7cd8766cd410fdfbd1805e81b0109454_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7cd8766cd410fdfbd1805e81b0109454_JaffaCakes118
Size

6.3MB
MD5

7cd8766cd410fdfbd1805e81b0109454
SHA1

40c8a5cc89a72695a5b0f58000903addf34c2605
SHA256

3e2da7f9441b5f4327a2c37d5b01f9c3d3f3306afd62578b9e07e5436d0763de
SHA512

0101b955b53b95da4af582b86ee35e8bfc1270240e2eb63af0d01c790f873eaea0bc6146d7ee2483bbf7991474afef4ed2ce0b5e1279a510c2d1393a907dfa66
SSDEEP

196608:a6mR7h994oNcHfrueOE58YS3JrTXgVyH:qf94o6illJ/gV

Score

1^/10

Malware Config

Signatures

Files

7cd8766cd410fdfbd1805e81b0109454_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3f10f2e0bba6003344770b4f677899b9

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c1:3b:2a:03:6e:ac:06:38:14:6b:cc:75:16:95:58
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/08/2019, 00:00

Not After

11/08/2022, 12:00

Subject

CN=Aatrix Software\, Inc.,OU=Aatrix Software\, Inc.,O=Aatrix Software\, Inc.,L=Grand Forks,ST=North Dakota,C=US,1.2.840.113549.1.9.1=#0c106a6f686e66406161747269782e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7a:eb:98:48:6a:0d:c2:da:75:69:85:d4:5d:dd:44:0f:d1:61:c6:0e
Signer

Actual PE Digest

7a:eb:98:48:6a:0d:c2:da:75:69:85:d4:5d:dd:44:0f:d1:61:c6:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

shfolder

SHGetFolderPathA

aescrypto

AESClose
AESWrite
AESeof
AESReadLine
AESGetLastError
AESInit

updaterdll

DLLGetLastError
DLLBeginUpdate
DLLWriteLogMajor
DLLIsAppUpdateAvailable
DLLIsFormUpdateAvailable
DLLWriteLogMinor
DLLCheckConnection

c4dll

f4type
f4double
f4int
d4field
d4bottom
d4goLow
d4open
relate4skip
relate4top
relate4sortSet
relate4querySet
relate4free
relate4init
d4recCountDo2
d4changed
d4tagSelect
d4append
f4long
f4decimals
f4len
f4ptr
f4assignNotNull
error4default
c4atol
u4freeDefault
u4allocDefault
c4dtoa45
c4ltoa45
date4init
f4currency
code4indexFormat
d4tagNext
d4lockTest
u4allocErDefault
u4allocAgainDefault
c4upper
i4tagInfo
t4alias
d4deleted
d4recNoLow
d4lockInternal
d4unlock
d4top
d4eof
d4delete
d4skip
d4pack
expr4parseLow
code4calcCreate
?code4encryptFile@@YGXPAUCODE4St@@F@Z
d4create
u4ncpy
date4long
date4format
d4close
d4lockAllInternal
d4appendStart
d4blank
code4initUndo
code4initLow
d4numFields
f4name
f4dateTime
d4fieldJ
d4tag
?code4encryptInit@@YGHPAUCODE4St@@PBXF@Z

tbarcode10

BCLicenseMeA
BCAlloc
BCSetCDMethod
BCSetDrawMode
BCSetMustFit
BCSetBCType
BCSet_PDF417_RowColRatioA
BCSet_PDF417_ECLevel
BCSet_QR_Version
BCSet_QR_ECLevel
BCSetDrawModeExt
BCSetPrintText
BCSetRotation
BCSetTranslateEsc
BCSetTextA
BCCheck
BCCreate
BCGetBarcodeWidth
BCDraw
BCFree
BCGetErrorTextA

