7dcfe423f58c1158a4a31d18a1fc8a0c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

7dcfe423f58c1158a4a31d18a1fc8a0c_JaffaCakes118
Size

1.2MB
MD5

7dcfe423f58c1158a4a31d18a1fc8a0c
SHA1

1fc9cfdba27de808d4e81de57771e03773001c29
SHA256

2ada0a404b93d88d8368effd78cce06cafa47fb0408bebb5a5ea2877cbdeb216
SHA512

ed1851b6239f9df88a8e37dcff0d5ee7515a6ea7d9d7d9a97a0e030fb96913075509de20457d785965eec83b06fe4b0bb236aa8492a75fc92c991c608cdb38c9
SSDEEP

24576:tSPYeunP7mSND8TOQz+nR65WY54fNU2n2rHVwCRk:1T85R5F50Uayk

Score

1^/10

Malware Config

Signatures

Files

7dcfe423f58c1158a4a31d18a1fc8a0c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8dabd594e073f9c5ff7db8c82cf96a48

Code Sign

67:20:eb:95:3f:b3:b3:dd:53:51:ff:98:7a:4d:7c:d7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13-02-2015 00:00

Not After

06-03-2017 23:59

Subject

CN=AVANQUEST SOFTWARE,O=AVANQUEST SOFTWARE,L=Paris,ST=Ile de France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12-01-2016 00:00

Not After

11-04-2027 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

67:20:eb:95:3f:b3:b3:dd:53:51:ff:98:7a:4d:7c:d7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13-02-2015 00:00

Not After

06-03-2017 23:59

Subject

CN=AVANQUEST SOFTWARE,O=AVANQUEST SOFTWARE,L=Paris,ST=Ile de France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12-01-2016 00:00

Not After

11-04-2027 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c7:dd:ae:fd:3a:3e:24:ee:93:c8:05:97:98:f1:29:4c:10:21:dd:41:89:6a:14:f4:08:ec:e0:f5:8d:c5:14:f1
Signer

Actual PE Digest

c7:dd:ae:fd:3a:3e:24:ee:93:c8:05:97:98:f1:29:4c:10:21:dd:41:89:6a:14:f4:08:ec:e0:f5:8d:c5:14:f1

Digest Algorithm

sha256

PE Digest Matches

true

a3:e7:bb:e1:bb:96:25:7e:43:c4:17:2e:2c:45:85:fe:c7:a4:b0:0f
Signer

Actual PE Digest

a3:e7:bb:e1:bb:96:25:7e:43:c4:17:2e:2c:45:85:fe:c7:a4:b0:0f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Mes Documents\Visual Studio 2013\Projects\PackageSetup\Setup\Release_Unicode\Setup.pdb

