6add2f7f208e1087d61df2a2630cde73_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6add2f7f208e1087d61df2a2630cde73_JaffaCakes118
Size

4.9MB
MD5

6add2f7f208e1087d61df2a2630cde73
SHA1

b0493f8a6d20cc7d9562912d061fa242b874cc9a
SHA256

81c2ec32cf77f94e5a221824b99510e1b8353499c2c6baf98e23816d2bebe5f1
SHA512

1c8fa57db3856c3569d18fd089602edf765200a2305f2f2ec965eb21170a0c93bd2bd97246d6db9bb76ef901453fa980b74b59d80351c668c1041fdb1a6c194c
SSDEEP

49152:NoPZv6GzmJkmB9RPLtFa14BMw+Upy2VXox3A7e7slQzmJkmB9RPLtFa14BMw+UpQ:WPZ0JlB249o+7CslLJlB24O

Score

1^/10

Malware Config

Signatures

Files

6add2f7f208e1087d61df2a2630cde73_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f84c5fda37fa19abf9748e1875a5c60b

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d0:28:a3:6b:be:4e:c1:b7:fb:f8:0d:51:7a:1b:56:c6
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/01/2016, 00:00

Not After

09/03/2019, 23:59

Subject

CN=Alfredo Anibal Santos Silva,O=Alfredo Anibal Santos Silva,POSTALCODE=66660,STREET=Rue du grand large+STREET=Résidence les angéliques,L=Port vendres,ST=Languedoc - Roussillon,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d0:28:a3:6b:be:4e:c1:b7:fb:f8:0d:51:7a:1b:56:c6
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/01/2016, 00:00

Not After

09/03/2019, 23:59

Subject

CN=Alfredo Anibal Santos Silva,O=Alfredo Anibal Santos Silva,POSTALCODE=66660,STREET=Rue du grand large+STREET=Résidence les angéliques,L=Port vendres,ST=Languedoc - Roussillon,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b5:36:15:53:0c:db:ac:c0:a6:a4:f5:1c:6b:07:8e:f3:7b:61:f2:42:76:76:db:56:ea:ab:d7:cb:10:23:40:de
Signer

Actual PE Digest

b5:36:15:53:0c:db:ac:c0:a6:a4:f5:1c:6b:07:8e:f3:7b:61:f2:42:76:76:db:56:ea:ab:d7:cb:10:23:40:de

Digest Algorithm

sha256

PE Digest Matches

true

26:97:4d:60:d6:74:4b:4c:a2:35:67:95:d7:87:cf:e1:40:64:d3:ef
Signer

Actual PE Digest

26:97:4d:60:d6:74:4b:4c:a2:35:67:95:d7:87:cf:e1:40:64:d3:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\VisualStudio\Projects\Tech tool shop\Release\TechToolStore.pdb

Imports

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
LCMapStringW
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetACP
GetStdHandle
SetFilePointer
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
GetProcessHeap
HeapFree
HeapAlloc
EncodePointer
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
Process32NextW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Process32FirstW
CreateToolhelp32Snapshot
SetLastError
GetSystemTimeAsFileTime
GetLocalTime
SystemTimeToFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
CreateDirectoryW
ExitProcess
CopyFileW
SetStdHandle
GetConsoleCP
GetConsoleMode
GetExitCodeProcess
WriteFile
SetFilePointerEx
FileTimeToSystemTime
RemoveDirectoryW
MoveFileExW
UnmapViewOfFile
GetFileSizeEx
SetFileTime
GetFileTime
GetFileAttributesW
GetTempPathW
GetSystemWindowsDirectoryW
GetLongPathNameW
Sleep
SleepEx
VerifyVersionInfoW
VerSetConditionMask
GetExitCodeThread
WritePrivateProfileStringW
GetPrivateProfileStringW
ExpandEnvironmentStringsW
GlobalUnlock
GlobalLock
CloseHandle
MulDiv
lstrcmpW
GetCurrentProcess
GetCurrentThreadId
ReadFile
GetFileSize
FreeLibrary
LoadLibraryExW
lstrcmpiW
GetModuleFileNameW
WaitForSingleObject
CreateThread
SetFileAttributesW
MoveFileW
DeleteFileW
CreateFileW
LoadLibraryW
FlushFileBuffers
WriteConsoleW
GetPrivateProfileIntW
GetSystemTime
SetEnvironmentVariableW
SetThreadExecutionState
SetCurrentDirectoryW
GetComputerNameW
ProcessIdToSessionId
GetCurrentProcessId
WTSGetActiveConsoleSessionId
LocalFileTimeToFileTime
GetCurrentDirectoryW
GetTickCount
GetFileInformationByHandle
ResumeThread
Thread32Next
TerminateThread
SuspendThread
OpenThread
Thread32First
TerminateProcess
GetProcessId
CreateProcessW
IsDebuggerPresent
FindResourceW
SizeofResource
LockResource
LoadResource
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
DecodePointer
GetProcAddress
GetModuleHandleW
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GlobalAlloc
LocalAlloc
LocalFree
InterlockedDecrement
InterlockedIncrement
OpenProcess
FindNextFileW
FindClose
FindFirstFileW

