8a8851ebf663904e135bf7a0b3f459bf_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8a8851ebf663904e135bf7a0b3f459bf_JaffaCakes118
Size

199KB
MD5

8a8851ebf663904e135bf7a0b3f459bf
SHA1

589c0ab7b25babc4607b1cecb57d9f4b847da3aa
SHA256

13ead437ef84eef3c11359ffb05b0ad1cd8ac17d68fde90841d4f965afdb48a1
SHA512

95cdd73707c6c6d1762647dceb0f2e0a8d8215db58a109518dc8921807f03356c016a9b152c0b10798fb593022a36c987cceacc823a9bae309dcb34904475365
SSDEEP

6144:dvVyrhk0mcDJKsyO+07h8eQe12FLY6DmBkC:ryrxlVKsyL07eeU1VCBkC

Score

1^/10

Malware Config

Signatures

Files

8a8851ebf663904e135bf7a0b3f459bf_JaffaCakes118
.exe windows:1 windows x86 arch:x86

09a5f143ab8b71294d371def5078d820

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:bc:30:56:2a:65:0a:fa:a5:ad:10:1e:cd:64:3a:b4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

21/06/2010, 00:00

Not After

26/07/2013, 23:59

Subject

CN=BitTorrent Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BitTorrent Inc,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fc:40:76:42:88:14:35:a1:01:22:04:03:6d:21:b7:bb:67:66:56:11
Signer

Actual PE Digest

fc:40:76:42:88:14:35:a1:01:22:04:03:6d:21:b7:bb:67:66:56:11

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

CreateSolidBrush
DeleteObject
DeleteDC
GdiTransparentBlt
SelectObject
CreateCompatibleDC
GdiGetSpoolMessage
GdiInitSpool
bMakePathNameW
SetBitmapBits
CreateCompatibleBitmap
StretchDIBits
CombineRgn
InvertRgn
CreateDIBitmap
GetDIBits
PolyPatBlt
StretchBlt
GetBitmapBits
SetFontEnumeration
GetTextFaceW
EnumFontFamiliesExW
GetTextExtentPoint32W
CreateFontIndirectW
GdiAddFontResourceW
CreateBitmap
BitBlt
GetTextMetricsW
GetCharWidth32W
SetBkMode
GetStockObject
ExtTextOutW
PatBlt
GetRgnBox
GetCurrentObject
GdiConsoleTextOut
GdiFlush
GetRegionData
CreateRectRgn
CreateDCW
GetDeviceCaps
SetDIBitsToDevice
GetNearestColor
SetDCBrushColor
SetTextColor
SetBkColor
TranslateCharsetInfo
GetStringBitmapW
GdiFullscreenControl
SelectPalette
SetSystemPaletteUse
RealizePalette
GetLayout
SetLayout
GetObjectW
CreatePen
BRUSHOBJ_pvAllocRbrush
EnumFontsA
SetICMProfileA
EnumMetaFile
SetMapperFlags
GetCharWidthW
EngAlphaBlend
GdiDllInitialize
GetEnhMetaFilePaletteEntries
CreateHalftonePalette
EngAssociateSurface
GdiReleaseDC
GdiGetLocalDC
SetTextJustification
PlgBlt
EngCopyBits
GetTextCharset
EqualRgn
ClearBitmapAttributes
DdEntry18
SetBrushAttributes
SetMapMode
GdiIsMetaPrintDC
CloseMetaFile
GetHFONT
StrokePath
bInitSystemAndFontsDirectoriesW
GetMetaFileA
DdEntry12
SetPixelFormat
CloseFigure
STROBJ_dwGetCodePage
SetColorAdjustment
GetPaletteEntries
CLIPOBJ_cEnumStart
SetPaletteEntries
EngUnicodeToMultiByteN
GdiConvertBitmapV5
GdiQueryTable
OffsetViewportOrgEx
DPtoLP
DdEntry35
SetWorldTransform
CreateRectRgnIndirect
GetBkColor
DdEntry2
XLATEOBJ_cGetPalette
GetLogColorSpaceW
GetObjectA
DeviceCapabilitiesExW
RectVisible
STROBJ_vEnumStart
LPtoDP
GdiConvertMetaFilePict
CreateFontIndirectExW
EngGetCurrentCodePage
EngComputeGlyphSet
GdiPlayPrivatePageEMF
XLATEOBJ_piVector
GetBitmapDimensionEx