Imports

kernel32

GetCurrentDirectoryW
GetUserDefaultLangID
DeleteAtom
AddAtomW
GetAtomNameW
OpenProcess
SetLastError
GetPriorityClass
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
LockResource
GetVersion
GetExitCodeProcess
CreateMutexW
LoadLibraryExW
GetModuleFileNameW
GetPrivateProfileStructW
GetSystemDirectoryW
GetWindowsDirectoryW
RemoveDirectoryW
GetSystemDefaultLangID
GetShortPathNameW
MoveFileExW
GetLocalTime
GetModuleFileNameA
GetTimeFormatA
GetTimeFormatW
GlobalAlloc
GlobalHandle
GlobalFree
GetFileType
DuplicateHandle
GetFileSize
GetTempFileNameW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetModuleHandleW
LoadLibraryW
lstrlenW
lstrcatW
lstrcpyW
lstrcmpiW
FormatMessageW
GetTickCount
SetFilePointerEx
SetFilePointer
Sleep
GetVolumeInformationW
InitAtomTable
InterlockedIncrement
InterlockedDecrement
lstrlenA
IsBadWritePtr
IsBadReadPtr
CreateProcessW
SetEndOfFile
SetCurrentDirectoryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
FlushFileBuffers
GetOEMCP
GetACP
IsValidCodePage
WriteConsoleW
SetStdHandle
GetStdHandle
GetCurrentThread
AreFileApisANSI
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetCommandLineW
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
GetConsoleCP
ReadConsoleW
GetConsoleMode
RtlUnwind
OutputDebugStringW
IsDebuggerPresent
GetStringTypeW
EncodePointer
GetComputerNameA
lstrcpynW
GetCurrentProcess
LocalFree
LocalAlloc
GlobalUnlock
GlobalLock
GetProcAddress
FreeLibrary
CreateFileW
GetDiskFreeSpaceExW
FindResourceW
ReadFile
WriteFile
SizeofResource
LoadResource
FreeResource
WideCharToMultiByte
FindFirstFileA
DeleteFileA
SetFileAttributesA
CreateFileA
DosDateTimeToFileTime
LocalFileTimeToFileTime
CloseHandle
SetFileTime
FindClose
DeleteFileW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
CompareFileTime
SystemTimeToFileTime
GetSystemTime
GetFileTime
DecodePointer
MultiByteToWideChar
GetTempPathW
GetFileSizeEx
FileTimeToSystemTime
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
TerminateProcess
WaitForSingleObject
GetExitCodeThread
CreateThread
GetLocaleInfoW
GetVersionExW
FindNextFileW
FindFirstFileW
GetFileAttributesW
GetFileAttributesA
SetFileAttributesW
CreateDirectoryW
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
CreateDirectoryA
LoadLibraryExA

user32

GetDlgItem
EndDialog
DialogBoxParamW
ShowWindow
IsWindowUnicode
GetWindowTextLengthW
SetCursor
GetCursorPos
ScreenToClient
PtInRect
LoadCursorW
PostMessageW
EnumWindows
wsprintfW
DestroyIcon
SetDlgItemTextA
GetDlgItemTextA
LoadMenuW
DestroyMenu
GetSubMenu
GetMenuItemID
TrackPopupMenu
SetMenuDefaultItem
SendMessageW
GetDlgCtrlID
CallWindowProcW
FindWindowW
SetDlgItemTextW
SendDlgItemMessageW
EnableWindow
SetWindowTextW
GetWindowLongW
SetWindowLongW
SetClassLongW
LoadImageW
RegisterWindowMessageW
wsprintfA
TranslateMessage
DispatchMessageW
PeekMessageW
AttachThreadInput
CreateWindowExW
IsWindow
DestroyWindow
SetWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
ExitWindowsEx
SendMessageA
FindWindowA
GetDlgItemTextW
OpenClipboard
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
UpdateWindow
GetForegroundWindow
SetForegroundWindow
GetDC
ReleaseDC
InvalidateRect
RedrawWindow
GetClientRect
DefWindowProcA
GetTitleBarInfo
GetSystemMetrics
MapWindowPoints
EndPaint
BeginPaint
KillTimer
RegisterClassExW
DefWindowProcW
GetWindowTextW
IsDialogMessageW
TranslateAcceleratorW
CreateDialogParamW
PostQuitMessage
PostThreadMessageW
GetMessageW
SetFocus
GetMonitorInfoW
MonitorFromWindow
LoadStringW
GetWindowThreadProcessId
EnumChildWindows
GetParent
GetDesktopWindow
MessageBoxW
GetWindowRect

gdi32

SetWindowOrgEx
TextOutW
GetObjectW
SetTextColor
SetBkMode
SelectClipRgn
SaveDC
RestoreDC
GetTextExtentPoint32W
GetTextColor
GetCurrentPositionEx
OffsetWindowOrgEx
CreateRectRgnIndirect
CreateFontIndirectW
SelectObject
DeleteObject
AbortDoc
StartPage
EndDoc
StartDocW
GetDeviceCaps
GetCurrentObject
EndPage

comdlg32

PrintDlgW

advapi32

IsValidSecurityDescriptor
FreeSid
AllocateAndInitializeSid
OpenProcessToken
CopySid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
SetFileSecurityW
GetFileSecurityW
CheckTokenMembership
RegCloseKey
RegOpenKeyExW
SetEntriesInAclW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
QueryServiceStatusEx
StartServiceW
RegCreateKeyW
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RevertToSelf
AccessCheck
GetLengthSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
AddAccessAllowedAce
InitializeAcl
OpenThreadToken
ImpersonateSelf
RegCreateKeyExA

