7af44452920b74f1c83069c3775449ec_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7af44452920b74f1c83069c3775449ec_JaffaCakes118
Size

1.9MB
MD5

7af44452920b74f1c83069c3775449ec
SHA1

582d2411526ffdf48193c658bcbc631c51a47c48
SHA256

3f4745abb2cf2c2e04857d135387dd22f1d15b1193244d2dfcc8bc1d21d177ec
SHA512

0bf69b5de07883962151c9d91a62b68e655a1d76acca3086149d1b650787823831fd155759647530395e4917d255538aa119409f13f5edd70271b42c0aef597b
SSDEEP

24576:6C2juLUBmo35wuemtMlokRlUmfL9O9HxW39tQ47etIsWeODPv3GGehbTJdmTiY+T:rrmrDQwO9p7YvWeUzehOTvfrZD2

Score

1^/10

Malware Config

Signatures

Files

7af44452920b74f1c83069c3775449ec_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bc6c9d43f406202317ff07afcc8ecfeb

Code Sign

0f:4d:18:81:92:31:8d:28:51:0f:c8:86:cb:b8:55:e6
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21/03/2014, 00:00

Not After

08/04/2015, 12:00

Subject

CN=InstallX\, LLC,O=InstallX\, LLC,L=Sartell,ST=Minnesota,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e8:54:c6:b3:25:e3:0e:9e:bc:04:f6:03:ba:a5:fa:08:fe:e6:28:f1
Signer

Actual PE Digest

e8:54:c6:b3:25:e3:0e:9e:bc:04:f6:03:ba:a5:fa:08:fe:e6:28:f1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\winapps\Windows\MAIN\Installer.QuickStart.Application\ReleaseNoMFC\quickstart.pdb

Imports

kernel32

AreFileApisANSI
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
GetStdHandle
WriteFile
GetModuleFileNameW
SetLastError
InterlockedIncrement
GetCurrentThread
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
FreeLibrary
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
OutputDebugStringW
LoadLibraryW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetProcAddress
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
WriteConsoleW
FlushFileBuffers
EnterCriticalSection
OpenProcess
CreateProcessA
VirtualQuery
GetLongPathNameA
GetModuleHandleExW
ExitProcess
GetFullPathNameA
GetCurrentDirectoryA
MoveFileA
RaiseException
GetTempPathA
CloseHandle
MultiByteToWideChar
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
WaitForSingleObject
CreateMutexA
WideCharToMultiByte
RtlCaptureStackBackTrace
ReleaseMutex
Sleep
GetTickCount
GetCurrentThreadId
SetUnhandledExceptionFilter
GetLastError
CreateToolhelp32Snapshot
Process32First
Process32Next
GetExitCodeProcess
Module32First
InitializeCriticalSectionAndSpinCount
FindResourceExW
FindResourceW
InterlockedDecrement
GetCommandLineA
DecodePointer
EncodePointer
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
GetFileAttributesA
SetEnvironmentVariableA
ReadConsoleW
ExitThread
CreateThread
DeleteFileW
GetFileAttributesExW
GetDiskFreeSpaceA
CreateFileMappingA
GetDiskFreeSpaceW
LockFileEx
GetTempPathW
GetFileAttributesW
FormatMessageW
InitializeCriticalSection
UnlockFileEx
LockFile
UnlockFile
InterlockedCompareExchange
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
GetFullPathNameW
GetTimeZoneInformation
GetPrivateProfileSectionNamesA
GetPrivateProfileIntA
GetPrivateProfileStringA
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventA
WritePrivateProfileStringA
SetFilePointer
ReadFile
GetFileSize
CreateFileA
ExpandEnvironmentStringsA
GetSystemDirectoryA
GetWindowsDirectoryA
GetSystemInfo
CopyFileA
GetVersionExA
LoadResource
LockResource
SizeofResource
CreateFileW
FormatMessageA
GetModuleHandleA
LocalAlloc
lstrlenA
LocalFree
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
LoadLibraryA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
LoadLibraryExA
FindResourceExA
GetUserDefaultUILanguage
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
GetSystemTime
GetTempFileNameA
DeleteFileA
RemoveDirectoryA
SetFileAttributesA
Module32Next

