1030ea292996d4bac9f2a4d172a64bf2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1030ea292996d4bac9f2a4d172a64bf2_JaffaCakes118
Size

660KB
MD5

1030ea292996d4bac9f2a4d172a64bf2
SHA1

80a3a7c3fdd6ad89978c7e19d28b2f881616f35c
SHA256

5175fce643e39170dda75104959aabf09360f600722608a382b5a6ff79dc7ff5
SHA512

c836967958900aefca4b0cbd2ac07ea80ac6b3ceb6e3ec99c30737149d73d3f58740da496167c86f720ce875a8016787a683faf49a83e32485cda90006d6bfa9
SSDEEP

12288:VRAUWxoAUfVhcEiYxGBtV5+RuSxMxfogedUJdWnjBi7hUbEWnWZk5g7:VaLtEi3BtDSGxfTeemjBi7hUbE6ek67

Score

1^/10

Malware Config

Signatures

Files

1030ea292996d4bac9f2a4d172a64bf2_JaffaCakes118
.rar
ZoomFoot/Cultures.zip
.zip
transfer_cs-CZ.xml
.xml
transfer_da-DK.xml
.xml
transfer_de-DE.xml
.xml
transfer_en-US.xml
.xml
transfer_es-ES.xml
.xml
transfer_es-MX.xml
.xml
transfer_fi-FI.xml
.xml
transfer_fr-FR.xml
.xml
transfer_hi-IN.xml
.xml
transfer_hu_HU.xml
.xml
transfer_it-IT.xml
.xml
transfer_ja-JP.xml
.xml
transfer_ko-KR.xml
.xml
transfer_nb-NO.xml
.xml
transfer_nl-NL.xml
.xml
transfer_pl-PL.xml
.xml
transfer_pt-BR.xml
.xml
transfer_pt-PT.xml
.xml
transfer_ro-RO.xml
.xml
transfer_ru-RU.xml
.xml
transfer_sv-SE.xml
.xml
transfer_th-TH.xml
.xml
transfer_tr-TR.xml
.xml
transfer_uk-UA.xml
.xml
transfer_vi-VN.xml
.xml
transfer_zh-HK.xml
.xml
ZoomFoot/Transfer.exe
.exe windows:5 windows x86 arch:x86

b9f8ab284961a484db01ac887f5d723e

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

67:91:12:9f:5c:a4:e8:ce:1c:e8:d7:28:c2:01:08:dc
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

02/06/2009, 00:00

Not After

12/06/2010, 23:59

Subject

CN=ZoomFoot Inc.,OU=LEGAL,O=ZoomFoot Inc.,L=Denver,ST=Colorado,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:67:cd:09:05:5c:35:10:65:02:43:c8:b1:6e:07:14:3c:7d:42:fb
Signer

Actual PE Digest

f1:67:cd:09:05:5c:35:10:65:02:43:c8:b1:6e:07:14:3c:7d:42:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Greg\Documents\Visual Studio 2010\Projects\ZoomFoot\Release\Transfer.pdb

Imports

kernel32

CompareStringW
lstrcmpiW
LoadLibraryA
FreeLibrary
LoadLibraryW
CreateMutexW
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
GetCommandLineW
OutputDebugStringW
SetEnvironmentVariableA
SetEndOfFile
CreateTimerQueueTimer
DeleteTimerQueueTimer
CreateTimerQueue
SleepEx
SignalObjectAndWait
WriteConsoleW
SetStdHandle
GetThreadPriority
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
SetFilePointer
GetTimeZoneInformation
GetLocaleInfoW
GetStdHandle
WriteFile
TlsSetValue
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
CreateThread
GetModuleHandleA
SetThreadAffinityMask
SetThreadPriority
GetTickCount
GetProcessAffinityMask
WaitForMultipleObjects
SwitchToThread
DuplicateHandle
CreateSemaphoreW
InterlockedFlushSList
QueryDepthSList
InitializeSListHead
ReleaseSemaphore
HeapCreate
WaitForSingleObject
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LCMapStringW
GetCPInfo
RtlUnwind
GetStartupInfoW
HeapSetInformation
ExitProcess
ReadFile
TlsGetValue
TlsFree
TlsAlloc
GetSystemInfo
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
FormatMessageA
FindNextFileW
FindFirstFileW
FindResourceExW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SetLastError
RaiseException
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
GetVersionExW
ExpandEnvironmentStringsW
GetExitCodeProcess
InterlockedDecrement
InterlockedIncrement
GetTempPathW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
GetProcAddress
SetEvent
CreateEventA
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateMutexA
VirtualProtect
CloseHandle
ReleaseMutex
SizeofResource
LockResource
LoadResource
FindResourceW
GetModuleFileNameW
GetModuleHandleW
ResetEvent
CreateEventW
MultiByteToWideChar
FreeResource
WideCharToMultiByte
FormatMessageW
GetLastError
CreateDirectoryW
DeleteFileW
RemoveDirectoryW
FindClose
CreateFileW
GetFileAttributesExW
GetFileAttributesW
DecodePointer
EncodePointer
IsDebuggerPresent
LocalFree
Sleep
GetStringTypeW
InterlockedExchange
InterlockedCompareExchange

