General

Malware Config

Signatures

Files

• 6972b735bb19c53b5cc5907e509ec9f9_JaffaCakes118

  .exe windows:5 windows x86 arch:x86

  88ed560f1550172f34e769efad85c880

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  47:33:bb:60:89:e3:2f:cd:22:4d:0e:49:de:b6:63:da

  Certificate

  Issuer

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Not Before

  28-09-2018 00:00

  Not After

  01-02-2020 23:59

  Subject

  CN=Beijing Qihu Technology Co.\, Ltd.,OU=研发部,O=Beijing Qihu Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  08-02-2010 00:00

  Not After

  07-02-2020 23:59

  Subject

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  5b:21:3a:c4:69:7a:65:f6:b7:82:7d:9e:48:92:64:dc

  Certificate

  Issuer

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  28-09-2018 00:00

  Not After

  01-02-2020 23:59

  Subject

  CN=Beijing Qihu Technology Co.\, Ltd.,OU=研发部,O=Beijing Qihu Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  10-12-2013 00:00

  Not After

  09-12-2023 23:59

  Subject

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2

  Certificate

  Issuer

  CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

  Not Before

  14-06-2018 10:00

  Not After

  18-03-2029 10:00

  Subject

  CN=GlobalSign TSA for Advanced - G3 - 003-02,O=GMO GlobalSign K.K.,C=JP

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  04:00:00:00:00:01:31:89:c6:50:04

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Not Before

  02-08-2011 10:00

  Not After

  29-03-2029 10:00

  Subject

  CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  04:00:00:00:00:01:21:58:53:08:a2

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Not Before

  18-03-2009 10:00

  Not After

  18-03-2029 10:00

  Subject

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  b7:64:e1:a3:b6:eb:c9:61:4e:d5:6c:83:1c:b5:f6:ad:70:bd:57:22:67:17:06:51:92:80:b4:27:35:f5:f8:e8

  Signer

  Actual PE Digest

  b7:64:e1:a3:b6:eb:c9:61:4e:d5:6c:83:1c:b5:f6:ad:70:bd:57:22:67:17:06:51:92:80:b4:27:35:f5:f8:e8

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  c2:47:ee:c9:4f:b5:0a:d5:70:81:a1:7f:e0:87:dd:ba:0b:cf:a2:5e

  Signer

  Actual PE Digest

  c2:47:ee:c9:4f:b5:0a:d5:70:81:a1:7f:e0:87:dd:ba:0b:cf:a2:5e

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  C:\vmagent_new\bin\joblist\365043\out\Release\MiniNews.pdb