user32

UpdateWindow
DestroyWindow
IsWindow
SetWindowTextA
SetForegroundWindow
EnableWindow
AnimateWindow
GetWindowTextLengthA
SetWindowLongA
GetWindowLongA
PostMessageA
SendMessageA
ScreenToClient
ClientToScreen
SetWindowPos
SetTimer
KillTimer
ShowWindow
GetParent
SetParent
GetWindowRect
GetClientRect
MessageBoxExA
MessageBoxA
LoadStringA
GetWindowTextA
IsWindowEnabled
GetWindowThreadProcessId
FindWindowExA
GetClassNameA
EnumChildWindows
GetSystemMetrics
GetShellWindow
FindWindowA
GetDesktopWindow
SetCursor
LoadCursorA
CreateWindowExA
GetClassInfoExA
RegisterClassExA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
CallWindowProcA
DefWindowProcA
LoadBitmapA
LoadImageA
DialogBoxParamA
CreateDialogParamA
EndDialog
GetDlgItem
CreatePopupMenu
LoadAcceleratorsA
AppendMenuA
TrackPopupMenu
ReleaseCapture
GetKeyboardState
SendMessageW
CopyRect
InflateRect
FrameRect
BeginPaint
EndPaint
MoveWindow
InvalidateRect
InvalidateRgn
IsWindowVisible
EnumWindows
DestroyMenu
WaitForInputIdle
SetDlgItemTextA
GetCursorPos
OffsetRect
SystemParametersInfoA
AdjustWindowRectEx
GetSystemMenu
EnableMenuItem
SetClassLongA
LoadIconA
PostQuitMessage
IsIconic
GetFocus
SetFocus

oleaut32

SysAllocStringLen
SysStringLen
VariantInit
VariantClear
VariantChangeType
SysAllocString
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SysFreeString

shlwapi

PathCombineA
PathFindExtensionA
PathRenameExtensionA
PathStripPathA
PathRemoveFileSpecA
PathIsDirectoryEmptyA
SHCopyKeyA
SHDeleteEmptyKeyA
UrlEscapeA

comctl32

ImageList_Create
ImageList_Add
ImageList_LoadImageA
InitCommonControlsEx
ImageList_Destroy

shell32

ShellExecuteExA
Shell_NotifyIconA
SHGetSpecialFolderPathA

ole32

CoTaskMemFree
CoInitialize
StringFromGUID2
CoCreateGuid
CoCreateInstance
OleUninitialize
CoInitializeSecurity
CoTaskMemAlloc
OleInitialize

psapi

GetModuleFileNameExA
EnumProcesses

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

userenv

ExpandEnvironmentStringsForUserA

wininet

HttpOpenRequestA
InternetConnectA
InternetSetStatusCallback
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetCombineUrlA
InternetGetCookieA
InternetSetCookieA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetCloseHandle
InternetOpenA
HttpAddRequestHeadersA
InternetReadFileExA
InternetErrorDlg
HttpQueryInfoA
HttpSendRequestA
InternetSetOptionA

gdiplus

GdipDeleteGraphics
GdipCreateFromHDC
GdipSetCompositingMode

urlmon

IsValidURL

gdi32

CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
BitBlt
DeleteDC
GetStockObject
PatBlt
SetWindowOrgEx
GetObjectA
DeleteObject

advapi32

RegEnumKeyExA
AdjustTokenPrivileges
GetLengthSid
ImpersonateLoggedOnUser
RevertToSelf
OpenProcessToken
GetTokenInformation
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegOpenCurrentUser
RegOpenUserClassesRoot
RegCloseKey
DuplicateTokenEx
LookupPrivilegeValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
SetTokenInformation

crypt32

CryptUnprotectData

Sections

.text
Size: 498KB - Virtual size: 498KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-qu
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-ti
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 512B - Virtual size: 59B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-qu
Size: 512B - Virtual size: 41B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 41B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-ti
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 606KB - Virtual size: 606KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc6c9d43f406202317ff07afcc8ecfeb

