8aa96ad4c5cb07baccff011524bd3961_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8aa96ad4c5cb07baccff011524bd3961_JaffaCakes118
Size

893KB
MD5

8aa96ad4c5cb07baccff011524bd3961
SHA1

bbae86e806ec5b94106a78a0980719cb0bee16cc
SHA256

34e2b8c613a29d694fdc46d3195209cdd38597f2bfbfe11ded999946c545efe7
SHA512

7d6e2de5d9150dc5506dee218ffcb8edbe46c4b275bfe254fbb70d0269bbee2847e58dbff73cf25270e11a7abedaf725f42250cda25537ab23301ce58a3a4ea6
SSDEEP

12288:rfGhHHYiJVvt0XoUWvMh2uWUspKVCHEjn9h0uvtW1NTsi2XS9HKD:6NJcG3uNsKCHEjnf0MtWHTb2XKu

Score

1^/10

Malware Config

Signatures

Files

8aa96ad4c5cb07baccff011524bd3961_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

a7c8c682efc54a96d1cea28151b171d3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:78:fb:ea:f4:6b:a9:42:8c:62:3c:be:60:3c:f5:e3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30/10/2008, 00:00

Not After

30/10/2011, 23:59

Subject

CN=Avanquest North America Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Avanquest North America Inc.,L=Calabasas,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:4c:93:f3:91:08:9a:9d:e3:a0:56:49:99:ca:32:12:40:82:b8:70
Signer

Actual PE Digest

5d:4c:93:f3:91:08:9a:9d:e3:a0:56:49:99:ca:32:12:40:82:b8:70

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\SRC\Anti-virusPlus\TaskServer\MXTask\MXTask.dll\Release\MXTaskDll.pdb

Imports

comctl32

ord17
_TrackMouseEvent

kernel32

MulDiv
CloseHandle
WriteFile
SetFilePointer
Sleep
CreateFileA
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameA
VirtualQuery
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetTempPathA
GetTempFileNameA
GetVersion
OpenFileMappingA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetSystemTimeAsFileTime
CompareStringA
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
InterlockedExchange
TerminateProcess
GetLastError
SetProcessWorkingSetSize
OpenProcess
GetCurrentProcessId
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenA
lstrcmpiA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
GetSystemTime
GetExitCodeProcess
CreateProcessA
SystemTimeToFileTime
GetFileSize
GetTickCount
IsBadWritePtr
IsBadReadPtr
GetProcessHeap
HeapAlloc
HeapFree
OutputDebugStringA
lstrcpynA
CreateMutexA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
TerminateThread
GetExitCodeThread
FindResourceA
LoadLibraryExA
LocalFree
LocalAlloc
GetCurrentProcess
GetCurrentThread
SetLastError
FlushInstructionCache
DeleteFileA
GetFileAttributesA
lstrcatA
GetCurrentThreadId
GetShortPathNameA
lstrcpyA
CreateEventA
WaitForSingleObject
OpenEventA
SetEvent
CreateThread
CreateDirectoryA
FileTimeToSystemTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
SetThreadPriority
SetFileAttributesA
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
AddAtomA
InitAtomTable
GetAtomNameA
GetProcessId
GlobalHandle
GlobalAlloc
GetModuleFileNameW
FindClose
FindNextFileA
FindFirstFileA
GetSystemInfo
GetVolumeInformationA
GetWindowsDirectoryA
GetPrivateProfileStringA
ExitProcess
GetPrivateProfileIntA
FreeResource
LockResource
CompareFileTime
FileTimeToLocalFileTime
ReadFile
DebugBreak

