0b978cd6214cdf20e1ae2cce0ba173df_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b978cd6214cdf20e1ae2cce0ba173df_JaffaCakes118
Size

2.9MB
MD5

0b978cd6214cdf20e1ae2cce0ba173df
SHA1

755beb4c9f9e110515cffa0fbeeb17762afbda64
SHA256

18a36234f2dd49da0a65f4faa43830f1a8522027483be661df22a1c23b8ce122
SHA512

3c371f1d8b36dea60597497cfe03e992366fc4cc938bd063d1772d7c161dacebe24c4f5395520819116523db789a37042bedf641de63fba19a9a29ddb7f0c68e
SSDEEP

49152:j32NE9EDu4sqHWwjzwlvwodzhYhKyGyeBN:jn0HHvzPM

Score

1^/10

Malware Config

Signatures

Files

0b978cd6214cdf20e1ae2cce0ba173df_JaffaCakes118
.exe windows:4 windows x64 arch:x64

15e6945cd0e4b67b14a83e63383f3ca1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:8e:49:11:ea:41:4d:e5:37:bc:ee:2a:aa:b7:4f:c7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/02/2009, 00:00

Not After

20/04/2012, 23:59

Subject

CN=Broadcom Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Enterprise Computing,O=Broadcom Corporation,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:a1:30:a4:4b:e6:94:08:d6:3f:11:c3:18:11:0c:c1:45:d5:f3:09
Signer

Actual PE Digest

09:a1:30:a4:4b:e6:94:08:d6:3f:11:c3:18:11:0c:c1:45:d5:f3:09

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

u:\BTW\btw1.2\bin\amd64\BTStackServer.pdb

Imports

btosif

OSIF_FreeObject
OSIF_GetObjectName
OSIF_CodeToString
OSIF_WriteObject
OSIF_GetNextObject
OSIF_GetFirstObject
OSIF_GetObjectById
OSIF_AddObject
OSIF_ModifyObject
OSIF_ObjectsConflict
OSIF_FindObject
OSIF_ReadObjects
OSIF_GetObjectCount
OSIF_Close
OSIF_OpenX
OSIF_Open
OSIF_IsPresent
OSIF_IsPimSupported
OSIF_IsSupported
??1CBTvCard@@QEAA@XZ
?getName@CBTvCard@@QEAAHPEADH@Z
?Parse@CBTvCard@@QEAAHPEA_W@Z
??0CBTvCard@@QEAA@XZ
OSIF_ReplaceObject
OSIF_CreateFilter
OSIF_PIMId
OSIF_DeleteFilter
OSIF_GetCfgFolder
OSIF_WriteObjectEx
OSIF_SetFolder
OSIF_CL_Open
OSIF_CL_Close
OSIF_CL_GetDatabaseId
OSIF_CL_GetFirstEntry
OSIF_CL_GetNextEntry
OSIF_GetFirstId
OSIF_GetNextId
OSIF_CL_GetCurrentAnchor
OSIF_DeleteObject

btaudiohelper

FindBtAudioOutputDevice
CloseSpeakerConnection
AddPacketIntoInQueue
OpenMicrophoneConnection
GetNumberWaveInDevices
CloseMicrophoneConnection
GetAudioDeviceOUT
GetAudioDeviceIN
SetSpeakerVolume
GetSpeakerVolume
IsBtAudioDevicePresent
SetPreferredWaveOutDevice
SetPreferredWaveInDevice
GetPreferredWaveOutDevice
GetNumberWaveOutDevices
OpenSpeakerConnection
EnableMultimediaTimer
DisableMultimediaTimer
FindBtAudioDevice
GetPreferredWaveInDevice

iphlpapi

GetInterfaceInfo
IpReleaseAddress
IpRenewAddress
GetAdaptersInfo

ws2_32

sendto
ntohl
bind
socket
WSAStartup
getsockname
closesocket
WSAGetLastError
WSACleanup
WSALookupServiceNextW
WSALookupServiceBeginW
WSALookupServiceEnd
WSALookupServiceNextA
WSALookupServiceBeginA
WSAAddressToStringA
WSASetServiceA
shutdown
connect
setsockopt
listen
send
recv
accept