shell32

Shell_NotifyIconW
SHChangeNotify
ord43
SHGetFolderPathW
ShellExecuteW
ShellExecuteExW

ole32

CoCreateGuid
CoCreateInstance
CoInitialize
CoTaskMemFree
OleInitialize
OleUninitialize
CoUninitialize

shlwapi

StrToIntExW
PathIsDirectoryW
PathAppendW
PathUnquoteSpacesW
PathRemoveExtensionW
PathIsFileSpecW
PathStripToRootW
PathStripPathW
PathRenameExtensionW
PathRemoveFileSpecW
PathFindExtensionW
PathStripPathA
SHDeleteKeyW
PathIsRelativeW
PathRemoveBackslashW
PathQuoteSpacesW
PathRemoveBlanksW
PathFindFileNameW
PathMatchSpecW
PathAddBackslashW
PathCanonicalizeW
PathFindOnPathW
PathFindFileNameA
PathRemoveFileSpecA
PathCombineA
PathAppendA
PathAddBackslashA
PathFileExistsW
PathCombineW

comctl32

InitCommonControlsEx

wininet

InternetQueryDataAvailable
InternetGetLastResponseInfoW
InternetOpenW
InternetErrorDlg
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetCrackUrlW
HttpSendRequestA
HttpOpenRequestA
InternetGetConnectedStateExW
InternetCloseHandle
InternetGetConnectedState
InternetCheckConnectionW
HttpQueryInfoW
FtpGetFileSize
FtpOpenFileW
FtpFindFirstFileW
InternetSetFilePointer
InternetReadFile

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

ws2_32

gethostname
WSAStartup
WSACleanup
WSAGetLastError
inet_addr
gethostbyname
recvfrom
gethostbyaddr
WSASocketW
setsockopt
closesocket
sendto

Sections

.text
Size: 529KB - Virtual size: 529KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 484KB - Virtual size: 483KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8dabd594e073f9c5ff7db8c82cf96a48

Code Sign

67:20:eb:95:3f:b3:b3:dd:53:51:ff:98:7a:4d:7c:d7Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13Certificate

Extended Key Usages

Key Usages

67:20:eb:95:3f:b3:b3:dd:53:51:ff:98:7a:4d:7c:d7Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13Certificate

Extended Key Usages

Key Usages

c7:dd:ae:fd:3a:3e:24:ee:93:c8:05:97:98:f1:29:4c:10:21:dd:41:89:6a:14:f4:08:ec:e0:f5:8d:c5:14:f1Signer

a3:e7:bb:e1:bb:96:25:7e:43:c4:17:2e:2c:45:85:fe:c7:a4:b0:0fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

wininet

version

setupapi

ws2_32

Sections

.text Size: 529KB - Virtual size: 529KB

.rdata Size: 127KB - Virtual size: 126KB

.data Size: 11KB - Virtual size: 147KB

.rsrc Size: 484KB - Virtual size: 483KB

.reloc Size: 26KB - Virtual size: 26KB

67:20:eb:95:3f:b3:b3:dd:53:51:ff:98:7a:4d:7c:d7
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

67:20:eb:95:3f:b3:b3:dd:53:51:ff:98:7a:4d:7c:d7
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

c7:dd:ae:fd:3a:3e:24:ee:93:c8:05:97:98:f1:29:4c:10:21:dd:41:89:6a:14:f4:08:ec:e0:f5:8d:c5:14:f1
Signer

a3:e7:bb:e1:bb:96:25:7e:43:c4:17:2e:2c:45:85:fe:c7:a4:b0:0f
Signer

.text
Size: 529KB - Virtual size: 529KB

.rdata
Size: 127KB - Virtual size: 126KB

.data
Size: 11KB - Virtual size: 147KB

.rsrc
Size: 484KB - Virtual size: 483KB

.reloc
Size: 26KB - Virtual size: 26KB