b16bf0cce1f08bb310342e917ae5ecd2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b16bf0cce1f08bb310342e917ae5ecd2_JaffaCakes118
Size

377KB
MD5

b16bf0cce1f08bb310342e917ae5ecd2
SHA1

0ae001ab9368cbf36aebcd8a0eca89cd4a730b1e
SHA256

1574ba630a855ed5cd2ab73a606a38e413c71def345d8663e59a83024c7cce74
SHA512

c52840ee929a6e752e5764a566784525b74214e9cde789d5a252f5be5fddcd05bc2f711fdab1c4a2da76c4737ec66a5dc157f25a287e6e275562f25c11fec22e
SSDEEP

6144:KickeLv4XjJ4liLSKKGbujZnfDfIJ/8Sz4Ut0Jb:KickqihKGM1frgF4L

Score

1^/10

Malware Config

Signatures

Files

b16bf0cce1f08bb310342e917ae5ecd2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9947d8021d263b8af2d2cd1ad32a72f7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:4e:ce:03:10:80:c3:24:06:ec:f0:1d:69:8f:fe:1d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

14-09-2006 00:00

Not After

04-10-2008 23:59

Subject

CN=Electronic Arts,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Synthetic,O=Electronic Arts,L=Redwood City,ST=Ca,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

20:df:be:11:93:8f:56:b8:01:dc:59:2c:e5:f0:e4:8e:2b:7e:42:48
Signer

Actual PE Digest

20:df:be:11:93:8f:56:b8:01:dc:59:2c:e5:f0:e4:8e:2b:7e:42:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\core\eainstaller\nfs-demo\build\release\Setup.pdb

Imports

msi

ord159
ord160
ord70
ord118
ord125
ord17
ord8
ord92
ord32

shlwapi

PathRemoveFileSpecW
PathFindExtensionW
PathRemoveFileSpecA
PathFindFileNameW

kernel32

lstrlenA
InterlockedIncrement
WritePrivateProfileStringW
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
RaiseException
HeapReAlloc
ExitProcess
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
VirtualAlloc
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
GlobalFlags
SetErrorMode
GetCurrentProcessId
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
InterlockedExchange
InterlockedDecrement
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
FreeLibrary
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
FreeResource
GlobalFree
GlobalAlloc
FormatMessageW
WideCharToMultiByte
GlobalLock
GlobalUnlock
MulDiv
GetModuleHandleA
GetProcAddress
CreateFileW
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LoadLibraryW
lstrlenW
GetThreadLocale
Sleep
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
FindClose
GetCurrentDirectoryA
FindFirstFileW
GetModuleFileNameA
GetLastError
FindResourceExW
CloseHandle
GetVersionExW
WaitForSingleObject
LocalFree
CreateProcessW
GetCurrentDirectoryW
GetModuleFileNameW
LocalAlloc
GetCurrentProcess
GetCurrentThread
CreateMutexW
ReleaseMutex
GetModuleHandleW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetUserDefaultLangID
SetLastError
SetHandleCount

user32

UnregisterClassW
DestroyMenu
LoadCursorW
GetSysColorBrush
GetWindowThreadProcessId
SetCursor
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetTopWindow
UnhookWindowsHookEx
UnregisterClassA
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
IsWindowVisible
UpdateWindow
GetMenu
PostMessageW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetSysColor
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
LoadImageA
MessageBoxW
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
LoadIconW
EnableWindow
SetForegroundWindow
SendMessageW
CreateWindowExW
GetMessageTime

gdi32

CreateBitmap
GetStockObject
GetDeviceCaps
RectVisible
DeleteDC
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetObjectW
DeleteObject
GetClipBox
TextOutW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

AddAccessAllowedAce
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
FreeSid
RevertToSelf
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegOpenKeyExW
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
OpenProcessToken
OpenThreadToken
ImpersonateSelf
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteW

comctl32

InitCommonControlsEx

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9947d8021d263b8af2d2cd1ad32a72f7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

71:4e:ce:03:10:80:c3:24:06:ec:f0:1d:69:8f:fe:1dCertificate

Extended Key Usages

Key Usages

20:df:be:11:93:8f:56:b8:01:dc:59:2c:e5:f0:e4:8e:2b:7e:42:48Signer

Headers

File Characteristics

PDB Paths

Imports

msi

shlwapi

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

oleaut32

Sections

.text Size: 196KB - Virtual size: 195KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 116KB - Virtual size: 112KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

71:4e:ce:03:10:80:c3:24:06:ec:f0:1d:69:8f:fe:1d
Certificate

20:df:be:11:93:8f:56:b8:01:dc:59:2c:e5:f0:e4:8e:2b:7e:42:48
Signer

.text
Size: 196KB - Virtual size: 195KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 116KB - Virtual size: 112KB