  Imports

  kernel32

  GetSystemTime

  GetSystemTimeAsFileTime

  SystemTimeToFileTime

  GetFileSize

  LockFileEx

  CreateFileMappingA

  UnlockFile

  HeapCompact

  GetSystemInfo

  DeleteFileA

  GetVersionExA

  WaitForSingleObjectEx

  LoadLibraryA

  CreateFileA

  FlushViewOfFile

  OutputDebugStringW

  GetFileAttributesA

  GetDiskFreeSpaceA

  FormatMessageW

  HeapValidate

  GetFileAttributesW

  UnlockFileEx

  SetEndOfFile

  GetFullPathNameA

  LockFile

  OutputDebugStringA

  GetDiskFreeSpaceW

  GetFullPathNameW

  HeapCreate

  ReadFile

  TryEnterCriticalSection

  CreateProcessW

  RemoveDirectoryW

  SetFileAttributesW

  GetCurrentThread

  InterlockedIncrement

  InterlockedDecrement

  VirtualProtect

  SetUnhandledExceptionFilter

  lstrcmpiW

  LoadLibraryExW

  GetCommandLineW

  SetCurrentDirectoryW

  IsBadReadPtr

  GetShortPathNameW

  GetProcessId

  lstrcpynW

  lstrlenW

  OpenFileMappingW

  GetStartupInfoW

  GetTempFileNameW

  MoveFileW

  MoveFileExW

  DeleteFileW

  GetTempPathW

  WriteFile

  Process32NextW

  Process32FirstW

  CreateToolhelp32Snapshot

  GetModuleFileNameW

  CreateMutexW

  Sleep

  GetLastError

  GetCurrentProcessId

  OpenProcess

  GetLongPathNameW

  FindNextFileW

  FindFirstFileW

  GetTempPathA

  lstrcpyW

  SetEnvironmentVariableW

  SetEnvironmentVariableA

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineA

  GetOEMCP

  IsValidCodePage

  FindNextFileA

  FindFirstFileExW

  FindFirstFileExA

  WriteConsoleW

  SetStdHandle

  SetConsoleCtrlHandler

  FindClose

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  GetTimeFormatW

  GetDateFormatW

  GetACP

  GetStdHandle

  GetModuleFileNameA

  ExitProcess

  GetTimeZoneInformation

  GetConsoleMode

  FormatMessageA

  SetFilePointerEx

  GetFileType

  GetModuleHandleExW

  FreeLibraryAndExitThread

  ExitThread

  InterlockedFlushSList

  RtlUnwind

  DosDateTimeToFileTime

  FileTimeToDosDateTime

  LocalFileTimeToFileTime

  FileTimeToLocalFileTime

  SetFileTime

  GetFileTime

  ResumeThread

  SuspendThread

  SetThreadContext

  GetThreadContext

  VirtualQuery

  GetSystemWindowsDirectoryW

  FreeResource

  lstrcmpiA

  lstrcmpA

  DeviceIoControl

  ResetEvent

  TerminateProcess

  UnhandledExceptionFilter

  GetPrivateProfileIntW

  GlobalUnlock

  GlobalLock

  GlobalFree

  GlobalAlloc

  GetCPInfo

  GetLocaleInfoW

  LCMapStringW

  CompareStringW

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  SwitchToThread

  GetLongPathNameA

  LocalFree

  DecodePointer

  WritePrivateProfileStringW

  GetPrivateProfileStringW

  GetLocalTime

  GetSystemDirectoryW

  GetModuleHandleW

  LoadLibraryW

  GetCurrentProcess

  GetProcAddress

  FreeLibrary

  CreateEventW

  WaitForMultipleObjects

  WaitForSingleObject

  SetEvent

  InterlockedCompareExchange

  InterlockedExchange

  GetTickCount

  CreateThread

  AreFileApisANSI

  GetFileAttributesExW

  CreateFileW

  CreateFileMappingW

  UnmapViewOfFile

  MapViewOfFile

  CloseHandle

  SetFilePointer

  WideCharToMultiByte

  MultiByteToWideChar

  GetVersionExW

  DeleteCriticalSection

  LeaveCriticalSection

  LockResource

  EnterCriticalSection

  InitializeCriticalSection

  FindResourceExW

  FindResourceW

  SizeofResource

  LoadResource

  GetProcessHeap

  HeapSize

  HeapFree

  HeapReAlloc

  HeapAlloc

  GetStringTypeW

  LoadLibraryExA

  VirtualFree

  VirtualAlloc

  IsProcessorFeaturePresent

  FlushInstructionCache

  InterlockedPushEntrySList

  InterlockedPopEntrySList

  InitializeSListHead

  EncodePointer

  IsDebuggerPresent

  FlushFileBuffers

  QueryPerformanceCounter

  GetConsoleCP

  CopyFileA

  InitializeCriticalSectionAndSpinCount

  SetLastError

  GetCurrentThreadId

  ReadConsoleW

  HeapDestroy

  RaiseException

  user32

  ShowWindow

  UpdateLayeredWindow

  SetWindowPos

  GetAsyncKeyState

  SetCapture

  ReleaseCapture

  SetTimer

  KillTimer

  GetDC

  UnregisterClassA

  DrawFocusRect

  DestroyCursor

  UnionRect

  EqualRect

  ReleaseDC

  BeginPaint

  IsWindow

  CreateWindowExW

  CallWindowProcW

  DefWindowProcW

  PostMessageW

  SendMessageW

  DestroyWindow

  EndPaint

  GetAncestor

  GetWindowInfo

  MonitorFromPoint

  EnumDisplaySettingsW

  GetTopWindow

  GetShellWindow

  WindowFromPoint

  SetFocus

  AttachThreadInput

  FillRect

  GetWindowTextLengthW

  DrawTextW

  GetFocus

  CreateDialogParamW

  GetMonitorInfoW

  MonitorFromWindow

  GetWindow

  GetDesktopWindow

  MapWindowPoints

  SetForegroundWindow

  EndDialog

  SetWindowTextW

  RedrawWindow

  FindWindowW

  CharNextW

  DispatchMessageW

  TranslateMessage

  SystemParametersInfoW

  LoadImageW

