75fdcf4294fd4a4a42d7088d50aa77f9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

75fdcf4294fd4a4a42d7088d50aa77f9_JaffaCakes118
Size

3.4MB
MD5

75fdcf4294fd4a4a42d7088d50aa77f9
SHA1

f2337db8c100d8b3893c9e2dfa505ed261f32757
SHA256

e84395225b8087f8354df67e37c8b75732952e72fe474520788b847ee9c5c107
SHA512

34d097ffa3433ac1489dd428dec9f9c2e021c9b1739f9aca8f3533626a2ab008e8dab8d7caec20d17e5207d61447e34d4b24c12c2d2781b7fc3b2dbc5f7cfc94
SSDEEP

98304:7RPYQl55KjQGBkTpCPaAAR+PN/hq51GEWa7e7tNY1/fvy2LwSj9BDw6MrfR67xM:dQQl55EQrtCPa3SN3EISyyBDw6IZ6K

Score

1^/10

Malware Config

Signatures

Files

75fdcf4294fd4a4a42d7088d50aa77f9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f7795fb74a5d608d9186d48ce74bd925

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:d2:bb:a6:92:2f:3c:7a:02:42:b5:4c:04:0f:8b:11
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

03-06-2015 00:00

Not After

02-07-2017 23:59

Subject

CN=Conexant Systems\, Inc.,O=Conexant Systems\, Inc.,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:1a:2d:30:b9:9c:e4:46:e0:49:61:c6:e4:8c:3f:5a:32:ef:dc:8f
Signer

Actual PE Digest

5a:1a:2d:30:b9:9c:e4:46:e0:49:61:c6:e4:8c:3f:5a:32:ef:dc:8f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupPromptReboot
SetupDefaultQueueCallbackW
SetupGetStringFieldW
SetupGetStringFieldA
SetupFindNextLine
SetupGetLineTextA
SetupFindFirstLineA
SetupDiDeleteDeviceInfo
SetupDiOpenDevRegKey
SetupDiGetINFClassA
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoA
SetupDiSetDeviceRegistryPropertyW
SetupDiCallClassInstaller
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

shell32

SHFileOperationA
SHGetSpecialFolderPathA
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetMalloc
SHCreateDirectoryExA
SHChangeNotify
SHGetFolderPathA
ShellExecuteExA
SHGetFileInfoW
SHGetSpecialFolderLocation
ShellExecuteW
SHAppBarMessage
DragFinish
DragQueryFileW
SHBrowseForFolderW
SHSetLocalizedName

crypt32

CertCompareCertificate
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertFreeCertificateContext

ws2_32

gethostbyname

wininet

InternetGetConnectedState

kernel32

GetCurrentDirectoryW
SetErrorMode
GetTempFileNameW
GetTempPathW
GlobalGetAtomNameW
GetNumberFormatW
GetProfileIntW
SearchPathW
VirtualProtect
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RtlUnwind
EncodePointer
DecodePointer
GetTimeZoneInformation
GetSystemTimeAsFileTime
MoveFileA
HeapReAlloc
RaiseException
ExitThread
CreateThread
ExitProcess
HeapQueryInformation
HeapSize
VirtualAlloc
VirtualQuery
SetStdHandle
GetFileType
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapCreate
QueryPerformanceCounter
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
IsProcessorFeaturePresent
LCMapStringW
GetStringTypeW
GetConsoleCP
GetConsoleMode
WriteConsoleW
GetDriveTypeW
SetEnvironmentVariableA
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
ReleaseActCtx
CreateActCtxW
GetFileTime
GetFileAttributesW
GetFileAttributesExW
CreateEventW
SuspendThread
ResumeThread
SetThreadPriority
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
DeleteFileW
lstrcmpiW
FreeResource
GlobalAddAtomW
GlobalFlags
GlobalDeleteAtom
CompareStringW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
lstrcmpW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleHandleW
FindFirstFileW
FindNextFileW
GetModuleFileNameW
ActivateActCtx
DeactivateActCtx
lstrcmpA
CopyFileW
GlobalSize
FormatMessageW
MulDiv
InterlockedDecrement
GetVersionExW
FindResourceExW
OpenMutexA
CreateMutexA
Module32First
Module32Next
CreateToolhelp32Snapshot
Process32First
Process32Next
GetTickCount
GetProcessHeap
HeapAlloc
HeapFree
GlobalLock
GlobalUnlock
GlobalFree
SetLastError
GetCommState
SetCommState
SetCommTimeouts
SetupComm
EscapeCommFunction
GetFullPathNameA
LocalAlloc
LocalFree
GetCurrentProcessId
GlobalAlloc
OpenEventA
SetEvent
DeviceIoControl
lstrcpynW
GetEnvironmentVariableA
GetUserDefaultLCID
GetSystemInfo
SetFileAttributesA
GetTempPathA
lstrlenW
GetExitCodeProcess
CreateProcessA
GetPrivateProfileSectionA
GetCurrentThread
GetCurrentProcess
LoadLibraryW
CopyFileA
MoveFileExA
FindResourceA
WriteFile
GetModuleHandleExW
CreateFileA
GetFileSizeEx
ReadFile
GetSystemDirectoryA
MultiByteToWideChar
CreateEventA
WaitForSingleObject
GetProcAddress
GetFileAttributesA
GetModuleFileNameA
CreateDirectoryA
GetWindowsDirectoryA
lstrlenA
DeleteFileA
RemoveDirectoryA
lstrcpyA
lstrcatA
GetFileAttributesExA
DosDateTimeToFileTime
FindFirstFileA
FindNextFileA
FindClose
WideCharToMultiByte
GetLastError
CreateFileW
GetCurrentThreadId
LoadLibraryA
FreeLibrary
OpenProcess
TerminateProcess
CloseHandle
Sleep
FindResourceW
LoadResource
LockResource
SizeofResource
lstrcpyW
GetSystemDirectoryW
GlobalFindAtomW
GetWindowsDirectoryW

user32

RegisterClipboardFormatW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetNextDlgGroupItem
LoadImageW
GetIconInfo
HideCaret
InvertRect
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CopyAcceleratorTableW
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
SetClassLongW
DestroyAcceleratorTable
SetParent
SetRect
IsClipboardFormatAvailable
DestroyIcon
WaitMessage
UnregisterClassW
GetMenuDefaultItem
SetMenuDefaultItem
CreatePopupMenu
IsMenu
UpdateLayeredWindow
EnableScrollBar
UnionRect
IsIconic
IsZoomed
GetAsyncKeyState
NotifyWinEvent
MessageBeep
ReleaseCapture
WindowFromPoint
SetCapture
SetWindowRgn
DeleteMenu
OffsetRect
CopyImage
RealChildWindowFromPoint
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
LoadCursorW
GetSysColorBrush
DestroyMenu
GetMenuItemInfoW
ShowOwnedPopups
SetCursor
PostQuitMessage
IntersectRect
GetMessageW
TranslateMessage
CharUpperW
GetCursorPos
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
MapVirtualKeyW
GetKeyNameTextW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CharUpperBuffW
FrameRect
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
CheckMenuItem
LoadMenuW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
GetWindowTextW
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
PostThreadMessageW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
ValidateRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
CopyRect
PtInRect
GetClassNameW
LoadBitmapW
UpdateWindow
FillRect
DrawStateW
GetParent
GetLastActivePopup
IsWindowEnabled
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
LoadStringW
LoadIconW
wsprintfW
GetWindow
GetWindowLongW
SetWindowLongW
KillTimer
TranslateAcceleratorW
InsertMenuItemW
ReuseDDElParam
UnpackDDElParam
CopyIcon
CreateMenu
GetUpdateRect
GetDoubleClickTime
IsCharLowerW
MapVirtualKeyExW
SubtractRect
DestroyCursor
MapDialogRect
DrawIcon
GetWindowRgn
GetWindowThreadProcessId
LoadStringA
SetFocus
IsWindow
GetFocus
PostMessageW
AttachThreadInput
GetForegroundWindow
FindWindowA
BringWindowToTop
EnableWindow
SendMessageW
GetShellWindow
MessageBoxA
SendMessageTimeoutW
IsRectEmpty
InflateRect
GetClientRect
InvalidateRect
GetSysColor
RedrawWindow
GetDC
ReleaseDC
MessageBoxW
EnumWindows
SetTimer
SetWindowPos
GetSystemMetrics
SystemParametersInfoW
EnableMenuItem
GetSystemMenu
GetWindowRect
MonitorFromPoint

