6696c0d6449ae691961cea99b9ca90a2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6696c0d6449ae691961cea99b9ca90a2_JaffaCakes118
Size

705KB
MD5

6696c0d6449ae691961cea99b9ca90a2
SHA1

91c6f51bf524e95532397d55e9409d4a6a24f854
SHA256

72000681a2af8900f92b9a977f36f2ab7563a419834006e183a4c9418deac0cf
SHA512

8b5db4cd4cbb7fdd0c1cea6f8fced814e8d0539207ed91e2a5cd8d2503037d72a83840b32e690c7bfbf901c8399b894ae24216480871834a815c6e57e2dd14fd
SSDEEP

12288:7TGvQK+kNFH8+veCJhfwSwVvr8slW0uHSdrlzqb8698Yp2UR27MR+:7TGYpkNFH8+vRJhfOVvr3W0uHSVlzKLs

Score

1^/10

Malware Config

Signatures

Files

6696c0d6449ae691961cea99b9ca90a2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2512282a95e3c0ed7f2de8d481e9dbed

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d9:7f:ab:d5:e9:1c:78:19:7f:22:02:28:59:37:6d
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

19-10-2017 00:00

Not After

19-10-2018 23:59

Subject

CN=AGIA LIMITED,O=AGIA LIMITED,L=Altrincham,ST=Cheshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6c:6c:db:da:a0:93:2f:04:33:ac:2e:21:a2:4d:f0:49:ce:a1:d4:80
Signer

Actual PE Digest

6c:6c:db:da:a0:93:2f:04:33:ac:2e:21:a2:4d:f0:49:ce:a1:d4:80

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsDebuggerPresent
RaiseException
GetCommandLineA
GetProcessHeap
GetStartupInfoA
ExitProcess
HeapSize
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
Sleep
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetVersion
lstrlenW
CompareStringA
CompareStringW
lstrcmpiA
lstrlenA
GetStringTypeExA
ExitThread
GlobalAlloc
GetDateFormatA
GetUserDefaultLCID
GlobalUnlock
GlobalLock
CreateFileA
ReadFile
WriteFile
ConnectNamedPipe
CreateNamedPipeA
CreateEventA
VirtualAlloc
WaitForSingleObject
GetCommState
CloseHandle
GetTempPathW
CreateThread
LocalFree
FormatMessageW
GetFullPathNameW
CreateFileW
EnumResourceLanguagesA
GetModuleHandleA
GetDateFormatW
GetLocaleInfoW
GetUserDefaultLangID
GetLocalTime
SetLastError
MulDiv
SizeofResource
VirtualQuery
GetSystemInfo
VirtualProtect
HeapReAlloc
HeapFree
HeapAlloc
GetTickCount
SetErrorMode
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetShortPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
DeleteFileA
MoveFileA
GetCurrentDirectoryA
SystemTimeToFileTime
FileTimeToSystemTime
GetThreadLocale
GetOEMCP
GetCPInfo
GlobalFlags
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
GetFileTime
SetFileTime
GetFileAttributesA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentThread
ConvertDefaultLocale
GetLocaleInfoA
lstrcmpA
GetModuleFileNameA
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
InterlockedDecrement
GetModuleFileNameW
FreeResource
GetCurrentThreadId
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
lstrcmpW
GetVersionExA
GetCurrentProcessId
GetProcAddress
LoadLibraryA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFree
FormatMessageA
FindResourceA
LoadResource
LockResource
InterlockedExchange

