97310eec99d425a579afc5edaa46a617_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

97310eec99d425a579afc5edaa46a617_JaffaCakes118
Size

1012KB
MD5

97310eec99d425a579afc5edaa46a617
SHA1

34b6ba964e1e31937810eea061311228c10066a5
SHA256

20657020b5cfc4bef29ae7e0977edf26b11a848137c07da6f565f6693f4d5842
SHA512

ad9db052a6b797d071b64fe5ad6afea3934809d6b6b65b434ec66a23e95a38699b7241b960de1c19ee2d623dd3d5adcee118df0052f3e86bb471bc640fecb338
SSDEEP

12288:uDEJ9P3/yYBHURB/0OHP7+6Kr+E77dXwqN59qQCmGwx753RsqBOor:qEr/yiUta6Krn7RXRN+mpx7zsqkA

Score

1^/10

Malware Config

Signatures

Files

97310eec99d425a579afc5edaa46a617_JaffaCakes118
.exe windows:5 windows x64 arch:x64

1dbe52c31c293d8538a5f7851f7dfad2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/11/2011, 00:00

Not After

13/11/2014, 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b4:19:ae:34:e4:e9:bb:de:a9:48:d0:dd:f1:04:f5:41:d7:02:55:25
Signer

Actual PE Digest

b4:19:ae:34:e4:e9:bb:de:a9:48:d0:dd:f1:04:f5:41:d7:02:55:25

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\b\build\slave\win\build\src\build\Release\nacl64.exe.pdb

Imports

kernel32

LoadLibraryA
GetStdHandle
ResumeThread
GetModuleHandleW
QueryInformationJobObject
GetLongPathNameW
IsProcessInJob
GetCurrentProcessId
DuplicateHandle
OpenProcess
GetModuleFileNameW
GetTempPathW
GetLastError
GetEnvironmentVariableW
GetCommandLineW
CreateProcessW
CloseHandle
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep
CreateRemoteThread
GetFileInformationByHandle
GetExitCodeProcess
WaitForSingleObject
SizeofResource
LockResource
LoadResource
FindResourceW
DebugActiveProcess
GetProcessId
GetUserDefaultLCID
GetUserDefaultLangID
LeaveCriticalSection
ReleaseSemaphore
GetCurrentThreadId
EnterCriticalSection
VirtualQueryEx
CreateFileW
DeleteCriticalSection
FreeLibrary
RtlCaptureContext
LoadLibraryW
CreateThread
CreateSemaphoreW
InitializeCriticalSection
GetThreadContext
SuspendThread
WaitNamedPipeW
WaitForMultipleObjects
SetEvent
ResetEvent
WriteFile
TransactNamedPipe
SetNamedPipeHandleState
MultiByteToWideChar
WideCharToMultiByte
ExpandEnvironmentStringsW
CreateEventW
GetTickCount
ReleaseMutex
SetLastError
CreateMutexW
SetFilePointer
OutputDebugStringA
SetEnvironmentVariableW
LocalFree
lstrlenW
IsDebuggerPresent
UnmapViewOfFile
GetFileAttributesW
SetCurrentDirectoryW
ReadFile
FindClose
FindNextFileW
FindFirstFileW
GetCurrentDirectoryW
GetModuleHandleA
CreateFileMappingW
QueryDosDeviceW
GetNativeSystemInfo
GetVersionExW
AllocConsole
AttachConsole
SetInformationJobObject
HeapSetInformation
GetModuleHandleExA
SetHandleInformation
AssignProcessToJobObject
GetSystemTimeAsFileTime
RaiseException
SetThreadPriority
QueryPerformanceCounter
QueryPerformanceFrequency
SystemTimeToFileTime
FileTimeToSystemTime
LocalAlloc
GetLocaleInfoW
GetUserDefaultUILanguage
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryW
GetWindowsDirectoryW
RtlCaptureStackBackTrace
TlsAlloc
TlsGetValue
TlsFree
TlsSetValue
UnregisterWaitEx
RegisterWaitForSingleObject
GetQueuedCompletionStatus
CreateIoCompletionPort
PostQueuedCompletionStatus
GetSystemPowerStatus
GetModuleHandleExW
SetEndOfFile
FlushFileBuffers
GetCurrentThread
ConnectNamedPipe
CancelIo
CreateNamedPipeW
GetNamedPipeInfo
TerminateJobObject
SignalObjectAndWait
GetProcessHandleCount
VirtualFree
WriteProcessMemory
GetFileType
VirtualProtectEx
VirtualFreeEx
VirtualAllocEx
CreateJobObjectW
OpenEventW
SearchPathW
DebugBreak
ReadProcessMemory
SetThreadContext
ContinueDebugEvent
WaitForDebugEvent
VirtualProtect
VirtualAlloc
FlushInstructionCache
ExitProcess
SwitchToThread
MapViewOfFileEx
GetSystemTime
FileTimeToLocalFileTime
PeekNamedPipe
DisconnectNamedPipe
GetNamedPipeHandleStateW
EncodePointer
DecodePointer
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
GetStartupInfoW
SetStdHandle
HeapAlloc
GetConsoleCP
GetConsoleMode
GetFullPathNameW
HeapReAlloc
GetProcessHeap
ExitThread
CreateFileA
GetDriveTypeA
FindFirstFileExA
RtlPcToFileHeader
LCMapStringW
GetCPInfo
GetVersion
HeapCreate
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
WriteConsoleW
GetStringTypeW
GetFullPathNameA
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetDriveTypeW
CompareStringW
SetEnvironmentVariableA
GetProcAddress
GetSystemInfo
MapViewOfFile
VirtualQuery