user32

GetMessageW
CharNextW
UnregisterClassW
PeekMessageW
TranslateMessage
SetWindowLongW
GetWindowLongW
CreateWindowExW
DestroyWindow
SendMessageW
PostMessageW
SetWindowTextW
GetWindowTextW
DestroyMenu
BeginDeferWindowPos
EndDeferWindowPos
TranslateAcceleratorW
CopyImage
SetMenuDefaultItem
LoadImageW
GetAsyncKeyState
DefDlgProcW
GetMenuItemID
GetForegroundWindow
GetClassLongW
GetSysColorBrush
SetCursor
WindowFromPoint
GetSystemMetrics
SetForegroundWindow
GetCursorPos
SetCursorPos
SendInput
DispatchMessageW
FindWindowExW
SetMenuInfo
InsertMenuItemW
RemoveMenu
SetClassLongW
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuStringW
GetWindowTextLengthW
MoveWindow
SetWindowPos
BringWindowToTop
GetWindowRect
GetClientRect
ClientToScreen
ScreenToClient
MapWindowPoints
EnumChildWindows
PtInRect
DestroyIcon
DrawIconEx
BeginPaint
EndPaint
GetDC
GetWindowDC
ReleaseDC
UpdateWindow
GetUpdateRect
InvalidateRect
InvalidateRgn
ShowWindow
IsWindowVisible
RedrawWindow
IsWindowEnabled
EnableWindow
SetCapture
SetFocus
ChildWindowFromPoint
GetWindow
IsChild
GetParent
GetDlgCtrlID
GetDlgItem
MessageBoxW
IsDialogMessageW
AdjustWindowRectEx
GetWindowRgn
SetWindowRgn
DeferWindowPos
GetWindowThreadProcessId
IsWindow
GetClassNameW
TrackPopupMenu
DeleteMenu
CallWindowProcW
ShowWindowAsync
GetSysColor
DestroyAcceleratorTable
GetFocus
FillRect
GetDesktopWindow
CreateAcceleratorTableW
ReleaseCapture
DefWindowProcW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
wsprintfW
SystemParametersInfoW
GetIconInfo
CreatePopupMenu
FindWindowW
SetLayeredWindowAttributes

gdi32

OffsetRgn
FillRgn
CombineRgn
CreateRectRgn
SetBkMode
SetBkColor
SetTextColor
GetBkColor
StretchBlt
SetStretchBltMode
GetDIBits
ExtSelectClipRgn
CreateFontW
CreatePatternBrush
GetObjectW
GetStockObject
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
SelectObject
GetDeviceCaps
ExcludeClipRect
SelectClipRgn
GetTextExtentPoint32W
SetBrushOrgEx
CreateDIBSection
PatBlt

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

CryptSetKeyParam
CreateWellKnownSid
AdjustTokenPrivileges
LookupPrivilegeValueW
EqualSid
AddAce
GetAce
InitializeAcl
LookupAccountNameW
GetTokenInformation
OpenProcessToken
GetLengthSid
IsValidSid
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
CloseServiceHandle
TreeResetNamedSecurityInfoW
SetNamedSecurityInfoW
RegEnumValueW
RegSaveKeyExW
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptDecrypt
OpenSCManagerW
OpenServiceW
QueryServiceStatus
AbortSystemShutdownW
ConvertSidToStringSidW
RegLoadKeyW
RegUnLoadKeyW

shell32

ExtractAssociatedIconW
FindExecutableW
SHGetDesktopFolder
Shell_NotifyIconW
DragQueryFileW
DragFinish
DragQueryPoint
SHGetFolderPathW
ord6
ExtractIconExW
CommandLineToArgvW
SHChangeNotify
ShellExecuteExW
ord190
SHOpenFolderAndSelectItems
ord155

