9f480b25aeabfecbaa258e56115c2522_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9f480b25aeabfecbaa258e56115c2522_JaffaCakes118
Size

2.4MB
MD5

9f480b25aeabfecbaa258e56115c2522
SHA1

3d3a289224aea4313b520f0fac4f4e9f7a91b013
SHA256

bf82837699e74edadf7efe4f5c2df890665df6d8c7c96686758b060d8a955b49
SHA512

9ef0785e31c2a2e8b2c477440c338cfeccb57821fd8c0b6c069e629c539ae5bd942512543850380e565de6ac47d53d124cf07d757a2b50893a532dd195d95d43
SSDEEP

49152:WOhcC0yAukQtsLGT3hGD1mbQ/8STG4g0ktRaIlMrtxxKOISn8:WyVAujit8EGYaMXKORn8

Score

1^/10

Malware Config

Signatures

Files

9f480b25aeabfecbaa258e56115c2522_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a7d95694953c980271735472ccbb8c9b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:e2:70:58:92:aa:0e:8e:6b:94:5d:5e:a2:5e:da:74
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2011, 00:00

Not After

05/05/2014, 23:59

Subject

CN=Check Point Software Technologies Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Check Point Software Technologies Ltd.,L=Ramat-Gan,ST=Ramat-Gan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

26:19:b0:e5:5b:58:78:c5:5c:44:ef:82:8f:77:ad:09:c2:a3:4a:10
Signer

Actual PE Digest

26:19:b0:e5:5b:58:78:c5:5c:44:ef:82:8f:77:ad:09:c2:a3:4a:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\builds\ZA2013_hfa4_client\ZA2013_hfa4_client_build\Release\Header.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW
SHCreateDirectoryExW

shlwapi

PathFindFileNameW
PathFindFileNameA
PathFileExistsA
PathFindOnPathW
PathFileExistsW

kernel32

FindFirstFileW
ExitProcess
CloseHandle
ReleaseMutex
CopyFileW
SetCurrentDirectoryW
GetLastError
CreateMutexW
CreateDirectoryW
ExpandEnvironmentStringsW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
LocalFree
FormatMessageW
GetCurrentProcessId
GetCurrentThreadId
SetLastError
FindNextFileW
GetTickCount
WaitForSingleObject
GetCurrentDirectoryW
Sleep
GetProcAddress
FreeLibrary
RaiseException
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
FlushInstructionCache
GetCurrentProcess
GetModuleHandleW
WideCharToMultiByte
ReadFile
GetFileSize
FindClose
DeleteFileA
SetFileAttributesA
CreateDirectoryA
WriteFile
TerminateProcess
MoveFileExW
RemoveDirectoryW
GetExitCodeProcess
CreateProcessW
HeapFree
GetProcessHeap
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
MultiByteToWideChar
InterlockedExchange
TlsSetValue
InterlockedCompareExchange
InterlockedIncrement
TlsFree
GetStdHandle
GetModuleFileNameA
HeapCreate
InterlockedDecrement
DeleteFileW
GetCommandLineW
GetModuleFileNameW
HeapSize
GetUserDefaultLCID
GetStringTypeExW
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetSystemTimeAsFileTime
GetCPInfo
GetStartupInfoW
GetStringTypeW
TlsGetValue
WriteConsoleW
SetEndOfFile
CompareStringA
CompareStringW
TlsAlloc
GetConsoleOutputCP
WriteConsoleA
CreateFileA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
CreateFileW
GetModuleHandleA
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
GetACP
GetOEMCP
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetEnvironmentVariableA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStringTypeA
IsValidCodePage

user32

LoadStringW
DestroyWindow
SetWindowLongW
CreateDialogParamW
ShowWindow
MessageBoxW
CreateDesktopW
CloseDesktop
SetWindowTextW
SetTimer
GetDlgItem
UpdateWindow
UnregisterClassA

advapi32

RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
CryptReleaseContext
RegOpenKeyExW
RegCloseKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash

oleaut32

SysAllocString

Sections

.text
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7d95694953c980271735472ccbb8c9b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

1f:e2:70:58:92:aa:0e:8e:6b:94:5d:5e:a2:5e:da:74Certificate

Extended Key Usages

Key Usages

26:19:b0:e5:5b:58:78:c5:5c:44:ef:82:8f:77:ad:09:c2:a3:4a:10Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

shell32

shlwapi

kernel32

user32

advapi32

oleaut32

Sections

.text Size: 403KB - Virtual size: 402KB

.rdata Size: 74KB - Virtual size: 73KB

.data Size: 10KB - Virtual size: 18KB

.rsrc Size: 113KB - Virtual size: 113KB

.reloc Size: 45KB - Virtual size: 45KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

1f:e2:70:58:92:aa:0e:8e:6b:94:5d:5e:a2:5e:da:74
Certificate

26:19:b0:e5:5b:58:78:c5:5c:44:ef:82:8f:77:ad:09:c2:a3:4a:10
Signer

.text
Size: 403KB - Virtual size: 402KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 10KB - Virtual size: 18KB

.rsrc
Size: 113KB - Virtual size: 113KB

.reloc
Size: 45KB - Virtual size: 45KB