601f015cf22fdf67ecf63d38a17da802_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

601f015cf22fdf67ecf63d38a17da802_JaffaCakes118
Size

578KB
MD5

601f015cf22fdf67ecf63d38a17da802
SHA1

9f4d0d918d5ca9fa922ba8630f6d57ac63de6e22
SHA256

ddd8a28275d2f0b4e076403f961c493556a993fca4f16ec47d89864ae5f4a8a0
SHA512

0364ba25d645f99c829345370c1f9acbf0de326eebb9d08033b5548beeb5907ee0a1bb506e876549303537ce194f6551797c5bae16fd9ade11d4ff920e873380
SSDEEP

6144:cVilEm3YUcrpODpmsZBlLSTR05xLA1r8gEyRmZBlh+jRiFr0VRwOkSQqpgWce/uc:LGZUcr0/g0qwV4RiFtagY

Score

1^/10

Malware Config

Signatures

Files

601f015cf22fdf67ecf63d38a17da802_JaffaCakes118
.exe windows:6 windows x64 arch:x64

abd50c58c8f8b213e692788a8698168d

Code Sign

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/08/2013, 20:26

Not After

15/08/2023, 20:36

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:b3:35:10:83:0d:6c:8a:28:4d:cb:00:02:00:00:b3:35
Certificate

Issuer

CN=Intel External Basic Issuing CA 3B,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Not Before

19/06/2014, 18:09

Not After

03/06/2017, 18:09

Subject

CN=Intel Corporation - pGFX,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:2c:ff:88:00:01:00:00:00:10
Certificate

Issuer

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Not Before

08/02/2013, 22:21

Not After

08/02/2018, 22:31

Subject

CN=Intel External Basic Issuing CA 3B,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:17:4a:a9:14:17:36:fe:15:a7:ca:9f:2c:ff:45:88
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

01/02/2013, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

22:14:81:17:aa:1f:ae:24:5b:fb:b9:b1:c4:b2:df:94:59:1e:4c:28
Signer

Actual PE Digest

22:14:81:17:aa:1f:ae:24:5b:fb:b9:b1:c4:b2:df:94:59:1e:4c:28

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\qb\workspace\9549\p4gen\gfx_Development\dump64\igfx\lh\release\IntelCpHDCPSvc\IntelCpHDCPSvc.pdb

Imports

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces

kernel32

CreateThread
WaitForMultipleObjects
ReadConsoleW
WriteConsoleW
CreateEventW
GetOEMCP
GetACP
IsValidCodePage
UnregisterWaitEx
QueryDepthSList
WaitForSingleObject
MultiByteToWideChar
FindResourceW
lstrcmpiW
LocalFree
SizeofResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetCurrentThread
GetCurrentProcess
Sleep
SetEvent
CloseHandle
GetCommandLineW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
ExpandEnvironmentStringsW
GetCurrentThreadId
GetCurrentProcessId
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
DecodePointer
LoadLibraryW
CreateFileW
SetEndOfFile
SetStdHandle
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
DuplicateHandle
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
FreeEnvironmentStringsW
HeapReAlloc
SetFilePointerEx
ReadFile
GetFileType
GetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetProcessHeap
HeapSize
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
IsDebuggerPresent
OutputDebugStringW
WideCharToMultiByte
GetStringTypeW
GetSystemTimeAsFileTime
EncodePointer
HeapFree
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetCPInfo
IsProcessorFeaturePresent
HeapAlloc
CreateTimerQueue
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
TerminateProcess
GetStartupInfoW
GetTickCount
CreateSemaphoreW
GetEnvironmentStringsW

user32

LoadStringW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
CharUpperW
CharNextW
MessageBoxW
EnumDisplayDevicesW

advapi32

StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfigW
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
MakeAbsoluteSD
IsValidSid
InitializeSecurityDescriptor
GetTokenInformation
GetSecurityDescriptorLength
GetLengthSid
CopySid
OpenThreadToken
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW

ole32

CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoRegisterClassObject
CoRevokeClassObject
CoResumeClassObjects
CoAddRefServerProcess
CoReleaseServerProcess
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

LoadRegTypeLi
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
SysAllocString
VariantClear
VariantInit
SafeArrayGetVartype
SafeArrayCopy
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayRedim
SafeArrayDestroy
SafeArrayCreate

Sections

.text
Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abd50c58c8f8b213e692788a8698168d

Code Sign

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35Certificate

Extended Key Usages

Key Usages

33:00:00:b3:35:10:83:0d:6c:8a:28:4d:cb:00:02:00:00:b3:35Certificate

Extended Key Usages

Key Usages

61:2c:ff:88:00:01:00:00:00:10Certificate

Key Usages

79:17:4a:a9:14:17:36:fe:15:a7:ca:9f:2c:ff:45:88Certificate

Extended Key Usages

Key Usages

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6Certificate

Extended Key Usages

Key Usages

22:14:81:17:aa:1f:ae:24:5b:fb:b9:b1:c4:b2:df:94:59:1e:4c:28Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 384KB - Virtual size: 384KB

.rdata Size: 138KB - Virtual size: 137KB

.data Size: 16KB - Virtual size: 28KB

.pdata Size: 21KB - Virtual size: 20KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 4KB

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

33:00:00:b3:35:10:83:0d:6c:8a:28:4d:cb:00:02:00:00:b3:35
Certificate

61:2c:ff:88:00:01:00:00:00:10
Certificate

79:17:4a:a9:14:17:36:fe:15:a7:ca:9f:2c:ff:45:88
Certificate

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

22:14:81:17:aa:1f:ae:24:5b:fb:b9:b1:c4:b2:df:94:59:1e:4c:28
Signer

.text
Size: 384KB - Virtual size: 384KB

.rdata
Size: 138KB - Virtual size: 137KB

.data
Size: 16KB - Virtual size: 28KB

.pdata
Size: 21KB - Virtual size: 20KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 4KB