65d27697e295e256cdd137bb1eea6554_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

65d27697e295e256cdd137bb1eea6554_JaffaCakes118
Size

369KB
MD5

65d27697e295e256cdd137bb1eea6554
SHA1

d5b4c6534d317953199027083ad1fac8838b7501
SHA256

c698526d47dd4937aa1ae15f13428587ea5a5053040abeaf0a5dda5f39567542
SHA512

96f393bbe6fc8901a12d8cd21fe4d47d42e40a83588ff19294a2e84b85ce1acf81aaf040477a90fccc4b587a8d8225466281154dd902f7e59676deb8feac201d
SSDEEP

6144:R7Cd4ktZcqUcV/CfeAyi9QDypSmvgLainMCa2crbwwmrlVrlJM1:R7CdVtZcqUM/CfeAyiKGOa2ycwOHrzC

Score

1^/10

Malware Config

Signatures

Files

65d27697e295e256cdd137bb1eea6554_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b81e2a30bb1b020077e9ccb536e7aa22

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

64:a0:b0:89:17:59:2b:05:84:1c:ed:a3:46:73:61:05
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13-03-2018 00:00

Not After

13-03-2021 23:59

Subject

CN=Smilebox\,Inc.,O=Smilebox\,Inc.,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:1f:53:4e:c0:d7:75:cc:7f:a1:80:21:d5:60:d5:38:23:8f:49:29
Signer

Actual PE Digest

05:1f:53:4e:c0:d7:75:cc:7f:a1:80:21:d5:60:d5:38:23:8f:49:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetGetConnectedState
InternetReadFile
InternetOpenUrlW
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetOpenW
HttpQueryInfoW
InternetCloseHandle
InternetCanonicalizeUrlW

gdiplus

GdipDeleteGraphics
GdipLoadImageFromFileICM
GdipDisposeImage
GdipSaveImageToFile
GdipFree
GdipAlloc
GdipGetImageBounds
GdipCreateBitmapFromScan0
GdiplusStartup
GdiplusShutdown
GdipGetImageThumbnail
GdipCloneImage
GdipDrawImageRectI
GdipSetSmoothingMode
GdipGetImageEncodersSize
GdipGetImageGraphicsContext
GdipGetImageEncoders

kernel32

GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
SetLastError
GetModuleHandleW
CreateDirectoryW
LocalFree
FormatMessageW
WideCharToMultiByte
CloseHandle
CreateMutexW
GetVersionExW
DeleteFileW
GlobalFree
GlobalHandle
ReadFile
CreateFileW
SleepEx
FindClose
FindNextFileW
FindFirstFileW
CancelIo
ReadDirectoryChangesW
GetOverlappedResult
lstrcmpiW
FreeLibrary
LoadLibraryExW
SetStdHandle
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetDateFormatA
GetTimeFormatA
LCMapStringW
LCMapStringA
IsValidCodePage
FindResourceExW
GetCPInfo
ExitProcess
TlsFree
TlsSetValue
MulDiv
TlsGetValue
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetTimeZoneInformation
GetStartupInfoW
GetSystemTimeAsFileTime
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
ReleaseMutex
GetTempFileNameW
GetFullPathNameW
GetFileTime
GetFileAttributesW
CreateProcessW
SetFilePointer
GetFileSize
SystemTimeToFileTime
CompareFileTime
WriteFile
FlushFileBuffers
Sleep
GetSystemTime
GetDateFormatW
GetTimeFormatW
GetTempPathW
lstrcmpW
GetCurrentProcess
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
RaiseException
SizeofResource
FlushInstructionCache
GetLastError
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
GlobalAlloc
GlobalLock
GlobalUnlock
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
FileTimeToSystemTime
TlsAlloc
GetTickCount
FindResourceW
LockResource
LoadResource
GetOEMCP

