870cd786164e65e4cda16e7f8dd5d989_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

870cd786164e65e4cda16e7f8dd5d989_JaffaCakes118
Size

11.9MB
MD5

870cd786164e65e4cda16e7f8dd5d989
SHA1

ad4bfa65d01fb7c3d0fb0d45f81d079ebab9f2fd
SHA256

c8cbc3e0cbf7ca564d9141ca2b4d6c7d885bb4cd686117dfe71c3b0164041d66
SHA512

48e85e87451b70d3a7aa4d34180aeceb02b3b2e6322860eb0c27dd0a4de3b8c2447cf3c0fd6797136809c4801e1e51cc27f0bdec1ac34d98d3fcfd03f8768324
SSDEEP

98304:qmUVpUJPpIQOUg+zSIC8RQEZi9i0cP0UWqzuId/jwO2sWAYdtD81wYlRwC/fRdJ1:B6oZW3U564is0D811RDiKFdu9Va

Score

1^/10

Malware Config

Signatures

Files

870cd786164e65e4cda16e7f8dd5d989_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b76ff77951de303630cf6c09eb6dbef4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:2b:08:ba:ea:81
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13/09/2010, 01:10

Not After

14/09/2011, 01:10

Subject

CN=ASM SOFTWARE LLC,O=ASM SOFTWARE LLC,L=Gaithersburg,ST=MD,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:51:e9:9c:0e:25:2b:5b:b6:37:3e:ea:54:09:f1:07:ea:db:b8:fd
Signer

Actual PE Digest

39:51:e9:9c:0e:25:2b:5b:b6:37:3e:ea:54:09:f1:07:ea:db:b8:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Development\kh_pro_project\c++\binaries\win32\release\BlackBoxPro.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

rpcrt4

UuidCreateNil
RpcStringFreeW
UuidToStringW
UuidCreate

activeds

ord3

netapi32

NetServerEnum
NetWkstaGetInfo
NetApiBufferFree

winmm

timeSetEvent
PlaySoundA
PlaySoundW
timeGetTime

imm32

ImmGetDefaultIMEWnd
ImmReleaseContext
ImmNotifyIME
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmAssociateContext
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmGetContext

kernel32

DeleteFileA
DeleteFileW
CopyFileA
MoveFileA
MoveFileW
CreateDirectoryA
CreateDirectoryW
RemoveDirectoryA
RemoveDirectoryW
GetFileAttributesA
GetFileAttributesW
GetFileTime
GetLogicalDrives
SetErrorMode
MapViewOfFile
CreateFileMappingA
CreateFileMappingW
UnmapViewOfFile
LoadLibraryExW
WaitForSingleObjectEx
FindNextFileA
FindFirstFileA
GetModuleHandleA
GetModuleHandleW
GetVolumeInformationA
GetVolumeInformationW
ExpandEnvironmentStringsA
CreateProcessA
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
InterlockedDecrement
IsValidLocale
GetProfileStringA
lstrcpynW
lstrcpynA
VirtualFreeEx
ReadProcessMemory
VirtualAllocEx
GetUserDefaultLangID
lstrcmpW
GlobalSize
GetFileAttributesExW
GetDriveTypeW
GetExitCodeProcess
TerminateProcess
GetACP
GetSystemTimeAsFileTime
ExitProcess
GetEnvironmentStrings
GetOverlappedResult
TryEnterCriticalSection
PulseEvent
SignalObjectAndWait
SetPriorityClass
SuspendThread
SetLastError
GetComputerNameA
GetStdHandle
SearchPathA
WaitForMultipleObjectsEx
QueryPerformanceCounter
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetTimeZoneInformation
ExitThread
GetFileAttributesExA
GetFileInformationByHandle
LoadLibraryA
SystemTimeToTzSpecificLocalTime
GetFileType
GetTimeFormatW
GetTimeFormatA
GetDateFormatW
GetDateFormatA
TlsGetValue
GetCurrentProcess
DuplicateHandle
SetStdHandle
SetFileAttributesA
SetFileAttributesW
PeekNamedPipe
GetConsoleCP
GetConsoleMode
SetConsoleCtrlHandler
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
GetOEMCP
IsValidCodePage
CreateFileA
HeapCreate
FatalAppExitA
HeapSize
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
CreateEventA
GetThreadPriority
ResumeThread
TlsSetValue
SetThreadPriority
TerminateThread
TlsAlloc
SwitchToThread
GetSystemInfo
GetCurrentThread
GetCurrentThreadId
TlsFree
GetCommandLineW
GetCommandLineA
GetLocaleInfoW
GetLocaleInfoA
GetLocalTime
OutputDebugStringW
OutputDebugStringA
GetModuleFileNameA
CreateSemaphoreA
CreateSemaphoreW
ReleaseSemaphore
FormatMessageA
LocalFree
GetVersionExA
MultiByteToWideChar
GetUserDefaultLCID
CompareStringW
CompareStringA
WideCharToMultiByte
ResetEvent
TzSpecificLocalTimeToSystemTime
FindFirstFileW
FindNextFileW
FindClose
FindResourceW
SizeofResource
LoadResource
LockResource
ReleaseMutex
CreateMutexW
SetEnvironmentVariableA
SetEnvironmentVariableW
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
EnumSystemLocalesA
lstrlenW
FindCloseChangeNotification
FindNextChangeNotification
FindFirstChangeNotificationA
CreateMutexA
LoadLibraryW
GetProcAddress
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetSystemTime
GetMailslotInfo
Sleep
SetEvent
WaitForSingleObject
CreateMailslotW
CreateEventW
CreateThread
WaitForMultipleObjects
GetExitCodeThread
LocalFileTimeToFileTime
GetProfileStringW
GetSystemDirectoryW
GetCurrentProcessId
OpenProcess
GetVersionExW
GetFileSizeEx
CreateFileW
GetFileSize
ReadFile
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
CopyFileW
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageW
GetLastError
CreateProcessW
CloseHandle
GetComputerNameW
GetModuleFileNameW
GetFullPathNameW
GetFullPathNameA
SetEndOfFile
GetTempPathW
GetTempPathA
GetCurrentDirectoryW
GetCurrentDirectoryA
SetCurrentDirectoryW
SetCurrentDirectoryA
WriteFile
HeapDestroy
SetFilePointer
FindFirstChangeNotificationW
QueryPerformanceFrequency
RtlUnwind
InterlockedCompareExchange
RaiseException
LocalAlloc
VirtualAlloc
VirtualFree
GetTickCount
InterlockedExchange
GetDriveTypeA
InterlockedIncrement

