9c480aca9de4e43ca544f4e5fd1543ba_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9c480aca9de4e43ca544f4e5fd1543ba_JaffaCakes118
Size

688KB
MD5

9c480aca9de4e43ca544f4e5fd1543ba
SHA1

c27559ebd3de8bdd44cd084ebf7d40e3eeeab5d2
SHA256

adb90d6e1f19106afc81f4886aa941ca6e53cfc21fbed25c8ea883b68a21db34
SHA512

998437280e20c5b7bceb7eb2c438d8d41eecb66a7b16a480e1f1bea0eb1ae162a47cf93ea0e999fa2fd84d8b0fa4ce3cb53b464eb924bdb71e68a9c33c922783
SSDEEP

12288:oxrAPe4rN/Kp2ddvosZRFpCtJ1QsLBBYa7lJC/okztwomo4R6SXcjx+wxRPWwf2D:oxMzI2ddv3CtJ1QYlJC/P54RLXwYw/bE

Score

1^/10

Malware Config

Signatures

Files

9c480aca9de4e43ca544f4e5fd1543ba_JaffaCakes118
.exe windows:5 windows x86 arch:x86

435fac3c51b5fe0966516b31cfcc7e27

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:ce:01:ac:7e:13:7f:43:13:cc:57:23:af:81:7d:a0
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/06/2019, 00:00

Not After

10/06/2020, 23:59

Subject

CN=ET HOMES LTD,O=ET HOMES LTD,L=CHEADLE,ST=Cheshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bd:37:76:67:23:65:d3:ab:dd:15:ec:60:cf:4b:6b:5e:fe:0d:2e:d4
Signer

Actual PE Digest

bd:37:76:67:23:65:d3:ab:dd:15:ec:60:cf:4b:6b:5e:fe:0d:2e:d4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

GetUserNameExA
GetUserNameExW
InitializeSecurityContextW
FreeCredentialsHandle
AcquireCredentialsHandleW
QuerySecurityPackageInfoW
FreeContextBuffer
CompleteAuthToken

winscard

SCardReleaseContext
SCardGetStatusChangeW
SCardListReadersW
SCardEstablishContext

ws2_32

send
__WSAFDIsSet
WSAIoctl
closesocket
select
getaddrinfo
WSAStartup
socket
connect
htons
freeaddrinfo
setsockopt
inet_addr
recv
ioctlsocket
WSAGetLastError
WSACleanup

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

dbghelp

MiniDumpWriteDump

wtsapi32

WTSEnumerateSessionsW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoUninitialize

kernel32

GetFileSize
SetStdHandle
ReadFile
FlushFileBuffers
EraseTape
GetLocalTime
IsProcessorFeaturePresent
GetTimeZoneInformation
FileTimeToLocalFileTime
FormatMessageA
FormatMessageW
lstrcmpiW
lstrcpynA
lstrcpynW
lstrcatA
TlsGetValue
TlsFree
WriteFileEx
CreateMutexA
CreateEventA
CreateEventW
CreateFileMappingW
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetStartupInfoA
GetCommandLineW
GetEnvironmentVariableA
SetEnvironmentVariableA
ExpandEnvironmentStringsA
FindResourceA
GetProfileStringW
GetSystemDirectoryA
GetCurrentDirectoryA
GetFullPathNameA
CreateFileA
DeleteFileA
DeleteFileW
FindFirstFileA
SearchPathA
GetComputerNameA
QueryPerformanceFrequency
GetACP
WideCharToMultiByte
CompareStringW
LCMapStringA
LCMapStringW
GetDateFormatA
GetDateFormatW
IsValidLocale
GetUserDefaultUILanguage
GetStringTypeA
GetStringTypeW
FoldStringW
GetConsoleMode
SetEvent
GetConsoleOutputCP
MultiByteToWideChar
WriteFile
WaitForSingleObject
CreateFileW
GetCurrentThreadId
GetSystemDirectoryW
OpenProcess
lstrcatW
CloseHandle
LoadLibraryW
WaitNamedPipeW
GetExitCodeProcess
GetTickCount
GetVersionExW
GetModuleFileNameW
SizeofResource
LockResource
FindResourceW
LoadLibraryExW
SetHandleInformation
ExpandEnvironmentStringsW
InterlockedDecrement
CreatePipe
PeekNamedPipe
GetTimeFormatA
FreeResource
MoveFileExW
ExitProcess
CreateProcessW
LoadResource
LoadLibraryA
lstrcmpiA
GlobalAlloc
InterlockedIncrement
CreateDirectoryW
GetFileSizeEx
SetEndOfFile
MoveFileW
GetDriveTypeW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
lstrcmpW
SetFileTime
ProcessIdToSessionId
SleepEx
GetFileTime
GetLogicalDrives
FindFirstFileW
FindNextFileW
RemoveDirectoryW
FindClose
SetFileAttributesW
lstrlenA
lstrlenW
QueryPerformanceCounter
OpenEventW
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
FileTimeToSystemTime
GetCurrentThread
GetSystemInfo
GetComputerNameW
GetSystemTimeAsFileTime
TlsSetValue
SetThreadPriority
DuplicateHandle
TlsAlloc
CreateSemaphoreW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
IsDebuggerPresent
ResumeThread
GetOverlappedResult
SetLastError
GetLastError
TerminateThread
ExitThread
GetProcessId
CreateThread
ConvertFiberToThread
SetUnhandledExceptionFilter
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentStringsW
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
LocalFree
LocalLock
LocalReAlloc
LocalAlloc
GlobalMemoryStatus
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GetProcAddress
FreeLibrary
Sleep
lstrcmpA
ResetEvent
EncodePointer
DecodePointer
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
WaitForSingleObjectEx
GetStartupInfoW
InitializeSListHead
RaiseException
RtlUnwind
GetFileType
GetModuleHandleExW
FreeLibraryAndExitThread
GetStdHandle
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
ReadConsoleW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
WriteConsoleW
GetConsoleCP
HeapSize

user32

DefWindowProcW
OpenDesktopW
FindWindowW
IntersectRect
EnumWindows
IsWindowVisible
WinHelpW
IsDialogMessageA
LoadStringW
LoadIconW
FindWindowA
GetParent
GetDesktopWindow
SetProcessDefaultLayout
SetWindowLongW
GetWindowLongW
OffsetRect
GetSysColor
GetCursorPos
SetCursor
MessageBoxW
GetWindowTextW
SetWindowTextW
SetWindowTextA
SetScrollPos
InvalidateRgn
EndPaint
ReleaseDC
GetDC
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
DrawTextW
TrackPopupMenu
SetMenuItemBitmaps
DeleteMenu
AppendMenuA
VkKeyScanExW
GetSystemMenu
GetMenuState
SetMenu
GetWindowRect
GetSystemMetrics
EqualRect
EnableWindow
KillTimer
SetTimer
ReleaseCapture
SetCapture
CharNextW
CharNextA
CharUpperW
IsClipboardFormatAvailable
SetClipboardData
GetDlgCtrlID
SendDlgItemMessageA
IsDlgButtonChecked
GetDlgItemTextA
EndDialog
DialogBoxIndirectParamA
DialogBoxParamW
IsIconic
SetWindowPlacement
SetWindowPos
MoveWindow
ShowWindow
DestroyWindow
CreateWindowExA
RegisterClassA
CallWindowProcA
PostQuitMessage
DefWindowProcA
PostMessageW
SendMessageW
PeekMessageA
DispatchMessageA
GetMessageW
GetMessageA
RegisterWindowMessageA
GetKeyboardLayout
wsprintfW
SetClipboardViewer
GetClipboardOwner
GetIconInfo
MsgWaitForMultipleObjects
GetThreadDesktop
CloseDesktop
OpenClipboard
MapVirtualKeyW
GetAsyncKeyState
LoadKeyboardLayoutW
SendMessageTimeoutW
SystemParametersInfoW
keybd_event
SetThreadDesktop
GetKeyboardState
ExitWindowsEx
DispatchMessageW
GetCursorInfo
ChangeClipboardChain
CloseClipboard
EmptyClipboard
OpenInputDesktop
GetClipboardData
LoadMenuW
GetUserObjectInformationW
mouse_event
MessageBoxA
CreateWindowExW
RegisterClassExW
PeekMessageW
DestroyMenu
PostThreadMessageW