gdi32

Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
GetRgnBox
SetDIBColorTable
StretchBlt
SetPixel
EnumFontFamiliesW
EnumFontFamiliesExW
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
Polyline
GetTextFaceW
SetPixelV
DeleteDC
ExtSelectClipRgn
CreateEllipticRgn
GetTextColor
GetTextMetricsW
CreateDIBitmap
GetTextExtentPoint32W
DPtoLP
GetMapMode
CombineRgn
SetRectRgn
CreateHatchBrush
SetTextAlign
MoveToEx
LineTo
GetBkColor
CreatePolygonRgn
CreateDIBSection
CreateRoundRectRgn
GetBoundsRect
GetTextCharsetInfo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
GetObjectType
SelectPalette
SetBkMode
RestoreDC
SaveDC
CreateRectRgnIndirect
CreateBitmap
SetBkColor
SetTextColor
GetStockObject
GetObjectW
DeleteObject
CreateDCW
CopyMetaFileW
GetDeviceCaps
PatBlt
CreateFontIndirectW
GetCharWidthW
SelectObject
BitBlt
Rectangle
CreateCompatibleDC
CreateCompatibleBitmap
CreateSolidBrush
CreatePen
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
CreatePatternBrush

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

ControlService
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegSetValueExA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
AdjustTokenPrivileges
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
GetTokenInformation
LookupAccountSidA
CheckTokenMembership
OpenSCManagerW
StartServiceW
OpenServiceA
QueryServiceStatus
RegCloseKey
DeleteService
CloseServiceHandle
RegDeleteKeyA
RegQueryInfoKeyW
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
FreeSid
RegCreateKeyExA
GetUserNameA
OpenThreadToken
ImpersonateSelf
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
LookupPrivilegeValueA

comctl32

ImageList_GetIconSize

shlwapi

PathFindFileNameW
PathFindExtensionW
PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW

ole32

OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
DoDragDrop
OleTranslateAccelerator
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
IsAccelerator
OleLockRunning
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemFree
PropVariantClear
CoInitialize
CoCreateInstance

oleaut32

SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysAllocString
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VarBstrFromDate
SysFreeString
OleLoadPicture

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdiplusShutdown
GdipDrawImageRectI
GdipCreateFromHDC
GdiplusStartup
GdipDisposeImage
GdipAlloc
GdipFree
GdipLoadImageFromStream
GdipDeleteGraphics
GdipDrawImageI

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 686KB - Virtual size: 685KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7795fb74a5d608d9186d48ce74bd925

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:d2:bb:a6:92:2f:3c:7a:02:42:b5:4c:04:0f:8b:11Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

5a:1a:2d:30:b9:9c:e4:46:e0:49:61:c6:e4:8c:3f:5a:32:ef:dc:8fSigner

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

version

shell32

crypt32

ws2_32

wininet

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

ole32

oleaut32

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 412KB - Virtual size: 412KB

.data Size: 38KB - Virtual size: 2.1MB

.rsrc Size: 686KB - Virtual size: 685KB

.reloc Size: 227KB - Virtual size: 226KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:d2:bb:a6:92:2f:3c:7a:02:42:b5:4c:04:0f:8b:11
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

5a:1a:2d:30:b9:9c:e4:46:e0:49:61:c6:e4:8c:3f:5a:32:ef:dc:8f
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 412KB - Virtual size: 412KB

.data
Size: 38KB - Virtual size: 2.1MB

.rsrc
Size: 686KB - Virtual size: 685KB

.reloc
Size: 227KB - Virtual size: 226KB