8c4f132c6fa0e3b727bce4c4ef4985a5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8c4f132c6fa0e3b727bce4c4ef4985a5_JaffaCakes118
Size

1.4MB
MD5

8c4f132c6fa0e3b727bce4c4ef4985a5
SHA1

99b2af78426461d61cc70986ab0442cdc1977a6f
SHA256

29a048127525da6c00d8b3f29492841d63b0671979f3a955c89c869a398ac484
SHA512

ac158507ad50d4b53bc0b954675dfd126ff4cce3f9815c764c0834f2d5117aa47bce3a0169a9088a7e7b07d9f4d02f820bbf7c022e494216e8d3541c6e2fcf49
SSDEEP

24576:PXww06vwo9KGzDWYWh7ZaAZOjJVaU1px4eTT6oSIS8IycR87WgMFCBRE4poLI:W+x9K0yYWVU7baEnbTTDSIS8Iycu7GFe

Score

1^/10

Malware Config

Signatures

Files

8c4f132c6fa0e3b727bce4c4ef4985a5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cd2b88ee3f9d3dd3db4122ac0670926a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:f6:ad:2d:c0:29:7d:6c:47:fa:40:13:7a:7f:50:bb
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/09/2019, 00:00

Not After

22/09/2020, 12:00

Subject

CN=Advanced System Repair\, Inc.,O=Advanced System Repair\, Inc.,L=Newport Coast,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:cb:fc:db:79:c2:6b:cc:97:5b:02:14:de:3f:86:68:54:20:45:46
Signer

Actual PE Digest

2d:cb:fc:db:79:c2:6b:cc:97:5b:02:14:de:3f:86:68:54:20:45:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\_projects\TotalSystemCare7BNew\PCSetup\res\offline\asrrealtimesrv.pdb

Imports

shlwapi

PathFileExistsW
SHDeleteKeyW
PathRemoveFileSpecW
PathStripPathW
SHDeleteValueW
SHSetValueW

wininet

InternetCloseHandle
HttpQueryInfoA
HttpSendRequestW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersA
InternetOpenW
InternetReadFile

netapi32

NetUserEnum
NetApiBufferFree

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

userenv

GetDefaultUserProfileDirectoryW
CreateEnvironmentBlock

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW
UuidFromStringW

fltlib

FilterGetMessage
FilterReplyMessage
FilterConnectCommunicationPort

kernel32

TerminateProcess
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetProcAddress
FindClose
Process32FirstW
LocalAlloc
RemoveDirectoryW
Module32FirstW
Process32NextW
FindNextFileW
CreateToolhelp32Snapshot
GetFileAttributesExW
GetWindowsDirectoryW
DeleteFileW
GetCurrentProcessId
LocalFree
SetFileAttributesW
ExpandEnvironmentStringsW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetCurrentThreadId
FreeResource
GetModuleFileNameW
SetFilePointer
GetSystemTimeAsFileTime
SetFileShortNameW
SetLastError
BackupRead
BackupWrite
SetEvent
WaitForSingleObjectEx
GetCurrentThread
CreateEventW
GetThreadPriority
InterlockedExchange
OpenEventW
FreeLibrary
GetLongPathNameW
IsWow64Process
InterlockedIncrement
SetConsoleCtrlHandler
GetFileSizeEx
GetFileType
CreateFileA
GetTickCount
CreateEventA
ReleaseMutex
ResetEvent
FlushViewOfFile
OutputDebugStringW
OutputDebugStringA
UnmapViewOfFile
UnlockFileEx
UnlockFile
SetEndOfFile
QueryPerformanceCounter
MapViewOfFile
LockFileEx
LockFile
HeapCompact
HeapValidate
HeapSize
HeapReAlloc
HeapDestroy
HeapCreate
GetVersionExA
GetTempPathA
GetSystemTime
GetSystemInfo
GetFullPathNameW
GetFileAttributesW
GetFileAttributesA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
FormatMessageW
FormatMessageA
DeleteFileA
CreateMutexW
CreateFileMappingW
CreateFileMappingA
AreFileApisANSI
TryEnterCriticalSection
IsBadReadPtr
GetVolumeInformationW
GetFileInformationByHandle
GetLogicalDriveStringsW
DeviceIoControl
RaiseException
QueryDosDeviceW
GetQueuedCompletionStatus
CreateIoCompletionPort
GetACP
GetStringTypeW
LCMapStringA
LCMapStringW
GetCPInfo
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateThread
ExitThread
GetModuleHandleW
GetVersionExW
LoadLibraryW
CreateDirectoryW
HeapFree
GetCurrentProcess
InterlockedDecrement
MoveFileExW
SystemTimeToFileTime
HeapAlloc
FindFirstFileW
GetFileSize
GetCommandLineW
CloseHandle
DeleteCriticalSection
WaitForMultipleObjects
LockResource
EnterCriticalSection
GetLastError
LeaveCriticalSection
SizeofResource
Sleep
WideCharToMultiByte
InitializeCriticalSection
InterlockedCompareExchange
WaitForSingleObject
LoadResource
FindResourceW
FindResourceExW
GetSystemDirectoryW
OpenProcess
WriteFile
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
ExitProcess
VirtualFree
VirtualAlloc
GetStdHandle
GetModuleFileNameA
GetStringTypeA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
GetModuleHandleA
GetFullPathNameA
GetProcessHeap
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateMutexA

