6f3e3f9c780c39412049853f33047877_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6f3e3f9c780c39412049853f33047877_JaffaCakes118
Size

578KB
MD5

6f3e3f9c780c39412049853f33047877
SHA1

2d0f68f06d546434352da89705f59f49a4fedaa2
SHA256

308720e2a706df938d7b56d868bd63652c03c77f3eae4b792a66772af808f54a
SHA512

6824473b8751ab44d11b8a9306c0ba179a7a9d3ecd3391006478a8c6451a96403ccb9ca067f5358cdc4fa817c84f36e2af851007286fc5a546ac6c06ccb8fb15
SSDEEP

12288:WVAAmVo1D3znf3iURcYk03hOqbVnZ1/W6Qx48sAcoEg8c5KBcMOJkn8mf7JinckW:O3iydW6Qxs8eVick+S7MUX9VtX01ckF9

Score

1^/10

Malware Config

Signatures

Files

6f3e3f9c780c39412049853f33047877_JaffaCakes118
.exe windows:5 windows x86 arch:x86

acd924429b07ddcb388e0c73be0e72d2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:5a:08:d4:69:92:2e:9d:f0:1c:d8:f6:ba:3a:fa:0c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

10/09/2009, 00:00

Not After

03/09/2012, 23:59

Subject

CN=Hewlett Packard,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop Consumer Solutions,O=Hewlett Packard,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:6d:92:f7:e0:71:78:f6:e5:c9:a8:72:27:d7:9d:9b:37:8e:8e:23
Signer

Actual PE Digest

0d:6d:92:f7:e0:71:78:f6:e5:c9:a8:72:27:d7:9d:9b:37:8e:8e:23

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\hudsonroot\workspace\K35_STAB_Production_Build\build231\SxS\src\Release\InstanceFinderDlg.pdb

Imports

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathIsFileSpecW
PathFindExtensionW

psapi

GetModuleFileNameExW
EnumProcessModules

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

oleacc

LresultFromObject
CreateStdAccessibleObject

kernel32

InterlockedIncrement
CompareStringW
lstrcmpA
lstrlenA
GetVersionExA
lstrcmpW
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GlobalFlags
ReadFile
FlushFileBuffers
GetFullPathNameW
GetModuleHandleA
InterlockedExchange
CompareStringA
SizeofResource
SetFileAttributesW
WritePrivateProfileStringW
GetPrivateProfileStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
HeapFree
GetSystemTimeAsFileTime
HeapAlloc
RtlUnwind
RaiseException
HeapReAlloc
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
lstrlenW
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
InterlockedCompareExchange
GetProcessHeap
InterlockedDecrement
GetModuleHandleW
TlsFree
GlobalFree
LocalReAlloc
TlsSetValue
RemoveDirectoryW
TlsAlloc
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
TlsGetValue
LocalAlloc
ReleaseSemaphore
CreateSemaphoreW
QueryPerformanceFrequency
LocalFree
FormatMessageW
SearchPathW
GetLongPathNameW
GetFileAttributesExW
OutputDebugStringW
SetFilePointer
Sleep
GetCurrentProcessId
ExpandEnvironmentStringsW
QueryPerformanceCounter
GetLastError
WriteFile
WideCharToMultiByte
MultiByteToWideChar
GetTempFileNameW
DeleteFileW
FindClose
FindNextFileW
FindFirstFileW
GetLocaleInfoW
GetUserDefaultLCID
GetSystemDefaultLCID
UnmapViewOfFile
FlushViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
GlobalMemoryStatusEx
GetStartupInfoW
CreatePipe
WaitForMultipleObjects
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetEnvironmentVariableW
PeekNamedPipe
OpenProcess
CreateFileW
GetFileSizeEx
GetCommandLineW
CreateDirectoryW
ReleaseMutex
OpenMutexW
CreateMutexW
GetFileAttributesW
SetLastError
GetSystemTime
GetLocalTime
WaitForSingleObject
SetEvent
ResetEvent
OpenEventW
CreateEventW
TerminateThread
GetCurrentProcess
GetExitCodeProcess
GetExitCodeThread
CreateThread
GetDiskFreeSpaceExW
GetTempPathW
GetTickCount
CloseHandle
CreateProcessW
GetCurrentThreadId
GetVersionExW
GetModuleFileNameW
GetProcAddress
FreeLibrary
LoadLibraryW
FindResourceW
LoadResource
GetConsoleOutputCP
LockResource
SetHandleInformation