user32

ToUnicode
GetKeyboardLayout
RegisterClipboardFormatW
LoadImageW
GetIconInfo
DrawIconEx
DestroyCaret
SetCaretPos
CreateCaret
HideCaret
GetKeyboardLayoutList
LoadCursorW
LoadCursorA
CreateCursor
SetCursorPos
DestroyCursor
SetRect
UnregisterClassW
GetClassInfoW
GetClassInfoA
GetSysColorBrush
LoadIconW
RegisterClassW
LoadIconA
GetCursorPos
DefWindowProcA
GetWindowRgn
SendMessageW
ClipCursor
GetUpdateRect
InvalidateRgn
BeginPaint
EndPaint
RegisterWindowMessageW
RegisterWindowMessageA
WindowFromPoint
GetParent
GetSysColor
GetDoubleClickTime
SetDoubleClickTime
GetCaretBlinkTime
SetCaretBlinkTime
GetKeyState
MessageBeep
GetDesktopWindow
CreateWindowExW
GetSystemMenu
EnableMenuItem
SetParent
ValidateRgn
GetClientRect
ToAscii
SetWindowPlacement
GetWindowRect
MoveWindow
InvalidateRect
SetClipboardViewer
IsIconic
IsZoomed
ShowWindow
SendMessageA
SetWindowTextW
SetWindowTextA
SetCursor
SetWindowsHookExA
SetCapture
ScreenToClient
ClientToScreen
AdjustWindowRectEx
MapVirtualKeyW
TrackPopupMenuEx
SetMenuItemInfoW
GetKeyboardState
MapVirtualKeyA
GetMenu
FindWindowExA
MapWindowPoints
GetWindowThreadProcessId
FindWindowExW
ScrollWindowEx
UpdateWindow
SetWindowPos
SetForegroundWindow
ReleaseCapture
UnhookWindowsHookEx
CreateIconIndirect
DestroyIcon
CallNextHookEx
ReleaseDC
GetDC
GetWindowLongW
SetWindowLongW
GetActiveWindow
IsChild
GetFocus
SetFocus
SystemParametersInfoW
SystemParametersInfoA
MsgWaitForMultipleObjectsEx
TranslateMessage
DispatchMessageW
DispatchMessageA
DestroyWindow
UnregisterClassA
RegisterClassA
CreateWindowExA
SetWindowLongA
GetWindowLongA
DefWindowProcW
KillTimer
SetTimer
GetMessageW
GetMessageA
GetWindowPlacement
ChangeClipboardChain
PostMessageW
PostMessageA
PeekMessageW
PeekMessageA
CharNextExA
SendMessageTimeoutW
SendMessageTimeoutA
FindWindowW
FindWindowA
GetSystemMetrics
MsgWaitForMultipleObjects
RegisterClipboardFormatA
GetClipboardFormatNameA
GetClipboardFormatNameW
IsWindowVisible
PostThreadMessageW
GetQueueStatus
SetWindowRgn

