895cbc9265cc7bcdb27f01c1927f2fa7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

895cbc9265cc7bcdb27f01c1927f2fa7_JaffaCakes118
Size

1.1MB
MD5

895cbc9265cc7bcdb27f01c1927f2fa7
SHA1

9cb86a174224df063c0489f0f57a79661c52e8c5
SHA256

87b6face8c22d2d2c1506a759769ca4a3cac7a5d3c13f4a5b637fe9fbf99e8d8
SHA512

a260c107aa092c8aeda53625f52748ca13e25298c9bd5ced9d3ccfa256992a463426a1a076e9e294024ddab95102f650709112a2e14f4d8d6a0170a0f48efcb9
SSDEEP

12288:HR4uc7i+5zayAQJZM+pcwmCCyb/W11oTNDiF3VhddDZQ+Tr/mERR0YOuTty6+cXI:CFrayAQJcbmHW3LNpTSERR0YlT9FO7N

Score

1^/10

Malware Config

Signatures

Files

895cbc9265cc7bcdb27f01c1927f2fa7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

824a9d0891a62ad5964f751813fd25a9

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3c:16:6f:77:2e:8c:09:58:ef:32:98:f0:2b:d5:1d:5a:85:ef:27:ae:ab:8c:e3:ef:75:2a:56:f7:68:97:d7:d9
Signer

Actual PE Digest

3c:16:6f:77:2e:8c:09:58:ef:32:98:f0:2b:d5:1d:5a:85:ef:27:ae:ab:8c:e3:ef:75:2a:56:f7:68:97:d7:d9

Digest Algorithm

sha256

PE Digest Matches

true

22:72:3f:5e:81:08:6e:fb:da:29:08:66:ad:59:69:29:cb:e8:c3:00
Signer

Actual PE Digest

22:72:3f:5e:81:08:6e:fb:da:29:08:66:ad:59:69:29:cb:e8:c3:00

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\171362\out\Release\SDIS.pdb

Imports

kernel32

CreateDirectoryW
SetFileTime
ExitProcess
VirtualQueryEx
ReadProcessMemory
VirtualProtectEx
VirtualAllocEx
WriteProcessMemory
ResumeThread
VirtualQuery
VirtualProtect
CreateFileMappingW
GetFileSizeEx
CreateFileA
RemoveDirectoryW
GetLongPathNameW
IsBadReadPtr
DeviceIoControl
GetDriveTypeW
GetLogicalDriveStringsW
GetVolumeInformationW
Thread32First
Thread32Next
OpenThread
GetModuleHandleExW
SetUnhandledExceptionFilter
MapViewOfFileEx
InterlockedCompareExchange
GetVersionExW
GetWindowsDirectoryW
GetSystemDirectoryW
SystemTimeToFileTime
SetFilePointerEx
GetThreadLocale
SetThreadLocale
GetNativeSystemInfo
SetErrorMode
ReleaseMutex
GetSystemInfo
OpenFileMappingW
MapViewOfFile
SetEndOfFile
GetDiskFreeSpaceExW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetLocaleInfoW
GetModuleHandleA
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
GetStdHandle
HeapCreate
CompareStringA
CompareStringW
LCMapStringW
LCMapStringA
GetCPInfo
GetStringTypeW
RtlUnwind
GetFileAttributesW
GetStartupInfoW
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
TlsFree
DeleteAtom
FindAtomW
TlsAlloc
AddAtomW
GetAtomNameW
TlsSetValue
TlsGetValue
GetSystemTime
FormatMessageW
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapSize
HeapReAlloc
HeapDestroy
SetFileAttributesW
GetLocalTime
SetCurrentDirectoryW
SetEnvironmentVariableA
GetCurrentDirectoryW
UnmapViewOfFile
FlushViewOfFile
OpenMutexW
HeapFree
GetProcessHeap
HeapAlloc
FindClose
FindNextFileW
FindFirstFileW
CreateWaitableTimerW
ResetEvent
SetWaitableTimer
GlobalUnlock
GlobalLock
CreateThread
LocalFree
lstrcpynW
ReadFile
GetFileSize
InterlockedExchange
MoveFileW
CopyFileW
GetExitCodeThread
TerminateThread
MoveFileExW
GetProcAddress
GetFileAttributesExW
DeleteFileW
SetEvent
CreateEventW
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CreateProcessW
GetExitCodeProcess
TerminateProcess
LoadLibraryExW
lstrcmpiW
Sleep
GetTickCount
GetCurrentProcessId
LoadLibraryW
CreateMutexW
GlobalReAlloc
GlobalAlloc
lstrlenW
GlobalFree
GlobalSize
GetQueuedCompletionStatus
FreeLibrary
PostQueuedCompletionStatus
CreateIoCompletionPort
GetModuleFileNameW
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateFileW
SetFilePointer
OutputDebugStringW
WriteFile
WaitForSingleObject
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
MultiByteToWideChar
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
InterlockedIncrement
FlushInstructionCache
SetLastError
RaiseException
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
MulDiv
InterlockedDecrement
GetCurrentProcess
GetModuleHandleW

