6ef766457c158e1ef1d4658782faee0b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6ef766457c158e1ef1d4658782faee0b_JaffaCakes118
Size

4.1MB
MD5

6ef766457c158e1ef1d4658782faee0b
SHA1

66b5f799f9f7826564c2807dadc19cbb579bac80
SHA256

86244dff56115669e5596b34b3470151adf6212fc5d29cd887bb6cb266dc7f35
SHA512

a558f820b127afbabbfb90c361bded26fd70b8c603a9942188ea555d5de5301d8fad669100e70dce9a6fb03192c5ea89c5ee5a78076d9792d1912a82b995a02a
SSDEEP

49152:bDRvEbjuE41comPpSH/8hd/LyY9lexk8WOzewDpO/kb2TUUo4LvLIOKr49J:HxEbjuEEn+LyY0GmkMb2wBUse

Score

1^/10

Malware Config

Signatures

Files

6ef766457c158e1ef1d4658782faee0b_JaffaCakes118
.dll windows:6 windows x86 arch:x86

5acac407a293fc48919babff5b8f095a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

02-08-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

02-08-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

21-04-2016 10:04

Not After

22-04-2017 10:04

Subject

CN=WinZip Computing LLC,OU=IT Infrastructure,O=WinZip Computing LLC,L=Mansfield,ST=CT,C=US,1.2.840.113549.1.9.1=#0c0f68656c704077696e7a69702e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

02-08-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

02-08-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

21-04-2016 10:04

Not After

22-04-2017 10:04

Subject

CN=WinZip Computing LLC,OU=IT Infrastructure,O=WinZip Computing LLC,L=Mansfield,ST=CT,C=US,1.2.840.113549.1.9.1=#0c0f68656c704077696e7a69702e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11-06-2015 00:00

Not After

29-12-2020 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01-01-1997 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:38:85:8e:12:77:c4:c4:65:3f:5f:31:43:31:79:f5:ca:ef:dc:64:69:70:e9:0f:86:2f:67:97:ef:21:fc:80
Signer

Actual PE Digest

f1:38:85:8e:12:77:c4:c4:65:3f:5f:31:43:31:79:f5:ca:ef:dc:64:69:70:e9:0f:86:2f:67:97:ef:21:fc:80

Digest Algorithm

sha256

PE Digest Matches

true

b7:6a:42:6d:4f:a4:85:79:bf:f8:3f:28:4b:b5:d2:47:9d:30:f7:16
Signer

Actual PE Digest

b7:6a:42:6d:4f:a4:85:79:bf:f8:3f:28:4b:b5:d2:47:9d:30:f7:16

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wzzpmail32.pdb

Imports

user32

FillRect
DrawFocusRect
SetPropW
GetWindowDC
KillTimer
SetTimer
GetKeyState
GetFocus
EndPaint
BeginPaint
UpdateWindow
GetClassNameW
DrawTextW
GetDlgCtrlID
CreateDialogParamW
CreateWindowExW
GetMonitorInfoW
MonitorFromRect
MonitorFromPoint
GetDesktopWindow
PtInRect
IsRectEmpty
SetRectEmpty
GetCursorPos
IsIconic
IsCharAlphaNumericW
IsCharAlphaNumericA
LoadStringW
GetWindowTextW
GetDlgItemTextW
CharToOemBuffW
OemToCharA
CharToOemA
OemToCharBuffA
CharLowerW
CharUpperW
InflateRect
GetPropW
DestroyIcon
CharNextW
DialogBoxIndirectParamW
TrackMouseEvent
AnimateWindow
MapDialogRect
SetCapture
ReleaseCapture
DrawIconEx
DefWindowProcW
RegisterClassExW
GetClassInfoExW
CreatePopupMenu
SetActiveWindow
LoadImageW
SetForegroundWindow
IsWindowVisible
LoadBitmapW
EmptyClipboard
RegisterClipboardFormatW
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
MessageBoxA
SystemParametersInfoW
GetWindow
GetWindowLongW
ClientToScreen
MessageBeep
GetClientRect
GetForegroundWindow
GetSystemMetrics
MoveWindow
GetSysColor
InvalidateRect
IsWindowEnabled
LoadStringA
ReleaseDC
GetDC
EndDialog
DialogBoxParamW
IsDialogMessageW
LoadIconW
GetParent
SetWindowLongW
ScreenToClient
MessageBoxW
GetWindowRect
GetWindowTextLengthW
SetWindowTextW
EnableWindow
MsgWaitForMultipleObjects
SetFocus
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
DestroyMenu
AppendMenuW
TrackPopupMenu
SetParent
SetDlgItemTextW
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPos
LoadCursorW
SetScrollInfo
GetScrollInfo
GetClassLongW
SetClassLongW
ShowWindow
DestroyWindow
IsWindow
CallWindowProcW
PostMessageW
SendMessageW
PeekMessageW
DispatchMessageW
GetComboBoxInfo
DrawTextExW
FrameRect
TranslateMessage
CreateDialogIndirectParamW
GetMessageW