user32

PostQuitMessage
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DestroyMenu
ClientToScreen
SetWindowTextW
RegisterWindowMessageW
LoadIconW
WinHelpW
MsgWaitForMultipleObjectsEx
WaitForInputIdle
GetAsyncKeyState
ShowWindow
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
MsgWaitForMultipleObjects
AllowSetForegroundWindow
ExitWindowsEx
CloseDesktop
OpenDesktopW
SetThreadDesktop
GetThreadDesktop
SetProcessWindowStation
GetProcessWindowStation
CloseWindowStation
OpenWindowStationW
wsprintfW
PeekMessageW
TranslateMessage
DispatchMessageW
UnhookWindowsHookEx
MessageBoxW
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongW
GetClientRect
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowTextW
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
SetWindowsHookExW
CallNextHookEx
GetKeyState
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
SendMessageW
GetParent

gdi32

ExtTextOutW
DeleteObject
SaveDC
RestoreDC
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
SetMapMode
GetDeviceCaps
CreateBitmap
GetClipBox
SetTextColor
SetBkColor

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW
FindClosePrinterChangeNotification
FindNextPrinterChangeNotification
FindFirstPrinterChangeNotification
EndDocPrinter
EndPagePrinter
WritePrinter
StartPagePrinter
StartDocPrinterW
EnumPortsW
EnumMonitorsW
DeleteMonitorW
EnumPrintersW
GetPrinterDataExW
SetPrinterDataExW
GetPrinterDriverW
XcvDataW
GetPrinterW
DeletePrinterDriverExW
GetPrinterDriverDirectoryW
EnumPrinterDriversW
SetPrinterW
SetJobW
GetJobW
EnumJobsW
ord204
ord203
AddMonitorW

advapi32

RegQueryInfoKeyW
RegEnumValueW
GetUserNameW
CheckTokenMembership
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegDeleteKeyW
RegSetValueExW
RegDeleteValueW

shell32

ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathW
CommandLineToArgvW

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoCreateGuid
CoInitializeEx
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
VariantChangeType

setupapi

CM_Locate_DevNodeW
CM_Get_DevNode_Status
CM_Get_Device_IDW
CM_Get_DevNode_Registry_PropertyW
CM_Set_DevNode_Registry_PropertyW
CM_Disable_DevNode
SetupDiGetClassDevsW
SetupDiCreateDeviceInfoList
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiCallClassInstaller
SetupDiOpenClassRegKey
SetupDiCreateDevRegKeyW
SetupDiOpenDevRegKey
SetupDiBuildDriverInfoList
SetupDiDestroyDriverInfoList
SetupDiRemoveDevice
SetupDiGetSelectedDriverW
SetupDiGetDriverInfoDetailW
SetupOpenInfFileW
SetupFindFirstLineW
SetupGetLineTextW
SetupCloseInfFile
CMP_WaitNoPendingInstallEvents
SetupDiSetClassInstallParamsW

ws2_32

WSAGetLastError
WSADuplicateSocketW
WSACloseEvent
closesocket
shutdown
WSAResetEvent
WSAEnumNetworkEvents
WSAConnect
WSAEventSelect
WSACreateEvent
setsockopt
WSASocketW
WSACleanup
WSAStringToAddressW
WSAStartup

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo
GetIfEntry

Sections

.text
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

acd924429b07ddcb388e0c73be0e72d2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

42:5a:08:d4:69:92:2e:9d:f0:1c:d8:f6:ba:3a:fa:0cCertificate

Extended Key Usages

Key Usages

0d:6d:92:f7:e0:71:78:f6:e5:c9:a8:72:27:d7:9d:9b:37:8e:8e:23Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

psapi

version

oleacc

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

setupapi

ws2_32

iphlpapi

Sections

.text Size: 340KB - Virtual size: 339KB

.rdata Size: 111KB - Virtual size: 111KB

.data Size: 13KB - Virtual size: 36KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 93KB - Virtual size: 93KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

42:5a:08:d4:69:92:2e:9d:f0:1c:d8:f6:ba:3a:fa:0c
Certificate

0d:6d:92:f7:e0:71:78:f6:e5:c9:a8:72:27:d7:9d:9b:37:8e:8e:23
Signer

.text
Size: 340KB - Virtual size: 339KB

.rdata
Size: 111KB - Virtual size: 111KB

.data
Size: 13KB - Virtual size: 36KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 93KB - Virtual size: 93KB