user32

DefWindowProcA
DestroyIcon
SystemParametersInfoA
IsIconic
SetForegroundWindow
SetActiveWindow
BringWindowToTop
GetClassNameA
KillTimer
SetTimer
UnregisterClassA
ReleaseDC
GetDC
IsRectEmpty
GetIconInfo
DrawIconEx
LoadBitmapA
CopyRect
CharLowerA
InvalidateRect
PtInRect
OffsetRect
IntersectRect
GetClientRect
DrawTextA
IsWindowEnabled
SetWindowTextA
GetMenu
SetWindowPos
EnableWindow
AdjustWindowRectEx
EqualRect
GetParent
GetPropA
SetRectEmpty
GetWindowTextLengthA
GetWindowRect
ScreenToClient
UpdateWindow
SetCapture
LoadImageA
GetDlgCtrlID
SetCursor
FrameRect
BeginPaint
EndPaint
ReleaseCapture
GetCapture
GetFocus
GetSysColor
ClientToScreen
RedrawWindow
DrawEdge
InflateRect
GetSystemMetrics
GetWindowTextA
DrawFrameControl
GetWindowDC
IsWindowVisible
IsDialogMessageA
GetKeyState
EnumChildWindows
FillRect
GetMessageTime
ScrollWindowEx
RegisterClassA
GetClassInfoA
GetWindow
SetScrollPos
WindowFromPoint
DestroyMenu
ShowScrollBar
SetScrollInfo
GetScrollPos
GetScrollInfo
GetActiveWindow
GetDialogBaseUnits
GetWindowPlacement
RemovePropA
SetPropA
MsgWaitForMultipleObjects
ShowWindow
MoveWindow
RegisterWindowMessageA
EnumWindows
GetDesktopWindow
PostQuitMessage
MessageBoxA
PeekMessageA
WaitForInputIdle
wsprintfA
CallWindowProcA
MapWindowPoints
GetWindowLongA
TranslateMessage
DispatchMessageA
GetDoubleClickTime
GetCursorPos
CreatePopupMenu
AppendMenuA
SetMenuDefaultItem
TrackPopupMenuEx
SetFocus
GetNextDlgTabItem
CharNextA
LoadStringA
SetWindowLongA
GetClassInfoExA
LoadCursorA
DestroyWindow
SendMessageA
FindWindowA
RegisterClassExA
CreateWindowExA
CharUpperA
PostMessageA
PostThreadMessageA
IsWindow
GetMessageA

gdi32

GetDeviceCaps
CreateRoundRectRgn
CreateCompatibleDC
SelectObject
GetPixel
ExtTextOutA
SetBkColor
GetObjectA
DeleteDC
BitBlt
CreateBitmap
Rectangle
StretchBlt
CreatePen
GetStockObject
CreateDIBSection
SetBkMode
SetTextColor
CreateCompatibleBitmap
SetViewportOrgEx
ExcludeClipRect
RealizePalette
SelectPalette
OffsetClipRgn
GetWindowOrgEx
SelectClipRgn
CreateRectRgnIndirect
CombineRgn
GetRgnBox
SetWindowOrgEx
RestoreDC
EnumFontFamiliesExA
GetObjectType
GetDCOrgEx
GetClipBox
Polygon
Polyline
GdiFlush
StretchDIBits
CreatePalette
SaveDC
CreatePatternBrush
FrameRgn
CreateSolidBrush
GetTextExtentPoint32A
GetCharWidth32A
GetCharABCWidthsA
GetTextMetricsA
SetDIBitsToDevice
SetStretchBltMode
CreateRectRgn
CreateDIBitmap
CreateFontIndirectA
DeleteObject

advapi32

RegDeleteKeyA
RegConnectRegistryA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
FreeSid
EqualSid
GetTokenInformation
AllocateAndInitializeSid
RevertToSelf
AccessCheck
IsValidSecurityDescriptor
RegQueryValueA
IsTextUnicode
ImpersonateSelf
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
OpenThreadToken
ImpersonateLoggedOnUser
OpenProcessToken
CreateProcessAsUserA
SetTokenInformation
DuplicateTokenEx
AdjustTokenPrivileges
LookupPrivilegeValueA
ControlService
CloseServiceHandle
DeleteService
QueryServiceConfigA
OpenServiceA
OpenSCManagerA
SetServiceStatus
ChangeServiceConfig2A
CreateServiceA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegQueryValueExA
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetNamedSecurityInfoA
RegCreateKeyA
RegEnumValueA

shell32

ShellExecuteExA
SHGetPathFromIDListA
Shell_NotifyIconA
SHGetFolderPathA
SHChangeNotify
SHGetSpecialFolderLocation
ShellExecuteA

ole32

StringFromGUID2
CoInitialize
CoUninitialize
OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoCreateGuid
StgOpenStorage
StgCreateDocfile
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VarUI4FromStr
SysFreeString