user32

SetProcessWindowStation
CloseWindowStation
GetProcessWindowStation
OpenDesktopW
CloseDesktop
SetUserObjectSecurity
OpenWindowStationW
CharLowerW
GetUserObjectSecurity

advapi32

RegFlushKey
EqualSid
GetSecurityInfo
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
DeleteService
CreateServiceW
RegUnLoadKeyW
CreateWellKnownSid
EnumServicesStatusExW
RegLoadKeyW
QueryServiceConfigW
ConvertSidToStringSidW
RegEnumKeyExW
LookupAccountNameW
ConvertStringSidToSidW
GetSecurityDescriptorDacl
GetLengthSid
AddAce
AddAccessAllowedAce
InitializeAcl
GetAce
CreateProcessAsUserW
CopySid
GetAclInformation
RegSaveKeyExW
RegRestoreKeyW
LookupAccountSidW
RegSetValueExW
RegCloseKey
AdjustTokenPrivileges
ControlService
RegOpenKeyExW
FreeSid
RegEnumValueW
SetEntriesInAclW
SetSecurityInfo
RegOpenCurrentUser
AllocateAndInitializeSid
RegDeleteValueW
SetFileSecurityW
QueryServiceStatus
LookupPrivilegeValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyW
GetTokenInformation
OpenServiceW
OpenSCManagerW
OpenProcessToken
CloseServiceHandle
RevertToSelf
ImpersonateLoggedOnUser

shell32

SHChangeNotify
ord51
SHGetSpecialFolderPathW
SHGetFolderPathW
CommandLineToArgvW

ole32

CoMarshalInterface
CoInitializeEx
CoRegisterClassObject
CreateStreamOnHGlobal
CoUninitialize
CoInitializeSecurity
CoTaskMemFree
StringFromCLSID
CoSetProxyBlanket
CoInitialize
CoCreateInstance

oleaut32

LoadTypeLi
LoadRegTypeLi
SetErrorInfo
SafeArrayUnaccessData
VariantChangeType
VariantInit
RegisterTypeLi
SafeArrayAccessData
VariantClear
SysStringLen
SysAllocString
SysFreeString
SafeArrayCreate

Sections

.text
Size: 726KB - Virtual size: 726KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 495KB - Virtual size: 495KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd2b88ee3f9d3dd3db4122ac0670926a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

06:f6:ad:2d:c0:29:7d:6c:47:fa:40:13:7a:7f:50:bbCertificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

2d:cb:fc:db:79:c2:6b:cc:97:5b:02:14:de:3f:86:68:54:20:45:46Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

wininet

netapi32

version

userenv

rpcrt4

fltlib

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 726KB - Virtual size: 726KB

.rdata Size: 143KB - Virtual size: 142KB

.data Size: 13KB - Virtual size: 86KB

.rsrc Size: 495KB - Virtual size: 495KB

.reloc Size: 45KB - Virtual size: 45KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

06:f6:ad:2d:c0:29:7d:6c:47:fa:40:13:7a:7f:50:bb
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

2d:cb:fc:db:79:c2:6b:cc:97:5b:02:14:de:3f:86:68:54:20:45:46
Signer

.text
Size: 726KB - Virtual size: 726KB

.rdata
Size: 143KB - Virtual size: 142KB

.data
Size: 13KB - Virtual size: 86KB

.rsrc
Size: 495KB - Virtual size: 495KB

.reloc
Size: 45KB - Virtual size: 45KB