kernel32

InitializeCriticalSection
LocalReAlloc
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetModuleFileNameW
TerminateProcess
UnhandledExceptionFilter
CreateFileW
GlobalAlloc
GlobalSize
WTSGetActiveConsoleSessionId
GetCPInfo
WideCharToMultiByte
OpenProfileUserMapping
GetPrivateProfileStringW
CloseProfileUserMapping
GlobalAddAtomA
GlobalLock
lstrcpynW
GlobalUnlock
GlobalFree
SetProcessWorkingSetSize
GetStringTypeW
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
FindResourceExW
LoadResource
LockResource
lstrlenA
Beep
TlsSetValue
TlsGetValue
GetExitCodeThread
GetExitCodeProcess
SetFilePointer
GetSystemDirectoryA
CreateFileA
GetOEMCP
GetACP
TlsAlloc
IsValidCodePage
lstrlenW
DuplicateHandle
ReadFile
CreateThread
GetCurrentThread
GetCurrentProcess
SetUnhandledExceptionFilter
SetNamedPipeHandleState
TransactNamedPipe
WaitForSingleObject
GetOverlappedResult
WaitNamedPipeW
OpenEventW
SetEvent
SetClientTimeZoneInformation
LoadLibraryExA
SetLastError
CreateRemoteThread
WaitForMultipleObjects
OpenProcess
CreateEventW
GetLastError
Sleep
CloseHandle
GetModuleHandleW
LocalAlloc
LocalFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
LoadLibraryA
InterlockedCompareExchange
FreeLibrary
GetProcAddress
DelayLoadFailureHook
VirtualAllocEx

ntdll

NtNotifyChangeKey
NtSetSystemInformation
NtQueryValueKey
RtlInitUnicodeString
NtOpenKey
NtQueryInformationProcess
RtlFreeSid
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
RtlAllocateAndInitializeSid
NtResetEvent
NtWaitForMultipleObjects
NtCreateEvent
swprintf
NtSetInformationThread
RtlUnicodeStringToInteger
NtClose
RtlOpenCurrentUser
NtSetEvent
LdrFlushAlternateResourceModules
RtlCreateUserThread
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlInitializeCriticalSection
NtQueryInformationToken
NtAlertThread
DbgUiIssueRemoteBreakin
DbgBreakPoint
_ltow
NtOpenProcessToken
RtlNtStatusToDosError
NtPrivilegeObjectAuditAlarm
NtPrivilegeCheck
NtOpenThreadToken
wcsncmp
NtClearEvent
NtWaitForSingleObject
NtTerminateProcess
NtQueryInformationThread
NtReplyPort
_vsnwprintf
RtlEqualUnicodeString
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlFreeUnicodeString
wcslen
RtlFindMessage
NtResumeThread
RtlFreeHeap
memmove
RtlCreateUnicodeString
_strnicmp
RtlFreeAnsiString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
strstr
RtlUnicodeStringToAnsiString
NtReadVirtualMemory
NtDeviceIoControlFile
NtMakeTemporaryObject
wcscmp
NtQueryDirectoryObject
NtOpenDirectoryObject
NtRequestWaitReplyPort
NtConnectPort
wcscpy
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCopySid
RtlGetDaclSecurityDescriptor
RtlGetOwnerSecurityDescriptor
NtRequestPort
RtlCreateTagHeap
RtlCreateHeap
RtlAllocateHeap
NtEnumerateValueKey
wcsncpy
NtQueryKey
RtlDosSearchPath_U
NtDuplicateObject
NtOpenProcess
RtlInitializeCriticalSectionAndSpinCount
RtlSizeHeap
NtMapViewOfSection
NtCreateSection
NtUnmapViewOfSection
NtVdmControl
NtTerminateThread
RtlCompareUnicodeString
atoi
_itoa
NtReleaseMutant
NtCreateMutant
NtQueryVirtualMemory
RtlUnwind
RtlPrefixUnicodeString
RtlIntegerToUnicodeString
RtlMultiByteToUnicodeN
RtlOemToUnicodeN
RtlUnicodeToMultiByteSize
RtlUnicodeToOemN
RtlInitCodePageTable
RtlUnicodeToMultiByteN
RtlCustomCPToUnicodeN
wcschr
wcsrchr
wcsstr
_wcsupr
NtProtectVirtualMemory
RtlImageDirectoryEntryToData
RtlReAllocateHeap
RtlConsoleMultiByteToUnicodeN
RtlDeleteCriticalSection