gdi32

EndPath
MoveToEx
CloseFigure
LineTo
PolyBezierTo
BeginPath
FillPath
StrokePath
CreateDCA
CreateDCW
SelectClipPath
SelectClipRgn
GetOutlineTextMetricsA
DeleteObject
SetPolyFillMode
GetTextMetricsA
GetTextMetricsW
CreateFontIndirectA
GetTextExtentPoint32W
GetCharABCWidthsFloatW
GetCharABCWidthsA
GetCharABCWidthsW
GetFontData
GetTextCharsetInfo
EnumFontFamiliesExA
EnumFontFamiliesExW
GdiFlush
GetTextFaceW
GetTextFaceA
CreateSolidBrush
CreateBitmap
CreatePen
SetTextColor
GetGlyphOutlineW
GetDeviceCaps
OffsetRgn
CombineRgn
GetObjectA
GetObjectW
GetStockObject
PtInRegion
RealizePalette
SelectPalette
GetRegionData
CreateRectRgn
CreateEllipticRgn
ExtCreateRegion
EqualRgn
ResetDCA
CreatePolygonRgn
RectInRegion
GetRgnBox
BitBlt
GetDIBits
CreateDIBSection
SaveDC
ExtTextOutW
SetWorldTransform
SetGraphicsMode
DeleteDC
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontIndirectW
GetNearestPaletteIndex
GetPaletteEntries
TextOutA
GetGlyphOutlineA
TextOutW
ResetDCW
EndDoc
EndPage
AbortDoc
SetBkMode
SetTextAlign
StartPage
GetBkMode
StartDocA
StartDocW
RestoreDC
StretchBlt
CreatePalette

winspool.drv

EnumFormsW
OpenPrinterA
OpenPrinterW
GetPrinterA
GetPrinterW
DeviceCapabilitiesA
DeviceCapabilitiesW
EnumPrintersA
EnumPrintersW
ClosePrinter

comdlg32

GetOpenFileNameW
GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameA
PrintDlgW
PrintDlgA

advapi32

RegDeleteValueW
RegDeleteValueA
RegCreateKeyA
RegDeleteKeyA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegDeleteKeyW
RegisterEventSourceA
RegEnumValueW
RegEnumKeyExW
RegEnumValueA
RegEnumKeyExA
RegSetValueExW
RegSetValueExA
RegQueryValueExA
RegFlushKey
RegCreateKeyExW
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
GetTokenInformation
LookupAccountSidW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatusEx
RegisterEventSourceW
ReportEventW
DeregisterEventSource
ReportEventA

shell32

SHBrowseForFolderA
SHGetFileInfoW
Shell_NotifyIconA
SHGetMalloc
ShellExecuteW
SHGetPathFromIDListA
ShellExecuteA
SHGetSpecialFolderPathW
SHCreateDirectoryExW

ole32

CoUninitialize
CoCreateInstance
StringFromGUID2
CoGetObject
CoInitializeEx
CoReleaseMarshalData
CoInitialize
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleInitialize
OleUninitialize
CoCreateGuid
ReleaseStgMedium
DoDragDrop
OleGetClipboard
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
CoTaskMemFree
CoTaskMemAlloc
CoFreeUnusedLibraries
CoGetMalloc

oleaut32

VariantClear
VariantChangeType
SystemTimeToVariantTime
VariantInit
DispCallFunc
SysStringLen
SysAllocStringByteLen
SysAllocString
GetErrorInfo
SysFreeString
VariantTimeToSystemTime
SetErrorInfo
CreateErrorInfo

shlwapi

SHCreateStreamOnFileW

ws2_32

listen
WSACleanup
WSAStartup
WSAJoinLeaf
WSAConnect
WSAAccept
ioctlsocket
select
accept
WSASend
sendto
WSASendTo
send
WSARecv
WSARecvFrom
recvfrom
recv
getsockopt
WSAGetLastError
WSAAsyncSelect
closesocket
WSAEnumNetworkEvents
WSAEventSelect
inet_addr
WSAIoctl
shutdown
connect
bind
gethostname
getservbyname
gethostbyname
gethostbyaddr
WSASocketA
socket
setsockopt
getsockname
getpeername
__WSAFDIsSet

Sections

.text
Size: 8.8MB - Virtual size: 8.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b76ff77951de303630cf6c09eb6dbef4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:1e:44:a5:e2:4eCertificate

Key Usages

01:00:00:00:00:01:2b:08:ba:ea:81Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:1e:44:a5:ec:beCertificate

Key Usages

39:51:e9:9c:0e:25:2b:5b:b6:37:3e:ea:54:09:f1:07:ea:db:b8:fdSigner

Headers

File Characteristics

PDB Paths

Imports

version

rpcrt4

activeds

netapi32

winmm

imm32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

Sections

.text Size: 8.8MB - Virtual size: 8.8MB

.rdata Size: 2.9MB - Virtual size: 2.9MB

.data Size: 88KB - Virtual size: 109KB

.rsrc Size: 108KB - Virtual size: 107KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

01:00:00:00:00:01:2b:08:ba:ea:81
Certificate

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

39:51:e9:9c:0e:25:2b:5b:b6:37:3e:ea:54:09:f1:07:ea:db:b8:fd
Signer

.text
Size: 8.8MB - Virtual size: 8.8MB

.rdata
Size: 2.9MB - Virtual size: 2.9MB

.data
Size: 88KB - Virtual size: 109KB

.rsrc
Size: 108KB - Virtual size: 107KB