kernel32

SetErrorMode
RtlUnwind
RaiseException
GetTimeZoneInformation
HeapFree
HeapAlloc
HeapReAlloc
ExitProcess
TerminateProcess
ExitThread
SetEnvironmentVariableA
GetStartupInfoA
GetCommandLineA
SetStdHandle
GetFileType
HeapSize
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
UnhandledExceptionFilter
CompareStringA
CompareStringW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoW
GetCPInfo
GlobalFlags
GetPrivateProfileIntA
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
GetVolumeInformationA
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
SuspendThread
SetThreadPriority
LocalFileTimeToFileTime
GetCurrentThread
lstrcatA
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FindNextFileA
FindFirstFileA
FileTimeToLocalFileTime
lstrcmpA
InterlockedIncrement
SetCurrentDirectoryA
SetLastError
LoadLibraryW
WriteFile
ReadFile
SetEndOfFile
SetFileTime
GetFileTime
QueryPerformanceCounter
CreateThread
FindClose
SetFileAttributesW
CreateFileW
CreateDirectoryW
GetFileAttributesW
SetFilePointer
DeleteFileW
MoveFileW
GetCurrentDirectoryW
GetFullPathNameW
GetSystemTime
CompareFileTime
GetComputerNameW
GetOEMCP
GetACP
GetSystemTimeAsFileTime
GetTickCount
GetVersion
GetProcessVersion
AllocConsole
GetStdHandle
WriteConsoleA
ReadConsoleA
FreeConsole
SetVolumeLabelA
GetDriveTypeA
GetDiskFreeSpaceA
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
lstrcpyA
lstrlenA
WinExec
InterlockedDecrement
lstrcpynA
GetLocaleInfoA
GetWindowsDirectoryA
FileTimeToSystemTime
GetLocalTime
SystemTimeToFileTime
SetEvent
ResetEvent
FreeResource
ResumeThread
MulDiv
CreateEventA
GlobalSize
GetUserDefaultLangID
GetCurrentThreadId
GetCurrentProcess
CreateMutexA
LoadResource
SizeofResource
LockResource
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
FindResourceA
MultiByteToWideChar
WideCharToMultiByte
GetTempFileNameA
GetTempPathA
GetSystemDirectoryA
GetCurrentDirectoryA
GetModuleHandleA
GetModuleFileNameA
ExpandEnvironmentStringsA
LoadLibraryA
GetProcAddress
SetFileAttributesA
CreateFileA
GetFileSize
GetFileAttributesA
WaitForSingleObject
CloseHandle
GetExitCodeProcess
CreateProcessA
MoveFileA
LocalAlloc
CopyFileA
RemoveDirectoryA
DeleteFileA
GetVersionExA
CreateDirectoryA
Sleep
FormatMessageA
LocalFree
WritePrivateProfileStringA
GetLastError
GetPrivateProfileStringA
FreeLibrary
InterlockedExchange
GetProfileStringA

user32

WaitMessage
BringWindowToTop
UnpackDDElParam
ReuseDDElParam
SetMenu
GetDesktopWindow
TranslateAcceleratorA
LoadAcceleratorsA
IsZoomed
CharUpperA
EndDialog
CreateDialogIndirectParamA
GetMessageA
TranslateMessage
ValidateRect
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
IsWindowEnabled
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
DispatchMessageA
SetActiveWindow
AdjustWindowRectEx
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
GetScrollPos
GetTopWindow
WinHelpA
GetClassInfoA
GetMenuItemID
TrackPopupMenu
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetLastActivePopup
GetForegroundWindow
GetWindow
GetWindowPlacement
GrayStringA
TabbedTextOutA
GetWindowTextLengthA
GetWindowTextA
PeekMessageA
PostQuitMessage
wsprintfA
IsClipboardFormatAvailable
GetMenu
ModifyMenuA
GetMenuStringA
CheckMenuItem
DeleteMenu
CharToOemBuffA
OemToCharBuffA
DefWindowProcA
RegisterClassA
CreateWindowExA
SetScrollRange
SetScrollPos
LockWindowUpdate
DrawEdge
UpdateWindow
LoadBitmapA
MapWindowPoints
GetWindowThreadProcessId
ChildWindowFromPointEx
SystemParametersInfoA
GetDlgCtrlID
LoadStringA
IsChild
GetMenuItemCount
IntersectRect
GetDlgItem
GetDialogBaseUnits
ScreenToClient
UnregisterClassA
ExcludeUpdateRgn
DefDlgProcA
IsWindowUnicode
ShowOwnedPopups
SetWindowContextHelpId
MapDialogRect
FindWindowA
GetClassNameA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetMessagePos
GetAsyncKeyState
DrawFrameControl
UnionRect
SetRectEmpty
IsRectEmpty
CreateIconFromResource
CopyIcon
MessageBeep
SetWindowLongA
IsWindowVisible
EqualRect
SetCapture
GetCapture
GetWindowDC
ReleaseCapture
GetFocus
SetRect
KillTimer
SetTimer
PtInRect
GetKeyState
SetWindowPos
ShowCaret
GetWindowTextW
GetSystemMetrics
LoadCursorA
RedrawWindow
GetUpdateRect
EndPaint
BeginPaint
HideCaret
MapVirtualKeyA
DrawTextA
GetWindowLongA
WindowFromPoint
GetNextDlgTabItem
GetActiveWindow
InvalidateRect
ClientToScreen
GetWindowRect
DrawFocusRect
DrawStateA
FrameRect
InflateRect
GetIconInfo
CreateIconIndirect
GetDC
ReleaseDC
FillRect
TrackPopupMenuEx
PostMessageA
SetCursor
DestroyIcon
DestroyCursor
DestroyMenu
GetClientRect
LoadMenuA
GetSubMenu
EnableMenuItem
ShowScrollBar
EnableScrollBar
CopyRect
SendMessageTimeoutA
GetThreadDesktop
GetUserObjectInformationA
EnumWindows
IsIconic
GetSysColorBrush
GetDCEx
CharNextA
CopyAcceleratorTableA
GetNextDlgGroupItem
GetTabbedTextExtentA
SetParent
RegisterClipboardFormatA
PostThreadMessageA
LoadIconA
GetCursorPos
SetFocus
GetParent
IsWindow
OffsetRect
EnableWindow
MessageBoxA
GetSysColor
wvsprintfA
SendMessageA
SetForegroundWindow
LoadImageA
RegisterWindowMessageA
ShowWindow
DestroyWindow