user32

TranslateMessage
GetParent
GetWindowLongW
OffsetRect
SystemParametersInfoW
SetWindowLongW
DefWindowProcW
CallWindowProcW
InflateRect
DrawTextW
GetSysColor
InvalidateRect
LoadCursorW
SetWindowPos
SetScrollInfo
ShowScrollBar
GetScrollPos
GetScrollInfo
SetCursor
GetCapture
ReleaseCapture
KillTimer
GetKeyState
SetScrollPos
SetFocus
SetCapture
SetTimer
GetDlgCtrlID
BeginPaint
EndPaint
GetFocus
FillRect
GetDlgItem
IsWindow
DestroyWindow
GetScrollBarInfo
RegisterClassExW
GetClassInfoExW
CreateWindowExW
ShowWindow
GetWindowRect
MapWindowPoints
GetMenu
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
IsDialogMessageW
SetWindowTextW
PtInRect
PostMessageW
GetCursorPos
GetActiveWindow
EnableWindow
CreatePopupMenu
TrackPopupMenu
AppendMenuW
DestroyMenu
MonitorFromPoint
GetMonitorInfoW
ScreenToClient
IsWindowEnabled
IsWindowVisible
DrawFocusRect
SetRectEmpty
UpdateWindow
CharNextW
GetClassNameW
RegisterWindowMessageW
LoadStringW
SetMenuDefaultItem
SetMenuItemInfoW
GetMenuItemInfoW
GetWindowPlacement
GetDC
TranslateAcceleratorW
LoadStringA
PostQuitMessage
UnregisterClassA
ReleaseDC
SendMessageW
IsRectEmpty
GetMenuItemCount
MessageBeep
PeekMessageW
TrackPopupMenuEx
RemoveMenu
SetForegroundWindow
FindWindowExW
LoadAcceleratorsW
GetSystemMetrics
DispatchMessageW
LoadImageW
LoadMenuW
GetMessageW
GetClientRect

gdi32

GetObjectA
CreatePatternBrush
GetStockObject
RoundRect
CreateSolidBrush
ExtTextOutW
GetClipBox
SetBkColor
LineTo
MoveToEx
CreatePen
RestoreDC
SaveDC
GetObjectW
SetViewportOrgEx
SetTextColor
SetBkMode
CreateFontIndirectW
BitBlt
SelectObject
CreateCompatibleBitmap
DeleteObject
CreateCompatibleDC
DeleteDC
PatBlt

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

GetTokenInformation
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
LookupPrivilegeNameW
RegQueryValueExW
AdjustTokenPrivileges
OpenProcessToken
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
DragFinish
DragQueryFileW
DragAcceptFiles
ShellExecuteExW
SHGetFolderPathW
ShellExecuteW

ole32

CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitializeEx

oleaut32

VarUI4FromStr
VariantClear
SysAllocString

comctl32

_TrackMouseEvent

msimg32

AlphaBlend
GradientFill

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetImageWidth
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipGetImageHorizontalResolution
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipImageRotateFlip
GdipGetImageVerticalResolution
GdipBitmapSetResolution
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromFile
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipSetPenLineJoin
GdipCloneFont
GdipCreateBitmapFromResource
GdipFillRectangleI
GdipSetStringFormatTrimming
GdipFillEllipse
GdipDrawString
GdipCreateSolidFill
GdipDrawImagePointRectI
GdipFillPath
GdipSetLinePresetBlend
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushFromRectI
GdipReleaseDC
GdipGetDC
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipMeasureString
GdipSetTextRenderingHint
GdipAddPathLine2
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdipDeletePath
GdipDrawPath
GdipDrawLineI
GdipDeletePen
GdipCreatePen1
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipSetCompositingMode
GdipCreateFromHDC
GdipClosePathFigure
GdipAddPathLineI
GdipAddPathArcI
GdipCreatePath
GdipSaveImageToStream
GdipFree

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpSendRequest
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData

ws2_32

WSACleanup
WSAStartup

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9f8ab284961a484db01ac887f5d723e

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

67:91:12:9f:5c:a4:e8:ce:1c:e8:d7:28:c2:01:08:dcCertificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

f1:67:cd:09:05:5c:35:10:65:02:43:c8:b1:6e:07:14:3c:7d:42:fbSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

gdiplus

version

winhttp

ws2_32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 231KB - Virtual size: 230KB

.data Size: 87KB - Virtual size: 98KB

.rsrc Size: 93KB - Virtual size: 93KB

.reloc Size: 107KB - Virtual size: 107KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

67:91:12:9f:5c:a4:e8:ce:1c:e8:d7:28:c2:01:08:dc
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

f1:67:cd:09:05:5c:35:10:65:02:43:c8:b1:6e:07:14:3c:7d:42:fb
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 231KB - Virtual size: 230KB

.data
Size: 87KB - Virtual size: 98KB

.rsrc
Size: 93KB - Virtual size: 93KB

.reloc
Size: 107KB - Virtual size: 107KB