user32

RegisterWindowMessageW
GetWindow
PostMessageW
DialogBoxParamW
EndDialog
GetDlgItemTextW
IsDlgButtonChecked
SendDlgItemMessageW
CheckRadioButton
GetWindowPlacement
SetWindowPlacement
EnableMenuItem
LoadMenuW
AppendMenuW
SetMenuItemInfoW
PtInRect
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
GetForegroundWindow
CreateWindowExW
GetSystemMenu
GetLastActivePopup
GetCursorPos
WindowFromPoint
DefWindowProcW
SetCursor
TrackPopupMenuEx
UnpackDDElParam
CreateIconFromResourceEx
ReuseDDElParam
ShowWindowAsync
ReplyMessage
ScrollDC
SetScrollInfo
GetKeyboardLayout
IsWinEventHookInstalled
NotifyWinEvent
SetActiveWindow
MonitorFromRect
GetMonitorInfoW
AdjustWindowRectEx
GetCaretBlinkTime
VkKeyScanW
IsIconic
ClientToScreen
ScreenToClient
ActivateKeyboardLayout
GetKeyboardLayoutNameA
GetKeyboardLayoutNameW
CopyIcon
DestroyIcon
ShowWindow
LoadStringW
ReleaseCapture
SetCapture
GetKeyboardState
ToUnicodeEx
SetThreadDesktop
SetWindowsHookExW
GetMessageW
UnhookWindowsHookEx
TranslateMessageEx
GetKeyState
MapVirtualKeyW
CloseWindowStation
GetUserObjectInformationW
CloseDesktop
PrivateExtractIconExW
wsprintfW
LoadCursorW
LoadImageW
RegisterClassExW
SendMessageTimeoutW
IsWindow
IsWindowEnabled
GetWindowTextW
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
GetWindowRect
GetSysColor
MapWindowPoints
OffsetRect
InflateRect
GetSystemMetrics
GetClientRect
SetForegroundWindow
InvalidateRect
KillTimer
SetWindowPos
SetFocus
SendMessageW
SetTimer
SetDlgItemTextW
EndPaint
LoadBitmapW
DrawEdge
DrawIcon
BeginPaint
LoadIconW
GetClassLongW
GetPropW
SetWindowTextW
SetWindowLongW
DestroyWindow
ReleaseDC
FillRect
GetDC
GetWindowLongW
GetClassNameW
RecordShutdownReason
GetGUIThreadInfo
SendInput
GetLastInputInfo
SystemParametersInfoW
CtxInitUser32
GetWindowTextLengthW
PostThreadMessageW
WCSToMBEx
MB_GetString
SoftModalMessageBox
MessageBoxTimeoutW
GetTaskmanWindow
BroadcastSystemMessageW
GetWindowThreadProcessId
MessageBoxExW
EnumThreadWindows
SendNotifyMessageW
SendMessageCallbackW
CreateDialogParamW
IsDialogMessageW
CallMsgFilterW

winmm

midiConnect
waveOutPrepareHeader
waveOutGetDevCapsW
waveInUnprepareHeader
midiOutLongMsg
auxGetDevCapsA
mmioFlush
mixerGetID
midiOutCacheDrumPatches
waveOutGetPlaybackRate
midiOutGetID
joySetCapture
mod32Message
mixerGetDevCapsW
waveInMessage
mciGetCreatorTask
midiInOpen
mciGetDeviceIDFromElementIDA
WOWAppExit
waveInGetErrorTextA
waveInGetDevCapsW
SendDriverMessage
midiOutShortMsg
midiOutGetErrorTextA
mmioOpenA
mixerClose
midiInReset
waveOutGetVolume

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 150KB - Virtual size: 442KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 748B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09a5f143ab8b71294d371def5078d820

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

36:bc:30:56:2a:65:0a:fa:a5:ad:10:1e:cd:64:3a:b4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

fc:40:76:42:88:14:35:a1:01:22:04:03:6d:21:b7:bb:67:66:56:11Signer

Headers

File Characteristics

Imports

gdi32

kernel32

ntdll

user32

winmm

Sections

.text Size: 18KB - Virtual size: 18KB

.reloc Size: 7KB - Virtual size: 4.8MB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 150KB - Virtual size: 442KB

.rsrc Size: 1024B - Virtual size: 748B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

36:bc:30:56:2a:65:0a:fa:a5:ad:10:1e:cd:64:3a:b4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

fc:40:76:42:88:14:35:a1:01:22:04:03:6d:21:b7:bb:67:66:56:11
Signer

.text
Size: 18KB - Virtual size: 18KB

.reloc
Size: 7KB - Virtual size: 4.8MB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 150KB - Virtual size: 442KB

.rsrc
Size: 1024B - Virtual size: 748B