kernel32

GetModuleHandleA
GetModuleHandleW
GetProcAddress
OpenFile
_lclose
LoadLibraryW
CreateEventA
SetEvent
MulDiv
CreateFileA
DeleteFileA
WriteFile
ExpandEnvironmentStringsA
CreateDirectoryW
FindClose
FindFirstFileW
GetFileAttributesW
GetModuleFileNameW
CreateThread
GetLocalTime
GetTickCount
_lcreat
GetPrivateProfileStringW
SystemTimeToFileTime
MultiByteToWideChar
WideCharToMultiByte
VerSetConditionMask
GetModuleFileNameA
GlobalMemoryStatus
FormatMessageA
VerifyVersionInfoW
GetACP
GetLocaleInfoA
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
SetErrorMode
ExitProcess
DisableThreadLibraryCalls
FreeLibrary
LoadLibraryExW
GetUserDefaultUILanguage
SetThreadUILanguage
LocalFree
SetLastError
GetLastError
CloseHandle
OutputDebugStringA
DeleteFileW
SetCurrentDirectoryW
SizeofResource
FindResourceW
FindResourceExW
IsBadReadPtr
IsBadWritePtr
lstrcmpiW
FreeResource
InitializeSListHead
CreateFileMappingW
GetVersionExW
GetSystemDefaultUILanguage
UnmapViewOfFile
MapViewOfFile
SearchPathW
GetSystemTime
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
ExitThread
RemoveDirectoryW
FreeLibraryAndExitThread
MoveFileExW
LoadLibraryA
GetCommandLineW
LockResource
LoadResource
SetVolumeLabelW
FormatMessageW
GetCommandLineA
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnlockFile
LockFile
GetVolumeInformationW
GetTempFileNameW
GetDiskFreeSpaceW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetTempPathW
GetTimeZoneInformation
SetEnvironmentVariableW
SetEnvironmentVariableA
CreateWaitableTimerA
ResumeThread
SetWaitableTimer
GetSystemInfo
QueryPerformanceFrequency
QueryPerformanceCounter
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
ExpandEnvironmentStringsW
CreateSemaphoreW
GetProcessAffinityMask
CreateEventW
WaitForSingleObject
InitializeCriticalSection
SetThreadPriority
GetWindowsDirectoryW
GetSystemDirectoryW
Sleep
FindNextFileW
MoveFileW
DeviceIoControl
GetDriveTypeW
LocalFileTimeToFileTime
IsDBCSLeadByte
AreFileApisANSI
GetFullPathNameW
GetCurrentDirectoryW
IsDBCSLeadByteEx
FileTimeToSystemTime
SetFileAttributesW
GetFileAttributesExW
CompareStringA
SetFileTime
SetFilePointer
GetFileSize
GetFileInformationByHandle
FileTimeToLocalFileTime
VirtualQuery
WaitForMultipleObjectsEx
ResetEvent
GetCurrentProcessId
DuplicateHandle
ReleaseSemaphore
OpenEventA
CreateSemaphoreA
WaitForSingleObjectEx
OutputDebugStringW
DecodePointer
HeapReAlloc
HeapSize
WriteConsoleW
SetFilePointerEx
ReadConsoleW
ReadFile
SetEndOfFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
CreateFileW
RaiseException
RtlUnwind
EncodePointer
InterlockedPushEntrySList
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetModuleHandleExW
HeapAlloc
HeapFree
GetCurrentThread
GetCurrentThreadId
GetStdHandle
GetFileType
GetStartupInfoW
GetStringTypeW
GetSystemTimeAsFileTime
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
IsValidCodePage
GetOEMCP
GetCPInfo

