourceW
LoadResource
LockResource
SizeofResource
QueryPerformanceCounter
LocalFree

user32

TranslateMessage
ValidateRect
DestroyMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
CheckMenuItem
ShowWindow
MoveWindow
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
CheckDlgButton
GetMenuState
EndPaint
BeginPaint
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
DefWindowProcW
CallWindowProcW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
InvalidateRect
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
ReleaseCapture
SetCapture
KillTimer
SetTimer
PtInRect
TrackMouseEvent
LoadCursorW
SetCursor
SetRectEmpty
GetSysColorBrush
SetWindowTextW
EnumChildWindows
GetWindowLongW
GetClassNameW
GetDlgCtrlID
IsWindowVisible
FillRect
GetClientRect
AdjustWindowRectEx
UnregisterClassW
CharUpperW
GetMessageW
CreateAcceleratorTableW
SetRect
MessageBeep
MapDialogRect
GetCursorPos
IsWindow
GetParent
DestroyAcceleratorTable
OffsetRect
TranslateAcceleratorW
GetWindowRect
SetWindowLongW
EnableMenuItem
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
IsRectEmpty
CopyRect
GetSysColor
PostQuitMessage
RedrawWindow
MessageBoxW
GetWindowThreadProcessId
PostThreadMessageW
PostMessageW
AppendMenuW
LoadIconW
GetSystemMenu
GetWindow
CloseWindow
SendMessageW
EnableWindow
GetKeyState
UnregisterClassA

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
CreateBitmap
GetStockObject
OffsetViewportOrgEx
SelectObject
DPtoLP
SetViewportOrgEx
SetMapMode
MoveToEx
LineTo
GetObjectW
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
SelectClipRgn
GetTextExtentExPointW
CreateCompatibleBitmap
BitBlt
SetBrushOrgEx
CreateCompatibleDC
CreatePatternBrush
GetDeviceCaps
GetTextMetricsW
Rectangle
CreatePen
CreateSolidBrush
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
DeleteObject
CreateDIBSection
CreateFontIndirectW

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegDeleteKeyW
RegQueryValueW
RegEnumKeyW
RegCloseKey
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW

shell32

SHGetFolderPathW
ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

UrlEscapeA
UrlUnescapeW
PathAppendW
PathFileExistsW
PathFindFileNameW
PathFindExtensionW
PathStripToRootW
PathIsUNCW

ole32

CoInitializeEx
CoUninitialize

oleaut32

VariantClear
VariantChangeType
VariantInit

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

riched20

ord4

gdiplus

GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipDeleteGraphics
GdipCreateFromHDC
GdipFree
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipDrawImageRectI

msi

ord160
ord113
ord159
ord32
ord92
ord8
ord88
ord137
ord118
ord141

ws2_32

WSAStartup

wininet

InternetConnectW
HttpSendRequestW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
HttpQueryInfoW
InternetOpenUrlW
HttpOpenRequestW
InternetReadFile
InternetQueryDataAvailable
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetCrackUrlW

Sections

.text
Size: 276KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

467f4e6017bcdf6c532e423d81c7e729

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

39:65:92:a7:59:30:9a:28:f5:d9:83:a5:a3:76:da:47Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

02:2e:d7:1d:cf:f7:e6:5b:91:0a:ce:39:ec:05:9f:c5:02:c8:2c:fcSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

version

riched20

gdiplus

msi

ws2_32

wininet

Sections

.text Size: 276KB - Virtual size: 272KB

.rdata Size: 72KB - Virtual size: 69KB

.data Size: 16KB - Virtual size: 29KB

.rsrc Size: 264KB - Virtual size: 262KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

39:65:92:a7:59:30:9a:28:f5:d9:83:a5:a3:76:da:47
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

02:2e:d7:1d:cf:f7:e6:5b:91:0a:ce:39:ec:05:9f:c5:02:c8:2c:fc
Signer

.text
Size: 276KB - Virtual size: 272KB

.rdata
Size: 72KB - Virtual size: 69KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 264KB - Virtual size: 262KB