setupapi

SetupDiDestroyDeviceInfoList
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiClassGuidsFromNameA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInstanceIdW
CM_Get_Parent
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceInterfaceDetailW
CM_Get_Device_IDW
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
CM_Get_Device_IDA
SetupDiDestroyDriverInfoList
SetupDiGetDriverInfoDetailA
SetupDiEnumDriverInfoA
SetupDiBuildDriverInfoList
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInterfaceRegKey

shlwapi

PathRemoveFileSpecW
PathIsDirectoryW
PathRemoveFileSpecA
PathFindNextComponentA
SHSetValueA
SHGetValueW
StrRetToBufW
SHDeleteKeyW
SHGetValueA
SHSetValueW
wvnsprintfA
PathCombineA
PathIsDirectoryA
PathFileExistsW
PathFileExistsA
SHDeleteValueA
UrlGetPartW

msi

ord73
ord75

tapi32

lineGetLineDevStatus
lineDrop
lineSetCallPrivilege
lineGetCallInfoA
lineGetMessage
lineNegotiateAPIVersion
lineGetDevCapsA
lineInitializeExA
lineOpenA
lineSetStatusMessages
lineShutdown
lineGetCallStatus
lineClose
lineDeallocateCall
lineAnswer
lineMakeCallA
lineUnhold
lineHold
lineSetupConferenceA
lineAddToConference
lineGenerateDigitsA

irprops.cpl

BluetoothFindFirstDevice
BluetoothFindNextDevice
BluetoothFindDeviceClose
BluetoothEnumerateInstalledServices
BluetoothFindFirstRadio
BluetoothGetDeviceInfo
BluetoothFindRadioClose

gdiplus

GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipDeleteGraphics
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToFile
GdipDrawImagePointRectI
GdipGetImageGraphicsContext
GdipAlloc
GdiplusStartup
GdiplusShutdown
GdipFree

psapi

EnumProcesses

mfc80

ord2571
ord5610
ord5255
ord5272
ord4610
ord3986
ord5269
ord5266
ord2965
ord1947
ord771
ord3633
ord1040
ord924
ord795
ord759
ord570
ord3212
ord2277
ord1039
ord1131
ord1100
ord1084
ord2353
ord1248
ord1139
ord2293
ord3242
ord3248
ord1961
ord1298
ord3126
ord642
ord2049
ord393
ord1486
ord4120
ord3972
ord1501
ord4074
ord5453
ord1650
ord388
ord3308
ord2736
ord2740
ord5536
ord472
ord2159
ord6050
ord5446
ord2502
ord1505
ord5758
ord3239
ord2737
ord641
ord392
ord4124
ord6227
ord6221
ord884
ord756
ord1471
ord5388
ord566
ord2362
ord5572
ord2765
ord3358
ord3136
ord2780
ord2787
ord2784
ord5139
ord2153
ord5673
ord5921
ord2944
ord5371
ord6343
ord4099
ord6262
ord935
ord2345
ord2505
ord1200
ord777
ord321
ord1108
ord1184
ord1227
ord592
ord776
ord1208
ord1204
ord1202
ord266
ord265
ord589
ord890
ord306
ord320
ord6373
ord1944
ord774
ord2503
ord5534
ord310
ord2380
ord1599
ord3293
ord5373
ord6345
ord6334
ord1198
ord5362
ord757
ord568
ord925
ord5759
ord2301
ord796
ord316
ord793
ord5606
ord921
ord4036
ord2300
ord879
ord2936
ord300
ord688
ord3899
ord451
ord6048
ord1508
ord305
ord2969
ord6165
ord581
ord2869
ord4302
ord4522
ord3987
ord2678
ord3747
ord3757
ord3756
ord2978
ord2567
ord2680
ord2574
ord2872
ord2748
ord4348