gdi32

TextOutW
Ellipse
MoveToEx
LineTo
CreatePen
SetBkMode
SetDIBits
GetBkColor
SetDCBrushColor
DPtoLP
GetObjectW
SetTextColor
SetMapMode
SetBkColor
SelectPalette
SelectObject
RealizePalette
PatBlt
GetStockObject
GetMapMode
GetDIBits
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
BitBlt
GetDeviceCaps
DeleteObject
CreateFontIndirectW
GetTextExtentPoint32W

advapi32

RegEnumValueW
RegSetValueExA
RegCreateKeyExW
RegOpenKeyW
RegQueryValueExA
RegQueryValueA
RegEnumValueA
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
SystemFunction036
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumKeyExW
RegSetValueExW
RegQueryValueW
RegQueryInfoKeyW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
SetFileSecurityW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteExW
SHFileOperationW
SHChangeNotify
SHGetFolderPathW
SHGetMalloc
ShellExecuteW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

GetErrorInfo
OleCreatePictureIndirect
VarUI4FromStr
SysAllocString
VariantClear

version

VerQueryValueW
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW

msimg32

AlphaBlend

comctl32

ImageList_Destroy
ImageList_Create
_TrackMouseEvent
ord413
ord412
ord410
ImageList_GetIcon

gdiplus

GdipFlush
GdipCreateLineBrushI
GdipDeleteGraphics
GdipFillRectangleI
GdipAlloc
GdipDeleteBrush
GdipCloneBrush
GdiplusShutdown
GdiplusStartup
GdipCreateFromHDC
GdipFree

Exports

Exports

ZAMEntryPoint4

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 529KB - Virtual size: 529KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 143KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5acac407a293fc48919babff5b8f095a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:37:e8Certificate

Extended Key Usages

Key Usages

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:37:e8Certificate

Extended Key Usages

Key Usages

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41Certificate

Extended Key Usages

Key Usages

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80Certificate

Extended Key Usages

Key Usages

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9Certificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

f1:38:85:8e:12:77:c4:c4:65:3f:5f:31:43:31:79:f5:ca:ef:dc:64:69:70:e9:0f:86:2f:67:97:ef:21:fc:80Signer

b7:6a:42:6d:4f:a4:85:79:bf:f8:3f:28:4b:b5:d2:47:9d:30:f7:16Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

kernel32

gdi32

advapi32

shell32

ole32

oleaut32

version

msimg32

comctl32

gdiplus

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 529KB - Virtual size: 529KB

.data Size: 143KB - Virtual size: 263KB

.gfids Size: 512B - Virtual size: 448B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 129KB - Virtual size: 128KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

f1:38:85:8e:12:77:c4:c4:65:3f:5f:31:43:31:79:f5:ca:ef:dc:64:69:70:e9:0f:86:2f:67:97:ef:21:fc:80
Signer

b7:6a:42:6d:4f:a4:85:79:bf:f8:3f:28:4b:b5:d2:47:9d:30:f7:16
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 529KB - Virtual size: 529KB

.data
Size: 143KB - Virtual size: 263KB

.gfids
Size: 512B - Virtual size: 448B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 129KB - Virtual size: 128KB