070d303c95856722bea316d01b42df46_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

070d303c95856722bea316d01b42df46_JaffaCakes118
Size

969KB
MD5

070d303c95856722bea316d01b42df46
SHA1

a67f99c817cef8b1d9fe8729cd6050d3a9af2d6a
SHA256

514152828f6ecd9f0a5ee1698e79883ca97e39bb4dffeab7cfdd29b6495a2a0f
SHA512

afaca2e171b5bebb200fb96a1bd93cd07c952d04142528157dba4c90f52b2f304b7358cbbfd409636da8444d9a0c62b8e51418d955712272e5de153866c7be73
SSDEEP

24576:z0VWQlseyTcGvoJpb28dUOeU/3IAxefxEu1:+3suGvoP28dURG3IAw2u

Score

1^/10

Malware Config

Signatures

Files

070d303c95856722bea316d01b42df46_JaffaCakes118
.exe windows:5 windows x64 arch:x64

b41e5dbb52a70c7e48cc80588f954ac8

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/11/2011, 00:00

Not After

13/11/2014, 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Java Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

51:79:b3:d3:0f:62:51:38:92:97:63:dc:3b:7c:f0:eb:aa:4e:7f:0c
Signer

Actual PE Digest

51:79:b3:d3:0f:62:51:38:92:97:63:dc:3b:7c:f0:eb:aa:4e:7f:0c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\b\build\slave\win\build\src\build\Release\nacl64_exe.pdb

Imports

kernel32

LocalAlloc
ResumeThread
GetModuleHandleW
GetLongPathNameW
IsProcessInJob
GetCurrentProcessId
DuplicateHandle
OpenProcess
GetModuleFileNameW
GetTempPathW
GetLastError
GetEnvironmentVariableW
GetCommandLineW
CreateProcessW
CloseHandle
GetFileInformationByHandle
GetExitCodeProcess
WaitForSingleObject
SizeofResource
LockResource
LoadResource
FindResourceW
DebugActiveProcess
GetProcessId
GetUserDefaultLCID
GetUserDefaultLangID
LeaveCriticalSection
ReleaseSemaphore
GetCurrentThreadId
EnterCriticalSection
VirtualQuery
CreateFileW
RtlCaptureContext
DeleteCriticalSection
FreeLibrary
LoadLibraryW
CreateThread
CreateSemaphoreW
InitializeCriticalSection
WaitNamedPipeW
WaitForMultipleObjects
SetEvent
ResetEvent
WriteFile
TransactNamedPipe
SetNamedPipeHandleState
MultiByteToWideChar
WideCharToMultiByte
CreateEventW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
LocalFree
RaiseException
SetThreadPriority
IsDebuggerPresent
lstrlenW
GetStdHandle
SetInformationJobObject
VirtualQueryEx
HeapSetInformation
GetTickCount
GetModuleHandleExA
ReadFile
SetHandleInformation
GetSystemInfo
AssignProcessToJobObject
GetSystemTimeAsFileTime
GetNativeSystemInfo
GetVersionExW
FileTimeToSystemTime
FileTimeToLocalFileTime
UnmapViewOfFile
GetFileAttributesW
SetUnhandledExceptionFilter
SetCurrentDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetCurrentDirectoryW
MapViewOfFile
CreateFileMappingW
SetLastError
QueryDosDeviceW
ReleaseMutex
CreateMutexW
SetFilePointer
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
SystemTimeToFileTime
SetEndOfFile
FlushFileBuffers
GetLocaleInfoW
GetUserDefaultUILanguage
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsFree
TlsSetValue
GetQueuedCompletionStatus
CreateIoCompletionPort
PostQueuedCompletionStatus
GetSystemPowerStatus
RtlCaptureStackBackTrace
GetCurrentThread
UnregisterWaitEx
RegisterWaitForSingleObject
GetWindowsDirectoryW
GetSystemDirectoryW
ConnectNamedPipe
CancelIo
CreateNamedPipeW
GetNamedPipeInfo
TerminateJobObject
SignalObjectAndWait
GetProcessHandleCount
VirtualFree
WriteProcessMemory
VirtualAllocEx
GetThreadContext
VirtualProtectEx
VirtualFreeEx
CreateJobObjectW
OpenEventW
SearchPathW
DebugBreak
ReadProcessMemory
SetThreadContext
ContinueDebugEvent
WaitForDebugEvent
VirtualProtect
VirtualAlloc
SwitchToThread
SuspendThread
FlushInstructionCache
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
ExitProcess
MapViewOfFileEx
GetSystemTime
PeekNamedPipe
DisconnectNamedPipe
GetNamedPipeHandleStateW
EncodePointer
DecodePointer
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
GetStartupInfoW
SetStdHandle
GetFileType
HeapAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
GetProcessHeap
ExitThread
RtlPcToFileHeader
CreateFileA
GetDriveTypeA
FindFirstFileExA
LCMapStringW
GetCPInfo
GetVersion
HeapCreate
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
WriteConsoleW
GetStringTypeW
GetFullPathNameA
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetDriveTypeW
CompareStringW
SetEnvironmentVariableA
GetCurrentProcess
TerminateProcess
Sleep
CreateRemoteThread
GetModuleHandleA
GetProcAddress
LoadLibraryA