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?length@?$char_traits@D@std@@SAIPBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?capacity@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Xran@_String_base@std@@SAXXZ

msvcr90

_mbsupr_s
_mbstok
_mbsnbicmp
strtoul
atol
strcpy
_mbscmp
_time64
_memicmp
qsort
sprintf
rand
srand
abs
strcat
toupper
strncpy
strchr
atoi
_mbsnbcmp
memmove_s
realloc
_mbschr
_ismbcdigit
fclose
fwrite
fopen_s
isxdigit
tolower
memchr
fread
_filelength
_fileno
isalpha
bsearch
_snprintf
abort
_setjmp3
_mbsicmp
fprintf
__iob_func
_CIpow
strtod
_purecall
_makepath_s
memmove
isspace
_mbctoupper
_mbsnbcpy
strtol
isdigit
_mbsinc
fgetpos
fseek
strncpy_s
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_gmtime32
_time32
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
??3@YAXPAX@Z
strcmp
memcmp
_splitpath_s
strcpy_s
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
_vsnprintf
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
sprintf_s
memcpy
free
_mbsrchr
_recalloc
_resetstkoflw
??_V@YAXPAX@Z
_CxxThrowException
memcpy_s
malloc
_mbsstr
_mbsnbcpy_s
__CxxFrameHandler3
memset
_getpid
_itoa_s
strcat_s
strlen
longjmp
calloc
_vswprintf
_stricmp
wcsrchr
_mbspbrk
floor
wcsncpy
_mbsupr
fsetpos
ftell
strncmp
sscanf_s
getenv
vsprintf_s
_ismbcspace

aqg

aqgInitGlobalSkin

mxdlgsup

MXMessageBox

wininet

InternetErrorDlg
InternetReadFile
InternetCloseHandle
HttpSendRequestA
InternetOpenA
InternetConnectA
InternetSetOptionA
HttpOpenRequestA
InternetQueryDataAvailable
HttpQueryInfoA
InternetGetConnectedStateEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

setupapi

SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

ws2_32

inet_addr
gethostbyname
recvfrom
sendto
closesocket
setsockopt
WSACleanup
WSASocketA
WSAStartup
WSAGetLastError

shlwapi

PathFileExistsA
PathCanonicalizeA
PathIsRelativeA
PathFindOnPathA

msimg32

GradientFill
AlphaBlend

Exports

Exports

DllRegisterServer
DllUnregisterServer
ExportForMXTask2

Sections

.text
Size: 643KB - Virtual size: 642KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7c8c682efc54a96d1cea28151b171d3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

48:78:fb:ea:f4:6b:a9:42:8c:62:3c:be:60:3c:f5:e3Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

5d:4c:93:f3:91:08:9a:9d:e3:a0:56:49:99:ca:32:12:40:82:b8:70Signer

Headers

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp90

msvcr90

aqg

mxdlgsup

wininet

version

setupapi

ws2_32

shlwapi

msimg32

Exports

Exports

Sections

.text Size: 643KB - Virtual size: 642KB

.rdata Size: 125KB - Virtual size: 124KB

.data Size: 23KB - Virtual size: 50KB

.rsrc Size: 58KB - Virtual size: 58KB

.reloc Size: 36KB - Virtual size: 36KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

48:78:fb:ea:f4:6b:a9:42:8c:62:3c:be:60:3c:f5:e3
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

5d:4c:93:f3:91:08:9a:9d:e3:a0:56:49:99:ca:32:12:40:82:b8:70
Signer

.text
Size: 643KB - Virtual size: 642KB

.rdata
Size: 125KB - Virtual size: 124KB

.data
Size: 23KB - Virtual size: 50KB

.rsrc
Size: 58KB - Virtual size: 58KB

.reloc
Size: 36KB - Virtual size: 36KB