user32

GetClientRect
SystemParametersInfoW
GetWindowRect
GetParent
SetWindowTextW
SendMessageW
GetWindowLongW
EndDialog
MapWindowPoints
MonitorFromWindow
LoadAcceleratorsW
GetMessageW
TranslateMessage
DispatchMessageW
AnimateWindow
SetRect
SetWindowRgn
SetWindowPos
UnregisterClassA
GetDlgItem
BringWindowToTop
CreateDialogIndirectParamW
GetWindow
LoadImageW
DestroyWindow
SetWindowLongW
CreateWindowExW
SetTimer
KillTimer
IsChild
IsDialogMessageW
IsWindow
GetSystemMetrics
GetFocus
DefWindowProcW
GetWindowTextW
GetWindowTextLengthW
RegisterClassExW
LoadCursorW
GetClassInfoExW
RegisterWindowMessageW
GetSysColor
InsertMenuItemW
GetActiveWindow
SetForegroundWindow
GetCursorPos
TrackPopupMenuEx
GetSubMenu
LoadMenuW
TrackPopupMenu
PeekMessageW
PtInRect
MessageBeep
LoadStringA
PostQuitMessage
LoadStringW
GetMenuItemInfoW
RemoveMenu
AppendMenuW
MonitorFromPoint
GetMonitorInfoW
CreatePopupMenu
SetMenuDefaultItem
GetMenuItemID
DialogBoxParamW
MessageBoxW
DestroyMenu
SetMenuItemInfoW
GetMenuItemCount
CheckMenuItem
TranslateAcceleratorW
GetLastInputInfo
UnregisterDeviceNotification
RegisterDeviceNotificationW
PostMessageW
CreateAcceleratorTableW
LoadIconW
SetWindowContextHelpId
IsWindowVisible
ShowWindow
MapDialogRect
SetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
MoveWindow
CharNextW

gdi32

PatBlt
GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
GetClipBox
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
BitBlt
CreateRoundRectRgn

advapi32

CryptGetHashParam
RegEnumKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetEntriesInAclW
AllocateAndInitializeSid
FreeSid
RegQueryValueExW
CreateProcessAsUserW
GetLengthSid
SetTokenInformation
OpenProcessToken
DuplicateTokenEx
ConvertStringSidToSidW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash

shell32

SHAppBarMessage
ShellExecuteExW
ord2
SHGetSpecialFolderLocation
ord4
Shell_NotifyIconW
SHGetFolderPathW

ole32

StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromString
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoInitialize
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromProgID

oleaut32

SysStringByteLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
DispCallFunc
VariantCopy
SysAllocStringByteLen
VarUI4FromStr
VarBstrCat
SysAllocString
SysAllocStringLen
VariantClear
VariantInit
SysFreeString
SysStringLen

shlwapi

PathFileExistsW

comctl32

InitCommonControlsEx

ws2_32

recv
socket
inet_addr
gethostbyname
gethostbyaddr
closesocket
htons
connect
send

Sections

.text
Size: 276KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b81e2a30bb1b020077e9ccb536e7aa22

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

64:a0:b0:89:17:59:2b:05:84:1c:ed:a3:46:73:61:05Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

05:1f:53:4e:c0:d7:75:cc:7f:a1:80:21:d5:60:d5:38:23:8f:49:29Signer

Headers

File Characteristics

Imports

wininet

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

ws2_32

Sections

.text Size: 276KB - Virtual size: 273KB

.rdata Size: 60KB - Virtual size: 58KB

.data Size: 12KB - Virtual size: 19KB

.rsrc Size: 12KB - Virtual size: 10KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

64:a0:b0:89:17:59:2b:05:84:1c:ed:a3:46:73:61:05
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

05:1f:53:4e:c0:d7:75:cc:7f:a1:80:21:d5:60:d5:38:23:8f:49:29
Signer

.text
Size: 276KB - Virtual size: 273KB

.rdata
Size: 60KB - Virtual size: 58KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 12KB - Virtual size: 10KB