user32

CharUpperW
wsprintfW
WaitForInputIdle
PeekMessageW
KillTimer
DispatchMessageW
TranslateMessage
CallMsgFilterW
PostQuitMessage
GetQueueStatus
DefWindowProcW
SetTimer
RegisterClassExW
WaitMessage
UnregisterClassW
PostMessageW
CloseWindowStation
CloseDesktop
CreateWindowStationW
GetProcessWindowStation
CreateDesktopW
SetProcessWindowStation
GetThreadDesktop
GetUserObjectInformationW
MsgWaitForMultipleObjectsEx
MessageBoxW
CreateWindowExW
DestroyWindow

advapi32

RegSetValueExW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
ConvertSidToStringSidW
CreateProcessAsUserW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
CryptDestroyKey
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptSetHashParam
CryptCreateHash
SetEntriesInAclW
GetTokenInformation
OpenProcessToken
GetSecurityInfo
CreateWellKnownSid
CopySid
LookupPrivilegeValueW
EqualSid
DuplicateToken
DuplicateTokenEx
CreateRestrictedToken
SetThreadToken
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
RevertToSelf
RegDisablePredefinedCache
CryptAcquireContextW
CryptImportKey

userenv

DestroyEnvironmentBlock
GetProfileType
CreateEnvironmentBlock

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

accept
recv
closesocket
WSACloseEvent
shutdown
select
send
gethostbyname
WSACreateEvent
WSAEventSelect
ntohs
listen
bind
setsockopt
htons
htonl
socket
WSACleanup
WSAStartup
WSAGetLastError

winmm

timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeGetTime

ole32

CoInitializeEx
CoUninitialize
CoTaskMemFree

Exports

Exports

CrashForException
DumpProcess
DumpProcessWithoutCrash
InjectDumpForHangDebugging
InjectDumpProcessWithoutCrash
SetActiveURL
SetClientId
SetCommandLine2
SetExtensionID
SetGpuInfo
SetNumberOfExtensions
SetNumberOfViews
SetPrinterInfo
_ovly_debug_event
nacl_global_xlate_base
nacl_thread_ids
nacl_user

Sections

.text
Size: 677KB - Virtual size: 676KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 245KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

]p
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1dbe52c31c293d8538a5f7851f7dfad2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70Certificate

Extended Key Usages

Key Usages

b4:19:ae:34:e4:e9:bb:de:a9:48:d0:dd:f1:04:f5:41:d7:02:55:25Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

userenv

version

ws2_32

winmm

ole32

Exports

Exports

Sections

.text Size: 677KB - Virtual size: 676KB

.rdata Size: 245KB - Virtual size: 244KB

.data Size: 13KB - Virtual size: 160KB

.pdata Size: 39KB - Virtual size: 39KB

.tls Size: 512B - Virtual size: 29B

text Size: 1KB - Virtual size: 1KB

data Size: 8KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

]p Size: 13KB - Virtual size: 12KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

b4:19:ae:34:e4:e9:bb:de:a9:48:d0:dd:f1:04:f5:41:d7:02:55:25
Signer

.text
Size: 677KB - Virtual size: 676KB

.rdata
Size: 245KB - Virtual size: 244KB

.data
Size: 13KB - Virtual size: 160KB

.pdata
Size: 39KB - Virtual size: 39KB

.tls
Size: 512B - Virtual size: 29B

text
Size: 1KB - Virtual size: 1KB

data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

]p
Size: 13KB - Virtual size: 12KB