gdi32

SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
SetTextAlign
GetCurrentPositionEx
GetTextExtentPointA
GetViewportExtEx
GetWindowExtEx
CreatePatternBrush
PtVisible
Escape
GetMapMode
SetRectRgn
LPtoDP
GetNearestColor
GetStretchBltMode
GetPolyFillMode
GetROP2
GetTextFaceA
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
StartDocA
ResetDCA
DPtoLP
CreateHalftonePalette
SetTextJustification
TextOutA
MoveToEx
LineTo
SetViewportOrgEx
GetTextAlign
GetTextColor
GetBkMode
CreateBrushIndirect
CreatePenIndirect
RoundRect
Polygon
GetEnhMetaFilePaletteEntries
CreatePalette
SelectPalette
RealizePalette
PlayEnhMetaFile
GetDIBits
CreateRectRgn
CombineRgn
GetPixel
SetPixel
SetBkColor
SetTextColor
DeleteDC
Ellipse
GetCharWidthA
GetBitmapBits
GetBkColor
CreateBitmapIndirect
GetWindowOrgEx
GetTextExtentPoint32A
CreateFontIndirectA
SetBkMode
GetStockObject
DeleteObject
BitBlt
CreateCompatibleBitmap
GetDeviceCaps
CreateDCA
CreateFontA
CreateBitmap
CreateCompatibleDC
SelectObject
Rectangle
StretchBlt
PatBlt
GetTextMetricsA
GetCurrentObject
GetObjectA
CreatePen
ExtCreatePen
GetViewportOrgEx
CreateSolidBrush
StretchDIBits
RectVisible
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SetStretchBltMode
SetDIBitsToDevice
CreateDIBSection
CreateDIBitmap
SetEnhMetaFileBits
GetEnhMetaFileHeader
SetWinMetaFileBits
DeleteEnhMetaFile
ExtTextOutA

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
PrintDlgA

winspool.drv

GetPrinterA
DocumentPropertiesA
DeviceCapabilitiesA
OpenPrinterA
ClosePrinter

advapi32

FreeSid
SetSecurityDescriptorDacl
CryptGetUserKey
CryptEnumProvidersA
CryptGetProvParam
CryptExportKey
CryptImportKey
InitializeSecurityDescriptor
SetEntriesInAclA
AllocateAndInitializeSid
GetNamedSecurityInfoA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
GetUserNameA
CryptDeriveKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptSignHashA
CryptSetHashParam
RegOpenKeyA
SetFileSecurityA
GetFileSecurityA
RegSetValueA
RegCreateKeyA
RegSetValueExA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegCreateKeyExA
RegQueryValueA
OpenProcessToken
GetTokenInformation
CryptDestroyKey

shell32

ExtractIconA
DragQueryFileA
DragFinish
SHGetFileInfoA
ShellExecuteA
ShellExecuteExA

comctl32

_TrackMouseEvent
ImageList_AddMasked
ImageList_Draw
ImageList_GetImageCount
ImageList_Replace
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_GetImageInfo
ImageList_SetBkColor
ImageList_GetBkColor
ord17
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA

oledlg

ord8

ole32

CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
OleInitialize
CoTaskMemFree
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal

olepro32

ord253
ord251

oleaut32

SysStringLen
VariantTimeToSystemTime
SysAllocStringLen
SysFreeString
VariantClear
VariantCopy
SysAllocString
SysAllocStringByteLen
VariantChangeType
VarDateFromStr

urlmon

URLDownloadToFileA

wsock32

WSACleanup
send
closesocket
recv
bind
select
__WSAFDIsSet
connect
htons
ioctlsocket
setsockopt
inet_ntoa
shutdown
WSAStartup
getsockopt
socket
ntohs
gethostbyname
getsockname
inet_addr
WSAGetLastError

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

msi

ord112

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 712KB - Virtual size: 710KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 884KB - Virtual size: 955KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f10f2e0bba6003344770b4f677899b9

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

09:c1:3b:2a:03:6e:ac:06:38:14:6b:cc:75:16:95:58Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

7a:eb:98:48:6a:0d:c2:da:75:69:85:d4:5d:dd:44:0f:d1:61:c6:0eSigner

Headers

File Characteristics

Imports

shfolder

aescrypto

updaterdll

c4dll

tbarcode10

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

urlmon

wsock32

version

msi

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.rdata Size: 712KB - Virtual size: 710KB

.data Size: 884KB - Virtual size: 955KB

.rsrc Size: 140KB - Virtual size: 137KB

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

09:c1:3b:2a:03:6e:ac:06:38:14:6b:cc:75:16:95:58
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

7a:eb:98:48:6a:0d:c2:da:75:69:85:d4:5d:dd:44:0f:d1:61:c6:0e
Signer

.text
Size: 4.6MB - Virtual size: 4.6MB

.rdata
Size: 712KB - Virtual size: 710KB

.data
Size: 884KB - Virtual size: 955KB

.rsrc
Size: 140KB - Virtual size: 137KB