ae77053ef37b137674df64781ce67187_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ae77053ef37b137674df64781ce67187_JaffaCakes118
Size

512KB
MD5

ae77053ef37b137674df64781ce67187
SHA1

e2802dde18d0ad9ab821a29abaaee1c7079f032a
SHA256

15ed17b43feeaaff87835a8e3a2e8793aa5e3cabc2ff6d7b6505570aeef9309e
SHA512

183791f326a5d5467ff7c78f702950d1061d58e55142d832ceac26ad9aee8a4ae3261c49f6bbcda20505ceb1986042c42b4ec21b88711c70ac27135621557e9d
SSDEEP

12288:PAL1UdqD8e2bO45h/vySr8CJ+AkIiEH4zkQ:C1Ud9e2bO45hvJr8CoAk3EYkQ

Score

1^/10

Malware Config

Signatures

Files

ae77053ef37b137674df64781ce67187_JaffaCakes118
.exe windows:5 windows x64 arch:x64

51819aecfbc8627c0a2b44e02d187952

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18/12/2008, 00:00

Not After

18/12/2011, 23:59

Subject

CN=Hewlett-Packard Company,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Hewlett-Packard Company,O=Hewlett-Packard Company,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cc:73:75:e0:74:97:45:d4:4e:f5:ca:2e:78:06:5c:fc:98:b5:19:ce
Signer

Actual PE Digest

cc:73:75:e0:74:97:45:d4:4e:f5:ca:2e:78:06:5c:fc:98:b5:19:ce

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\Hudson_Root\workspace\Evo_5.3\5.2\evo-driver\src\DriverBuilds\CommonFiles\x64\Release\Install-exe.pdb

Imports

shlwapi

PathAddBackslashW

setupapi

SetupAddToSourceListW

dbghelp

SymSetSearchPath
SymFromAddr
SymInitialize
SymCleanup
SymGetSearchPath
SymGetOptions
SymSetOptions
SymGetLineFromAddr64

kernel32

GetModuleHandleW
LockResource
LoadResource
FindResourceExW
GetLastError
CloseHandle
CreateProcessA
Sleep
ExitThread
GetCurrentProcessId
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileW
GetCommandLineW
FindClose
FindNextFileW
GetPrivateProfileStringW
FindFirstFileW
LoadLibraryExW
GetModuleFileNameW
CreateThread
GetTickCount
GetUserDefaultLangID
GetFileAttributesW
DeleteFileW
GetTempFileNameW
GetTempPathW
CopyFileW
WaitForSingleObject
GetSystemDirectoryW
lstrcpyW
lstrcatW
lstrlenW
CreateFileA
GetModuleHandleExA
VirtualQuery
HeapAlloc
HeapFree
VirtualFree
GetProcessHeap
WriteFile
InitializeCriticalSection
GetVersionExW
LeaveCriticalSection
CreateDirectoryA
SetLastError
HeapSize
EnterCriticalSection
GetSystemInfo
GetLocaleInfoW
DeleteCriticalSection
OutputDebugStringA
DebugBreak
GetTempPathA
OpenProcess
VirtualAlloc
VirtualProtect
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeFormatA
GetDateFormatA
GetStringTypeW
GetStringTypeA
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetConsoleCtrlHandler
HeapReAlloc
FatalAppExitA
GetTimeZoneInformation
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
QueryPerformanceCounter
HeapDestroy
HeapCreate
HeapSetInformation
GetFileType
RtlCaptureContext
LoadLibraryW
GetProcAddress
FreeLibrary
GlobalAlloc
GlobalFree
WideCharToMultiByte
IsValidLocale
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
ExitProcess
FlsAlloc
GetCurrentThread
GetCurrentThreadId
FlsFree
FlsSetValue
FlsGetValue
TlsAlloc
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CompareStringA
CompareStringW
RaiseException
RtlPcToFileHeader
GetCommandLineA
GetModuleFileNameA
SetEnvironmentVariableA
RtlVirtualUnwind
IsDebuggerPresent
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
RtlLookupFunctionEntry
RtlUnwindEx
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA

user32

GetDesktopWindow
SetDlgItemTextW
SetWindowLongW
PostMessageW
SetWindowPos
GetWindowLongW
GetWindowTextW
SetWindowTextW
wsprintfW
SetActiveWindow
SetForegroundWindow
EnableWindow
ShowWindow
GetDlgItem
UnhookWinEvent
SetWinEventHook
DialogBoxParamW
LoadImageW
LoadCursorW
SetCursor
SetTimer
KillTimer
SetWindowTextA
SendMessageW
LoadStringW
EndDialog
EnumChildWindows

gdi32

GetStockObject
SelectObject
GetObjectW
CreateFontIndirectW
DeleteObject
SetTextColor

winspool.drv

SetPrinterDataW
OpenPrinterW
SetPrinterW
GetPrinterDataW
GetPrinterDataExW
ClosePrinter
DeletePrinter
GetPrinterDriverW
GetPrinterDriverDirectoryW
EnumJobsW
DeletePrinterDataW
GetPrinterW
EnumPrintersW

advapi32

RegSetValueExA
RegCreateKeyExW
RegOpenKeyExW
RegCreateKeyW
RegCloseKey
RegOpenKeyW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExA

shell32

ShellExecuteExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 297KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

51819aecfbc8627c0a2b44e02d187952

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cfCertificate

Extended Key Usages

Key Usages

cc:73:75:e0:74:97:45:d4:4e:f5:ca:2e:78:06:5c:fc:98:b5:19:ceSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

setupapi

dbghelp

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

version

Sections

.text Size: 297KB - Virtual size: 296KB

.rdata Size: 80KB - Virtual size: 80KB

.data Size: 7KB - Virtual size: 53KB

.pdata Size: 22KB - Virtual size: 22KB

.rsrc Size: 6KB - Virtual size: 5KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cf
Certificate

cc:73:75:e0:74:97:45:d4:4e:f5:ca:2e:78:06:5c:fc:98:b5:19:ce
Signer

.text
Size: 297KB - Virtual size: 296KB

.rdata
Size: 80KB - Virtual size: 80KB

.data
Size: 7KB - Virtual size: 53KB

.pdata
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 6KB - Virtual size: 5KB