user32

PostQuitMessage
PeekMessageW
GetQueueStatus
DefWindowProcW
SetTimer
RegisterClassExW
WaitMessage
MsgWaitForMultipleObjectsEx
UnregisterClassW
CloseWindowStation
CloseDesktop
CallMsgFilterW
CreateWindowStationW
KillTimer
CreateDesktopW
SetProcessWindowStation
GetThreadDesktop
GetUserObjectInformationW
DestroyWindow
CreateWindowExW
TranslateMessage
DispatchMessageW
PostMessageW
MessageBoxW
WaitForInputIdle
wsprintfW
CharUpperW
GetProcessWindowStation

advapi32

RegSetValueExW
RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW
ConvertSidToStringSidW
CreateProcessAsUserW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
CryptDestroyKey
CryptReleaseContext
CryptDestroyHash
SetEntriesInAclW
GetTokenInformation
OpenProcessToken
GetSecurityInfo
CreateWellKnownSid
CopySid
LookupPrivilegeValueW
EqualSid
DuplicateToken
DuplicateTokenEx
CreateRestrictedToken
SetThreadToken
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
RevertToSelf
RegDisablePredefinedCache
CryptAcquireContextW
CryptImportKey
CryptCreateHash
CryptSetHashParam
CryptHashData
CryptGetHashParam

userenv

DestroyEnvironmentBlock
GetProfileType
CreateEnvironmentBlock

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

gethostbyname
shutdown
select
send
ntohs
closesocket
socket
htons
htonl
accept
listen
bind
setsockopt
WSACleanup
WSAStartup
recv

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime
timeGetDevCaps

ole32

CoTaskMemFree

Exports

Exports

CrashForException
DumpProcess
DumpProcessWithoutCrash
InjectDumpProcessWithoutCrash
SetActiveURL
SetClientId
SetCommandLine2
SetExtensionID
SetGpuInfo
SetNumberOfExtensions
SetNumberOfViews
SetPrinterInfo
_ovly_debug_event
nacl_global_xlate_base
nacl_thread_ids
nacl_user

Sections

.text
Size: 644KB - Virtual size: 643KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 238KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b41e5dbb52a70c7e48cc80588f954ac8

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70Certificate

Extended Key Usages

Key Usages

51:79:b3:d3:0f:62:51:38:92:97:63:dc:3b:7c:f0:eb:aa:4e:7f:0cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

userenv

version

ws2_32

winmm

ole32

Exports

Exports

Sections

.text Size: 644KB - Virtual size: 643KB

.rdata Size: 238KB - Virtual size: 237KB

.data Size: 13KB - Virtual size: 257KB

.pdata Size: 37KB - Virtual size: 37KB

.tls Size: 512B - Virtual size: 29B

text Size: 1KB - Virtual size: 1KB

data Size: 8KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

�� Size: 11KB - Virtual size: 11KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

09:e2:8b:26:db:59:3e:c4:e7:32:86:b6:64:99:c3:70
Certificate

51:79:b3:d3:0f:62:51:38:92:97:63:dc:3b:7c:f0:eb:aa:4e:7f:0c
Signer

.text
Size: 644KB - Virtual size: 643KB

.rdata
Size: 238KB - Virtual size: 237KB

.data
Size: 13KB - Virtual size: 257KB

.pdata
Size: 37KB - Virtual size: 37KB

.tls
Size: 512B - Virtual size: 29B

text
Size: 1KB - Virtual size: 1KB

data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

��
Size: 11KB - Virtual size: 11KB