gdi32

SelectPalette
CreateRectRgnIndirect
GetSystemPaletteEntries
GetDeviceCaps
GetDIBits
RealizePalette
GdiFlush
CreateDIBSection
BitBlt
CreatePalette
GetRegionData
CombineRgn
GetBitmapBits
GetObjectW
DeleteObject
GetTextFaceW
SetWindowExtEx
TextOutW
GetObjectA
SetAbortProc
AbortDoc
EndPage
EndDoc
StartDocW
StartDocA
SetTextColor
StretchBlt
SetBkMode
SetBkColor
SelectObject
DeleteDC
CreateSolidBrush
CreateFontIndirectW
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap

winspool.drv

ClosePrinter
OpenPrinterW

comdlg32

CommDlgExtendedError
PrintDlgExW
ChooseFontA
FindTextW
ChooseColorA
GetFileTitleW
GetSaveFileNameW

advapi32

AccessCheck
OpenServiceW
ConvertSidToStringSidW
GetTokenInformation
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegisterServiceCtrlHandlerExW
SetTokenInformation
SetSecurityDescriptorOwner
AllocateAndInitializeSid
GetSidSubAuthority
IsValidSecurityDescriptor
SetServiceStatus
FreeSid
InitializeAcl
DuplicateToken
GetLengthSid
AddAccessAllowedAce
OpenThreadToken
SetSecurityDescriptorGroup
CreateProcessAsUserW
StartServiceCtrlDispatcherW
DuplicateTokenEx
RegDeleteKeyA
RegOpenKeyExW
RegCreateKeyExA
RegOpenKeyExA
StartServiceA
OpenSCManagerA
CreateServiceA
ControlService
RegSetValueExW
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegDeleteValueA
RegCreateKeyA
RegCloseKey
AdjustTokenPrivileges
OpenProcessToken
IsTextUnicode
EnumServicesStatusExW
StartServiceW
DeleteService
OpenSCManagerW
CloseServiceHandle
QueryServiceStatus
CreateServiceW
InitiateSystemShutdownExW
LookupPrivilegeValueW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteValueW
RegQueryValueExW
RevertToSelf
ImpersonateLoggedOnUser
QueryServiceConfigW

shell32

DragFinish
CommandLineToArgvW
Shell_NotifyIconA
ShellExecuteW
SHGetSpecialFolderPathW
DragQueryFileW

oleaut32

SysAllocString
SysFreeString
VariantClear

Sections

.text
Size: 510KB - Virtual size: 509KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

435fac3c51b5fe0966516b31cfcc7e27

Code Sign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

48:ce:01:ac:7e:13:7f:43:13:cc:57:23:af:81:7d:a0Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

bd:37:76:67:23:65:d3:ab:dd:15:ec:60:cf:4b:6b:5e:fe:0d:2e:d4Signer

Headers

DLL Characteristics

File Characteristics

Imports

secur32

winscard

ws2_32

userenv

dbghelp

wtsapi32

ole32

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

oleaut32

Sections

.text Size: 510KB - Virtual size: 509KB

.rdata Size: 136KB - Virtual size: 135KB

.data Size: 13KB - Virtual size: 36KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 20KB - Virtual size: 19KB

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

48:ce:01:ac:7e:13:7f:43:13:cc:57:23:af:81:7d:a0
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

bd:37:76:67:23:65:d3:ab:dd:15:ec:60:cf:4b:6b:5e:fe:0d:2e:d4
Signer

.text
Size: 510KB - Virtual size: 509KB

.rdata
Size: 136KB - Virtual size: 135KB

.data
Size: 13KB - Virtual size: 36KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 20KB - Virtual size: 19KB