ole32

CoTaskMemFree
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
OleUninitialize
OleInitialize
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CreateStreamOnHGlobal
CLSIDFromString
CoUninitialize
CoInitialize
StringFromGUID2
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysAllocString
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysAllocStringLen
VariantClear
VariantInit
SysFreeString
SysStringLen

shlwapi

PathIsRootW
UrlCombineW
UrlUnescapeW
UrlCreateFromPathW
PathParseIconLocationW
PathFindOnPathW
PathFileExistsW
PathIsDirectoryW
PathUnExpandEnvStringsW

version

VerQueryValueW
GetFileVersionInfoW

wininet

InternetReadFile
InternetCrackUrlW
InternetSetOptionW
FtpSetCurrentDirectoryW
FtpPutFileW
FtpOpenFileW
HttpQueryInfoW
InternetOpenUrlW
InternetOpenW
InternetGetConnectedState
InternetCloseHandle
FtpGetFileSize
InternetConnectW

winhttp

WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpConnect
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpReadData

gdiplus

GdipImageRotateFlip
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup
GdipCloneImage
ord1
GdipClosePathFigure
GdipResetPath
GdipDeletePath
GdipCreatePath
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipSetLineColors
GdipCreateLineBrushFromRectI
GdipDisposeImage
GdipCreateSolidFill
GdipGetImageWidth
GdipDeleteFont
GdipSaveImageToFile
GdipSaveImageToStream
GdipGetImageHeight
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdipFree
GdipCreateFont
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipGetRegionHRgn
GdipDeleteRegion
GdipCreateRegionPath
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipDrawImageI
GdipDrawImageRect
GdipDrawString
GdipFillPath
GdipFillRectangleI
GdipFillRectangle
GdipDrawPath
GdipDrawRectangleI
GdipDrawLineI
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipSetCompositingQuality
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHWND
GdipCreateFromHDC
GdipCloneBrush
GdipAddPathLine
GdipAddPathPolygon
GdipDeleteBrush

psapi

EnumProcesses
GetModuleFileNameExW

comctl32

ImageList_Remove
ord411
ImageList_GetIcon
ImageList_Destroy
ImageList_Create
ImageList_Add
ImageList_ReplaceIcon
ImageList_DrawEx
ImageList_GetImageCount
ord413
ord410
ord412
ImageList_Replace

uxtheme

SetWindowTheme

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

Sections

.text
Size: 531KB - Virtual size: 530KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f84c5fda37fa19abf9748e1875a5c60b

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

d0:28:a3:6b:be:4e:c1:b7:fb:f8:0d:51:7a:1b:56:c6Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

d0:28:a3:6b:be:4e:c1:b7:fb:f8:0d:51:7a:1b:56:c6Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

b5:36:15:53:0c:db:ac:c0:a6:a4:f5:1c:6b:07:8e:f3:7b:61:f2:42:76:76:db:56:ea:ab:d7:cb:10:23:40:deSigner

26:97:4d:60:d6:74:4b:4c:a2:35:67:95:d7:87:cf:e1:40:64:d3:efSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

version

wininet

winhttp

gdiplus

psapi

comctl32

uxtheme

wtsapi32

Sections

.text Size: 531KB - Virtual size: 530KB

.rdata Size: 220KB - Virtual size: 219KB

.data Size: 6KB - Virtual size: 8KB

.rsrc Size: 4.1MB - Virtual size: 4.1MB

.reloc Size: 23KB - Virtual size: 23KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

d0:28:a3:6b:be:4e:c1:b7:fb:f8:0d:51:7a:1b:56:c6
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

d0:28:a3:6b:be:4e:c1:b7:fb:f8:0d:51:7a:1b:56:c6
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

b5:36:15:53:0c:db:ac:c0:a6:a4:f5:1c:6b:07:8e:f3:7b:61:f2:42:76:76:db:56:ea:ab:d7:cb:10:23:40:de
Signer

26:97:4d:60:d6:74:4b:4c:a2:35:67:95:d7:87:cf:e1:40:64:d3:ef
Signer

.text
Size: 531KB - Virtual size: 530KB

.rdata
Size: 220KB - Virtual size: 219KB

.data
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 4.1MB - Virtual size: 4.1MB

.reloc
Size: 23KB - Virtual size: 23KB