msvcr80

_strdup
_mbsrchr
_ltoa
labs
fclose
ftell
fread
fseek
_errno
_wfopen
_snprintf
atof
_time64
_localtime64_s
strtol
_strnicmp
_vswprintf
qsort
strtok
wcsncmp
_mbstok_s
wcschr
towlower
fopen
feof
ferror
fwrite
wcstok
fputc
fputs
fprintf
_ltow
_ultoa
fabs
atol
_mbsnbicmp
_ctime64
strncat
_strlwr
wcstol
_wcslwr
wcstoul
strtoul
floor
rand
strftime
_splitpath
__doserrno
clearerr_s
fgets
?terminate@@YAXXZ
_unlock
_encode_pointer
__dllonexit
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_XcptFilter
_exit
_ismbblead
_cexit
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
_endthread
_mktime64
_localtime64
_gmtime64
asctime
isalpha
tolower
strncmp
memmove
strncpy_s
strchr
wcsrchr
_wcsupr
_wcsicmp
_wctime64
_ftime64_s
strrchr
sscanf_s
wcscat_s
_ultow_s
swscanf_s
vsprintf_s
swprintf_s
realloc
_mbsnbcat
_mbschr
strncpy
_mbsicmp
_mbsnbcpy
_stricmp
_memicmp
atoi
strcmp
isdigit
toupper
strstr
_strupr
_mbsnbcmp
isprint
_mbsupr
memmove_s
_mbsstr
sprintf_s
wcscmp
wcscpy
swscanf
wcsstr
mbstowcs
wcscat
strcat_s
sscanf
vsprintf
_mbsnbcpy_s
memcpy_s
strcat
ceil
memcmp
_mbscmp
__RTDynamicCast
_beginthreadex
strcpy_s
sprintf
strcpy
_CxxThrowException
memcpy
strlen
wcsncpy
__C_specific_handler
calloc
_recalloc
free
malloc
_purecall
memset
__CxxFrameHandler3
wcscpy_s
wcslen
_resetstkoflw
_swprintf
_ultow
_wrename
_wremove
fgetc
_snwprintf
wcsncpy_s
_wcsdup

kernel32

CreateDirectoryW
RemoveDirectoryW
DeleteFileW
MoveFileW
FindNextFileW
FindFirstFileW
FindClose
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
LocalAlloc
GetCurrentDirectoryA
OutputDebugStringA
GetSystemDefaultLangID
GetComputerNameA
GetWindowsDirectoryA
GlobalMemoryStatus
GetModuleHandleExW
GetModuleFileNameW
LoadLibraryW
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
WinExec
FindNextFileA
TerminateProcess
GlobalAlloc
GlobalFree
GetTempFileNameW
GetTempFileNameA
GetCommModemStatus
WaitCommEvent
WriteFile
ClearCommError
ReadFile
EscapeCommFunction
PurgeComm
SetupComm
GetCommState
SetCommState
SetCommMask
SetCommTimeouts
CreateFileW
GetTimeZoneInformation
SetFileTime
MoveFileA
RemoveDirectoryA
SetFileAttributesA
SetFileAttributesW
GetFileAttributesExW
GetFileAttributesExA
FileTimeToSystemTime
GetFileAttributesA
ExpandEnvironmentStringsA
GetSystemPowerStatus
GetTempPathW
DeleteFileA
GetTempPathA
MulDiv
CancelWaitableTimer
SetWaitableTimer
CreateWaitableTimerA
FormatMessageA
SetThreadExecutionState
OpenEventA
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
WaitForMultipleObjects
GetOverlappedResult
TerminateThread
SetThreadPriority
LocalFree
OutputDebugStringW
lstrcmpA
lstrcpyA
ResetEvent
Process32Next
Process32First
CreateToolhelp32Snapshot
SetLastError
HeapAlloc
GetProcessHeap
FindResourceExA
HeapFree
CreateSemaphoreA
DeviceIoControl
CreateFileA
CallNamedPipeA
CreateProcessA
FindFirstFileA
GetACP
GetThreadLocale
GetUserDefaultUILanguage
OpenProcess
VerSetConditionMask
GetFileAttributesW
RaiseException
SetProcessShutdownParameters
GetCommandLineA
GetCurrentThreadId
GetVersionExA
GetLocaleInfoA
IsValidCodePage
GetCurrentThread
DuplicateHandle
GetCurrentProcessId
CreateEventA
CreateThread
Sleep
SetEvent
IsDBCSLeadByte
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
GetModuleFileNameA
GetModuleHandleA
CopyFileA
GetSystemDirectoryA
SetEnvironmentVariableA
GetSystemTimeAsFileTime
FileTimeToDosDateTime
GetProcAddress
CreateDirectoryA
LoadLibraryA
FreeLibrary
CompareFileTime
GetSystemTime
SystemTimeToFileTime
CreateMutexA
OpenMutexA
ReleaseMutex
GetCurrentProcess
SetPriorityClass
GetTickCount
InitializeCriticalSection
GetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
ReleaseSemaphore
OpenSemaphoreA
WaitForSingleObject
CloseHandle
lstrlenA
lstrcmpiA
WideCharToMultiByte
lstrlenW
GetEnvironmentVariableA
MultiByteToWideChar
GetVersion
VerifyVersionInfoA
GetExitCodeProcess