  IsWindowEnabled

  EnableWindow

  DialogBoxParamW

  MoveWindow

  PostQuitMessage

  OffsetRect

  CopyRect

  GetClassNameW

  GetWindowTextW

  GetForegroundWindow

  IsWindowVisible

  GetSystemMetrics

  PostThreadMessageW

  PeekMessageW

  GetMessageW

  GetClassInfoExW

  RegisterClassExW

  UnregisterClassW

  GetWindowThreadProcessId

  FindWindowExW

  SendMessageTimeoutW

  wsprintfW

  LoadCursorW

  GetParent

  SetWindowLongW

  GetWindowLongW

  PtInRect

  ScreenToClient

  GetCursorPos

  SetCursor

  GetWindowRect

  GetClientRect

  InvalidateRect

  gdi32

  GetTextMetricsW

  SetTextColor

  SetBkMode

  GetStockObject

  CreateSolidBrush

  GetDeviceCaps

  ExtTextOutW

  GetObjectW

  CreateDIBSection

  SetBkColor

  SelectObject

  SelectClipRgn

  SaveDC

  RestoreDC

  DeleteObject

  DeleteDC

  CreateRectRgnIndirect

  CreateCompatibleDC

  CreateCompatibleBitmap

  BitBlt

  OffsetViewportOrgEx

  SetViewportOrgEx

  EnumFontFamiliesW

  CreateFontW

  RectVisible

  advapi32

  OpenProcessToken

  RegOpenKeyExA

  RegEnumKeyExA

  QueryServiceStatus

  OpenServiceW

  OpenSCManagerW

  CloseServiceHandle

  CheckTokenMembership

  FreeSid

  AllocateAndInitializeSid

  EqualSid

  GetTokenInformation

  OpenThreadToken

  RegSetValueExW

  RegQueryInfoKeyW

  RegEnumKeyExW

  RegDeleteValueW

  RegDeleteKeyW

  RegCreateKeyExW

  RegQueryValueExW

  RegOpenKeyExW

  RegOpenKeyW

  RegCloseKey

  SetSecurityDescriptorDacl

  InitializeSecurityDescriptor

  CryptContextAddRef

  CryptAcquireContextW

  CryptReleaseContext

  CryptDestroyKey

  CryptSetKeyParam

  CryptGenRandom

  CryptImportKey

  CryptEncrypt

  CryptDecrypt

  RegQueryValueExA

  shell32

  ShellExecuteW

  CommandLineToArgvW

  SHGetSpecialFolderPathW

  ord165

  ShellExecuteExW

  SHChangeNotify

  ole32

  CoInitializeEx

  CreateStreamOnHGlobal

  CoInitializeSecurity

  CoSetProxyBlanket

  CoCreateGuid

  OleRun

  CoTaskMemFree

  CoTaskMemRealloc

  CoTaskMemAlloc

  CLSIDFromProgID

  CoCreateInstance

  CoUninitialize

  CoInitialize

  oleaut32

  SysAllocString

  CreateErrorInfo

  SetErrorInfo

  VariantChangeType

  GetErrorInfo

  SysFreeString

  VariantClear

  VariantInit

  VarUI4FromStr

  shlwapi

  StrStrIA

  StrTrimA

  StrCmpNIW

  SHSetValueA

  SHGetValueA

  StrToIntExW

  StrStrIW

  SHDeleteKeyW

  PathRelativePathToW

  PathIsDirectoryW

  wnsprintfW

  StrCmpIW

  PathRenameExtensionW

  AssocQueryStringW

  PathCombineW

  PathFileExistsW

  PathIsPrefixW

  PathRemoveFileSpecW

  PathAppendW

  SHSetValueW

  SHGetValueW

  PathFileExistsA

  SHDeleteValueW

  PathFindExtensionW

  PathFindFileNameW

  comctl32

  InitCommonControlsEx

  _TrackMouseEvent

  gdiplus

  GdipDrawImagePointRectI

  GdipSetImageAttributesColorMatrix

  GdipCreatePen1

  GdipDisposeImageAttributes

  GdipFillRectangleI

  GdipDrawString

  GdipMeasureString

  GdipDeletePen

  GdipDrawRectangleI

  GdipCreateImageAttributes

  GdipSetTextRenderingHint

  GdipBitmapGetPixel

  GdipDrawImageRectRectI

  GdipDrawImageRectRect

  GdipSetStringFormatFlags

  GdipSetStringFormatTrimming

  GdipSetStringFormatAlign

  GdipSetStringFormatLineAlign

  GdipDeleteGraphics

  GdipCreateFromHDC

  GdipGetImageEncoders

  GdipGetImageEncodersSize

  GdipCreateBitmapFromHBITMAP

  GdipCreateBitmapFromScan0

  GdipSaveImageToFile

  GdipDisposeImage

  GdipCloneImage

  GdiplusShutdown

  GdiplusStartup

  GdipFree

  GdipAlloc

  GdipGetImageWidth

  GdipGetImageHeight

  GdipCreateBitmapFromFile

  GdipCreateBitmapFromFileICM

  GdipCreateBitmapFromStream

  GdipCreateBitmapFromStreamICM

  GdipCreateFontFamilyFromName

  GdipDeleteFontFamily

  GdipCreateFont

  GdipDeleteFont

  GdipCreateSolidFill

  GdipDeleteBrush

  GdipCloneBrush

  GdipCreateStringFormat

  GdipDeleteStringFormat

  version

  GetFileVersionInfoW

  VerQueryValueW

  GetFileVersionInfoSizeW

  psapi

  GetModuleFileNameExW

  setupapi

  SetupIterateCabinetW

  crypt32

  CertGetNameStringW

  CryptUnprotectData

  wininet

  InternetGetConnectedState

  InternetSetCookieExA

  imm32

  ImmAssociateContext

  iphlpapi

  GetAdaptersInfo

  wintrust

  WinVerifyTrust

  WTHelperProvDataFromStateData

  urlmon

  URLDownloadToCacheFileW

  URLDownloadToFileW

  Sections

  .text

  Size: 1.7MB - Virtual size: 1.7MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 292KB - Virtual size: 291KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 25KB - Virtual size: 39KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1.9MB - Virtual size: 1.9MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 77KB - Virtual size: 77KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