94942bf701a59c594844c8fcb0573d03_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

94942bf701a59c594844c8fcb0573d03_JaffaCakes118
Size

444KB
MD5

94942bf701a59c594844c8fcb0573d03
SHA1

1ac60299a0b788489c8eaf2557b9055b694fa0bc
SHA256

94a7ea01359350a6dbc2c9743d088a17868c97b08f68391e4ed69698962f05e6
SHA512

d050ac0b0ff7147e40cd3f777b899be4fee75820e6ca7b562007873029bd29cb431093e801eeb179b65ba6f3f5c74f1d223b5192bb3cdc98b33f1fb9d6cd09db
SSDEEP

12288:pTxkF17sYTRu5Xtdjt0sXlzoZ1hmUNLc1usWsjF+gXHKkw0:plkF17RTOFoZ1hmAlsWsjF+Hkw0

Score

1^/10

Malware Config

Signatures

Files

94942bf701a59c594844c8fcb0573d03_JaffaCakes118
.exe windows:6 windows x86 arch:x86

b303ca651d8b3d4ed0946b09824a89aa

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

69:ec:39:4b:a9:d3:3a:43:9d:09:ba:91:6a:c2:9f:8c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/07/2014, 00:00

Not After

15/09/2016, 23:59

Subject

CN=Logos Bible Software,O=Logos Bible Software,L=Bellingham,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:4f:7f:3e:8a:47:96:b8:97:28:e6:3b:a8:dd:05:54:37:63:51:6b
Signer

Actual PE Digest

05:4f:7f:3e:8a:47:96:b8:97:28:e6:3b:a8:dd:05:54:37:63:51:6b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

B:\Jenkins\workspace\Proclaim-stable-Win\Proclaim\src\ProclaimSetup\bin\ReleaseStatic\ProclaimSetup.pdb

Imports

msi

ord169
ord70
ord88
ord190
ord131
ord205
ord224
ord141

crypt32

CertFreeCertificateContext

kernel32

CreateMutexW
CreateEventW
Sleep
TerminateProcess
OpenProcess
GetVersionExW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
IsWow64Process
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
SizeofResource
lstrcmpW
lstrcmpiW
LoadLibraryW
FindResourceW
CopyFileW
VerifyVersionInfoW
MultiByteToWideChar
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetUserDefaultLangID
CreateToolhelp32Snapshot
DecodePointer
Process32NextW
GetTempPathW
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetFileType
GetOEMCP
GetACP
IsValidCodePage
GetStdHandle
GetModuleHandleExW
ReleaseMutex
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
WriteFile
ReadFile
GetFullPathNameW
GetFileSize
GetFileInformationByHandle
FindFirstFileW
CreateFileW
CreateDirectoryW
ExpandEnvironmentStringsW
GetCommandLineW
VerSetConditionMask
LocalFree
CreateProcessW
GetCurrentThread
GetProcessTimes
GetExitCodeProcess
WaitForSingleObject
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
CloseHandle
GetVolumePathNameW
GetVolumeInformationW
GetThreadLocale
lstrlenW
FormatMessageW
LocalAlloc
FlushInstructionCache
GetCurrentThreadId
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RaiseException
SetFileAttributesW
GetFileAttributesW
DeleteFileW
ExitProcess
SetEvent
GetCurrentProcessId
GetSystemTime
GetTickCount
GetStringTypeW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
Process32FirstW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
VirtualQuery
VirtualProtect
QueryPerformanceCounter
OutputDebugStringW
SetFilePointer
WideCharToMultiByte
GetSystemInfo
RtlUnwind
IsDebuggerPresent
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList

user32

GetWindowThreadProcessId
SendMessageW
EndDialog
EnumWindows
UnregisterClassW
MessageBoxIndirectW
DialogBoxParamW
GetActiveWindow
SetWindowLongW
PostMessageW
LoadStringW
SetWindowPos
IsWindowVisible
wsprintfW
GetClientRect
ExitWindowsEx
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
GetWindowLongW
MapWindowPoints
GetWindowRect
GetDlgItem
SetWindowTextW
SetForegroundWindow
SetDlgItemTextW
CharNextW

advapi32

GetSecurityDescriptorOwner
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
ChangeServiceConfigW
RegSetValueExW
RegQueryValueExW
RegQueryValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
InitializeSecurityDescriptor
FreeSid
DuplicateToken
AllocateAndInitializeSid
AddAccessAllowedAce
AccessCheck
SetNamedSecurityInfoW
GetNamedSecurityInfoW
ConvertSidToStringSidW
LookupPrivilegeValueW
LookupAccountNameW
LookupAccountSidW
RevertToSelf
MakeSelfRelativeSD
IsValidSid
InitializeAcl
ImpersonateSelf
GetTokenInformation
GetSecurityDescriptorSacl
GetSecurityDescriptorLength
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
GetLengthSid
GetAclInformation
GetAce
EqualSid
CopySid
AdjustTokenPrivileges
AddAce
OpenThreadToken
OpenProcessToken
SetThreadToken
RegEnumValueW

shell32

ShellExecuteExW
SHGetFolderPathW

ole32

CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateGuid
CoUninitialize
CoTaskMemFree
StringFromGUID2
IIDFromString
CoCreateInstance

oleaut32

VarUI4FromStr
GetErrorInfo
SysFreeString
SysStringLen

userenv

UnloadUserProfile

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b303ca651d8b3d4ed0946b09824a89aa

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

69:ec:39:4b:a9:d3:3a:43:9d:09:ba:91:6a:c2:9f:8cCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

05:4f:7f:3e:8a:47:96:b8:97:28:e6:3b:a8:dd:05:54:37:63:51:6bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

crypt32

kernel32

user32

advapi32

shell32

ole32

oleaut32

userenv

version

Sections

.text Size: 299KB - Virtual size: 299KB

.rdata Size: 107KB - Virtual size: 107KB

.data Size: 22KB - Virtual size: 34KB

.rsrc Size: 7KB - Virtual size: 7KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

69:ec:39:4b:a9:d3:3a:43:9d:09:ba:91:6a:c2:9f:8c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

05:4f:7f:3e:8a:47:96:b8:97:28:e6:3b:a8:dd:05:54:37:63:51:6b
Signer

.text
Size: 299KB - Virtual size: 299KB

.rdata
Size: 107KB - Virtual size: 107KB

.data
Size: 22KB - Virtual size: 34KB

.rsrc
Size: 7KB - Virtual size: 7KB