user32

KillTimer
MessageBoxA
wvsprintfA
LoadStringW
RegisterWindowMessageA
IsWindow
GetWindowLongA
FindWindowExA
GetWindowTextW
GetClassNameA
GetParent
DestroyWindow
SetClassLongPtrW
CreateWindowExW
CheckRadioButton
CheckDlgButton
GetDlgItem
CallWindowProcW
PeekMessageA
wsprintfA
MsgWaitForMultipleObjects
InvalidateRect
GetClientRect
SystemParametersInfoA
DestroyMenu
CreatePopupMenu
GetSystemMetrics
GetForegroundWindow
PostQuitMessage
GetWindowLongPtrA
DefWindowProcA
FindWindowA
PostMessageA
GetDesktopWindow
wsprintfW
RegisterClassExA
CreateWindowExA
SetWindowLongPtrA
SetTimer
GetMessageA
SendMessageA
PostThreadMessageA
CharNextA
LoadStringA
UnregisterDeviceNotification
RegisterDeviceNotificationA
DispatchMessageA
UnregisterClassA

gdi32

GetDeviceCaps
CreateFontIndirectA

winspool.drv

StartPagePrinter
EndDocPrinter
WritePrinter
EndPagePrinter
StartDocPrinterA
EnumJobsA
OpenPrinterA
ClosePrinter
ord201
EnumPrintersA
DeviceCapabilitiesA
SetJobA
GetPrinterA

advapi32

RegEnumKeyExA
CryptImportKey
RegOpenKeyExW
RegEnumValueW
RegCreateKeyExW
RegQueryValueExW
RegEnumKeyExW
RegEnumKeyW
RegDeleteKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorW
QueryServiceStatus
ControlService
StartServiceA
OpenServiceA
OpenSCManagerA
GetUserNameA
CryptDecrypt
CryptGetUserKey
CryptGenKey
CryptExportKey
CryptEncrypt
CryptDestroyKey
InitializeSecurityDescriptor
CryptSetProvParam
CryptReleaseContext
CryptAcquireContextA
RegEnumValueA
RegQueryInfoKeyA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA

shell32

SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteA
ord155
SHChangeNotify
SHGetFolderLocation
ord25
SHGetDesktopFolder
SHGetFolderPathA
SHCreateDirectoryExA
SHGetSpecialFolderPathA

ole32

CoCreateGuid
CoCreateInstance
CoInitialize
CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx
CoResumeClassObjects
CoUninitialize
CoSuspendClassObjects
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
StringFromGUID2

oleaut32

VarBstrFromDate
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreatePropertyFrame
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroyData
LoadRegTypeLi
UnRegisterTypeLi
LoadTypeLi
SysStringLen
RegisterTypeLi
VarUI4FromStr
DosDateTimeToVariantTime
SysAllocString
VariantCopy
VariantInit
VariantClear
SysFreeString

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 548KB - Virtual size: 547KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 185KB - Virtual size: 7.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��.
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15e6945cd0e4b67b14a83e63383f3ca1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

3a:8e:49:11:ea:41:4d:e5:37:bc:ee:2a:aa:b7:4f:c7Certificate

Extended Key Usages

Key Usages

09:a1:30:a4:4b:e6:94:08:d6:3f:11:c3:18:11:0c:c1:45:d5:f3:09Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

btosif

btaudiohelper

iphlpapi

ws2_32

setupapi

shlwapi

msi

tapi32

irprops.cpl

gdiplus

psapi

mfc80

msvcr80

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

version

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 548KB - Virtual size: 547KB

.data Size: 185KB - Virtual size: 7.2MB

.pdata Size: 91KB - Virtual size: 91KB

��. Size: 83KB - Virtual size: 83KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

3a:8e:49:11:ea:41:4d:e5:37:bc:ee:2a:aa:b7:4f:c7
Certificate

09:a1:30:a4:4b:e6:94:08:d6:3f:11:c3:18:11:0c:c1:45:d5:f3:09
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 548KB - Virtual size: 547KB

.data
Size: 185KB - Virtual size: 7.2MB

.pdata
Size: 91KB - Virtual size: 91KB

��.
Size: 83KB - Virtual size: 83KB