user32

DrawIcon
SetWindowRgn
CreateMenu
PostThreadMessageA
GetTabbedTextExtentA
RegisterClipboardFormatA
UnregisterClassA
GetMenuItemInfoA
InflateRect
GetSysColorBrush
LoadCursorA
DestroyCursor
SetRect
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
PostQuitMessage
SetParent
GetSystemMenu
DeleteMenu
IsRectEmpty
TranslateMessage
ValidateRect
IsZoomed
GetWindowDC
ReleaseDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
MoveWindow
IsDialogMessageA
SetDlgItemTextA
RedrawWindow
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
SendDlgItemMessageA
IsChild
SetWindowsHookExA
CallNextHookEx
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetWindowTextA
DispatchMessageA
BeginDeferWindowPos
FindWindowA
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
ScrollWindow
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
MessageBoxA
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
DeferWindowPos
GetScrollInfo
SetScrollInfo
PtInRect
SetWindowPlacement
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
RegisterWindowMessageA
GetClassNameA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
DestroyMenu
WinHelpA
SetWindowPos
SetFocus
GetWindowThreadProcessId
GetActiveWindow
IsWindowEnabled
GetFocus
EqualRect
GetKeyState
GetDlgCtrlID
GetMenu
LoadIconA
SetCursor
PeekMessageA
GetCapture
ReleaseCapture
GetParent
SetActiveWindow
CharUpperA
CreateCaret
UpdateWindow
EnableWindow
CopyRect
InvalidateRect
IsIconic
InsertMenuItemA
GetClassInfoA
IntersectRect
OffsetRect
SetRectEmpty
GetLastActivePopup
BringWindowToTop
PostMessageA
SetMenu
GetDesktopWindow
GetWindow
GetWindowLongA
IsWindow
TranslateAcceleratorA
GetMenuStringA
GetMenuItemID
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
CharNextA
DestroyIcon
SetCapture
LockWindowUpdate
GetDCEx
WindowFromPoint
KillTimer
EndDeferWindowPos
SetTimer
GetSystemMetrics
MapWindowPoints
SendMessageA
GetClientRect
CheckMenuItem
GetMenuState
GetDC
EnumDesktopsA
EndPaint
SetClassLongA
GetClassLongA
AttachThreadInput
CopyImage
LookupIconIdFromDirectory
CallWindowProcA
GetSysColor
GetCursorInfo
GetForegroundWindow
CreateIconIndirect
SetWindowTextA
GetDialogBaseUnits
SetWindowLongA
GetMessageA
LoadAcceleratorsA
LoadImageA
DefWindowProcA
TrackPopupMenu
GetCursorPos
SetForegroundWindow
AppendMenuA
CreateAcceleratorTableA
CreatePopupMenu
ShowWindow
IsWindowVisible
GetDlgItem
GetUpdateRgn
GetUpdateRect
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuA
BeginPaint

gdi32

SetPolyFillMode
SetROP2
SetStretchBltMode
SetMapMode
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
DeleteObject
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
StartDocA
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ExtSelectClipRgn
SetBkMode
GetStockObject
CreatePen
CreateSolidBrush
GetCharWidthA
CreateFontA
StretchDIBits
GetTextExtentPoint32A
DPtoLP
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
GetViewportOrgEx
Rectangle
PatBlt
CreateFontIndirectA
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
CreateEllipticRgn
LPtoDP
Ellipse
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceA
GetWindowOrgEx
RestoreDC
SaveDC
CreateBitmap
GetObjectA
SetBkColor
GetClipBox
CreateDCA
GetPixel
TextOutW
GetTextMetricsW
SetTextColor
SetTextAlign
GetDeviceCaps
CreateCompatibleBitmap
BitBlt
DeleteDC
CreateCompatibleDC
SelectObject
CreatePatternBrush
GetTextMetricsA

comdlg32

GetFileTitleA
PrintDlgA

winspool.drv

GetJobA
ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
InitializeSecurityDescriptor
IsTextUnicode
RegCreateKeyA
GetFileSecurityA
SetFileSecurityA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
SetSecurityDescriptorDacl
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegSetValueA
RegCloseKey

shell32

SHGetFileInfoA
ShellExecuteA
Shell_NotifyIconA
DragFinish
ExtractIconA
DragQueryFileA

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
IsAccelerator
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
GetHGlobalFromStream
RevokeDragDrop
CoLockObjectExternal
StgOpenStorage
CreateStreamOnHGlobal
OleTranslateAccelerator

oleaut32

VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocStringByteLen
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString
OleCreatePictureIndirect

wininet

DetectAutoProxyUrl
FindCloseUrlCache
FindFirstUrlCacheEntryA

avifil32

AVIStreamWrite
AVIMakeCompressedStream
AVIStreamRelease

wintrust

OpenPersonalTrustDBDialog

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

Sections

.text
Size: 340KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2512282a95e3c0ed7f2de8d481e9dbed

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

d9:7f:ab:d5:e9:1c:78:19:7f:22:02:28:59:37:6dCertificate

Extended Key Usages

Key Usages

6c:6c:db:da:a0:93:2f:04:33:ac:2e:21:a2:4d:f0:49:ce:a1:d4:80Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

wininet

avifil32

wintrust

rpcrt4

Sections

.text Size: 340KB - Virtual size: 338KB

.rdata Size: 88KB - Virtual size: 84KB

.data Size: 20KB - Virtual size: 32KB

.rsrc Size: 248KB - Virtual size: 245KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

d9:7f:ab:d5:e9:1c:78:19:7f:22:02:28:59:37:6d
Certificate

6c:6c:db:da:a0:93:2f:04:33:ac:2e:21:a2:4d:f0:49:ce:a1:d4:80
Signer

.text
Size: 340KB - Virtual size: 338KB

.rdata
Size: 88KB - Virtual size: 84KB

.data
Size: 20KB - Virtual size: 32KB

.rsrc
Size: 248KB - Virtual size: 245KB