Code Sign

0f:4d:18:81:92:31:8d:28:51:0f:c8:86:cb:b8:55:e6Certificate

Extended Key Usages

Key Usages

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1Certificate

Extended Key Usages

Key Usages

e8:54:c6:b3:25:e3:0e:9e:bc:04:f6:03:ba:a5:fa:08:fe:e6:28:f1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

oleaut32

shlwapi

comctl32

shell32

ole32

psapi

version

userenv

wininet

gdiplus

urlmon

gdi32

advapi32

crypt32

Sections

.text Size: 498KB - Virtual size: 498KB

.text-qu Size: 4KB - Virtual size: 3KB

.text-co Size: 84KB - Virtual size: 84KB

.text-co Size: 68KB - Virtual size: 67KB

.text-co Size: 47KB - Virtual size: 47KB

.text-co Size: 14KB - Virtual size: 13KB

.text-co Size: 28KB - Virtual size: 27KB

.text-co Size: 10KB - Virtual size: 10KB

.text-co Size: 257KB - Virtual size: 257KB

.text-ti Size: 42KB - Virtual size: 42KB

.text-co Size: 16KB - Virtual size: 15KB

.text-co Size: 512B - Virtual size: 59B

.text-co Size: 12KB - Virtual size: 12KB

.rdata Size: 261KB - Virtual size: 260KB

.data Size: 17KB - Virtual size: 26KB

.data-qu Size: 512B - Virtual size: 41B

.data-co Size: 512B - Virtual size: 188B

.data-co Size: 512B - Virtual size: 56B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 44B

.data-co Size: 512B - Virtual size: 41B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 3KB - Virtual size: 2KB

.data-ti Size: 1KB - Virtual size: 1KB

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 4B

.data-co Size: 512B - Virtual size: 40B

.rsrc Size: 606KB - Virtual size: 606KB

0f:4d:18:81:92:31:8d:28:51:0f:c8:86:cb:b8:55:e6
Certificate

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1
Certificate

e8:54:c6:b3:25:e3:0e:9e:bc:04:f6:03:ba:a5:fa:08:fe:e6:28:f1
Signer

.text
Size: 498KB - Virtual size: 498KB

.text-qu
Size: 4KB - Virtual size: 3KB

.text-co
Size: 84KB - Virtual size: 84KB

.text-co
Size: 68KB - Virtual size: 67KB

.text-co
Size: 47KB - Virtual size: 47KB

.text-co
Size: 14KB - Virtual size: 13KB

.text-co
Size: 28KB - Virtual size: 27KB

.text-co
Size: 10KB - Virtual size: 10KB

.text-co
Size: 257KB - Virtual size: 257KB

.text-ti
Size: 42KB - Virtual size: 42KB

.text-co
Size: 16KB - Virtual size: 15KB

.text-co
Size: 512B - Virtual size: 59B

.text-co
Size: 12KB - Virtual size: 12KB

.rdata
Size: 261KB - Virtual size: 260KB

.data
Size: 17KB - Virtual size: 26KB

.data-qu
Size: 512B - Virtual size: 41B

.data-co
Size: 512B - Virtual size: 188B

.data-co
Size: 512B - Virtual size: 56B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 44B

.data-co
Size: 512B - Virtual size: 41B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 3KB - Virtual size: 2KB

.data-ti
Size: 1KB - Virtual size: 1KB

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 4B

.data-co
Size: 512B - Virtual size: 40B

.rsrc
Size: 606KB - Virtual size: 606KB