user32

CopyRect
UnregisterClassA
DefWindowProcW
DestroyWindow
SetTimer
KillTimer
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
SetWindowLongW
GetWindowLongW
CallWindowProcW
IsWindow
FindWindowExW
GetDC
ReleaseDC
GetWindow
GetClassNameW
SetCursorPos
GetUserObjectInformationW
CreateDesktopW
GetWindowThreadProcessId
SendMessageTimeoutW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
ShowWindow
CharNextW
PostThreadMessageW
CloseDesktop
GetThreadDesktop
PostMessageW
FindWindowW
SetThreadDesktop
DialogBoxParamW
EnumThreadWindows
GetGUIThreadInfo
IsWindowVisible
GetClientRect
GetWindowTextW
GetProcessWindowStation
MessageBoxW
EndDialog
GetActiveWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
SetWindowPos
SystemParametersInfoW
GetCursorPos
GetLastInputInfo
PostQuitMessage
SetRect
SetCursor
WaitForInputIdle
PtInRect
SetRectEmpty
IsWindowEnabled
GetParent
GetDlgCtrlID
SetActiveWindow
BringWindowToTop
SetForegroundWindow
AttachThreadInput
GetForegroundWindow
SendMessageW
GetWindowRect
PrintWindow

gdi32

CreateHalftonePalette
GetPaletteEntries
GdiFlush
CreatePalette
SetDIBColorTable
CreateDIBSection
GetDIBits
RealizePalette
SelectPalette
GetStockObject
CreateDCW
DeleteDC
BitBlt
GetObjectW
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
DPtoLP
GetDeviceCaps
DeleteObject
SetBitmapBits

advapi32

RegCloseKey
RegOpenKeyExW
GetSecurityInfo
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueExW
RegQueryValueExA

shell32

SHGetSpecialFolderPathW
ord165
SHCreateDirectoryExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderPathW
ShellExecuteExW
ShellExecuteW

ole32

CoLoadLibrary
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
CoTaskMemFree

oleaut32

DispCallFunc
VariantClear
VariantInit
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
SysFreeString
SysAllocString
SysStringLen
VarUI4FromStr

shlwapi

PathAppendW
PathCombineW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathFindExtensionW
PathRenameExtensionW
PathMatchSpecW
PathIsDirectoryW
PathQuoteSpacesW
StrCmpNIW
StrStrW
SHGetValueW
StrCmpW
SHSetValueW
StrCmpIW
StrFormatByteSizeW
PathIsRootW
PathCanonicalizeW
PathRemoveBackslashW
PathIsPrefixW
PathRemoveExtensionW
PathAddBackslashW
PathBuildRootW
PathGetDriveNumberW
StrChrW
PathFindNextComponentA
PathCanonicalizeA

gdiplus

GdipFree
GdiplusStartup
GdipGetImageGraphicsContext
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipDrawImageI
GdipDeleteGraphics
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdiplusShutdown

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

imm32

ImmDisableIME

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetModuleFileNameExW

Sections

.text
Size: 795KB - Virtual size: 794KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

824a9d0891a62ad5964f751813fd25a9

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

3c:16:6f:77:2e:8c:09:58:ef:32:98:f0:2b:d5:1d:5a:85:ef:27:ae:ab:8c:e3:ef:75:2a:56:f7:68:97:d7:d9Signer

22:72:3f:5e:81:08:6e:fb:da:29:08:66:ad:59:69:29:cb:e8:c3:00Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

crypt32

imm32

version

psapi

Sections

.text Size: 795KB - Virtual size: 794KB

.rdata Size: 155KB - Virtual size: 154KB

.data Size: 25KB - Virtual size: 43KB

.rsrc Size: 51KB - Virtual size: 51KB

.reloc Size: 56KB - Virtual size: 55KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

3c:16:6f:77:2e:8c:09:58:ef:32:98:f0:2b:d5:1d:5a:85:ef:27:ae:ab:8c:e3:ef:75:2a:56:f7:68:97:d7:d9
Signer

22:72:3f:5e:81:08:6e:fb:da:29:08:66:ad:59:69:29:cb:e8:c3:00
Signer

.text
Size: 795KB - Virtual size: 794KB

.rdata
Size: 155KB - Virtual size: 154KB

.data
Size: 25KB - Virtual size: 43KB

.rsrc
Size: 51KB - Virtual size: 51KB

.reloc
Size: 56KB - Virtual size: 55KB