17fb9816b54943259b5a8ddd68519c44_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

17fb9816b54943259b5a8ddd68519c44_JaffaCakes118
Size

4.9MB
MD5

17fb9816b54943259b5a8ddd68519c44
SHA1

661a74f066816354191c4df8e4e4b4c93455ee54
SHA256

33882ab5b94b2359562825a4afa71c38eea6b02e4b67e41b83213060620da0d4
SHA512

0441ce11eea6f620585f501aae763157a84178680cb3451d87a0f97d2cd4e8779e7b2d3edebf037fa955cbefc927400726198555a45eb3178c6d62de10d45017
SSDEEP

98304:HukqbKfz4+NPWNwY2Z0rIAl2MYWk+PXlkBJlV54hQrCjNNLxpeF2:OkqefhNPHYyAlvTP/la4urCrW2

Score

1^/10

Malware Config

Signatures

Files

17fb9816b54943259b5a8ddd68519c44_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f644ed860f1cb6d75ed7e9990e839002

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:f4:31:8f:9e:a4:ee:b8:e0:1f:4b:0b:02:cd:f9:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

20-10-2009 00:00

Not After

19-10-2012 23:59

Subject

CN=Yuna Software Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Yuna Software Limited,L=St. Helier,ST=Jersey,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Patchou Docs\SourceSafe Patchou.com\Yuna Software\Messenger Plus! Live\Release\Setup.pdb

Imports

riched20

ord4

comctl32

ImageList_Destroy
ImageList_Create
ImageList_Add
ImageList_SetOverlayImage

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wtsapi32

WTSEnumerateProcessesW
WTSQuerySessionInformationW
WTSFreeMemory

kernel32

SetFileAttributesA
FileTimeToLocalFileTime
InterlockedDecrement
FormatMessageW
SetFilePointer
ReadFile
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource
SetFileTime
MoveFileA
FlushFileBuffers
GetStdHandle
SetEndOfFile
GetFileType
CreateDirectoryA
GetModuleHandleA
DeviceIoControl
FindFirstFileA
FindNextFileA
GetModuleFileNameA
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
MultiByteToWideChar
GetCPInfo
IsDBCSLeadByte
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
MulDiv
lstrcmpW
GetFileAttributesA
FreeLibrary
GetLocaleInfoW
DuplicateHandle
WaitForMultipleObjects
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringA
HeapCreate
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
CreateThread
ExitThread
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
LoadLibraryA
InterlockedExchange
LocalAlloc
GetTempPathW
GetTickCount
DeleteFileA
CreateFileA
GetProcAddress
RaiseException
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
SetLastError
FlushInstructionCache
GetCommandLineW
GetBinaryTypeW
GetUserDefaultLangID
FindClose
FindNextFileW
GetPrivateProfileIntW
GetPrivateProfileStringW
FindFirstFileW
GetModuleHandleW
CreateMutexW
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentProcess
WriteFile
CreateProcessW
WritePrivateProfileStringW
lstrlenW
RemoveDirectoryW
GetVersionExW
LocalFree
CreateDirectoryW
CopyFileW
SetFileAttributesW
CreateFileW
GetLastError
GetFileAttributesW
TerminateProcess
OpenProcess
Sleep
WaitForSingleObject
DeleteFileW
SetEvent
CreateEventW
CloseHandle
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

GetWindowPlacement
IsZoomed
AdjustWindowRectEx
GetWindowInfo
SetForegroundWindow
BringWindowToTop
IsIconic
LockSetForegroundWindow
EqualRect
TrackPopupMenu
SetMenuItemInfoW
GetMenuItemCount
EnableMenuItem
AppendMenuW
SetMenuInfo
CreatePopupMenu
DestroyMenu
SetRect
KillTimer
SetTimer
IsWindowVisible
GetSysColorBrush
GetWindowDC
CopyRect
IntersectRect
DrawTextW
SystemParametersInfoW
DestroyIcon
DrawFocusRect
IsChild
GetFocus
GetSysColor
CharNextW
RedrawWindow
GetClassInfoExW
CreateWindowExW
CreateAcceleratorTableW
ClientToScreen
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
DestroyAcceleratorTable
DefWindowProcW
RegisterClassExW
EndPaint
BeginPaint
GetUpdateRect
FindWindowExW
CallWindowProcW
GetActiveWindow
SetWindowRgn
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
SetActiveWindow
UpdateWindow
ScrollWindow
MapDialogRect
CreateDialogIndirectParamW
GetSystemMetrics
DialogBoxIndirectParamW
UnregisterClassA
SendMessageW
GetDlgItem
SetWindowTextW
GetDesktopWindow
IsWindowEnabled
MessageBoxW
EnableWindow
SetCursor
LoadCursorW
EndDialog
SetWindowLongW
EnumWindows
RegisterWindowMessageW
SendMessageTimeoutW
GetKeyState
InflateRect
DestroyWindow
PostThreadMessageW
CharLowerA
CharLowerW
CharToOemA
CharUpperW
OemToCharA
OemToCharBuffA
PostQuitMessage
GetWindowTextLengthW
MessageBeep
IsDlgButtonChecked
SetFocus
CheckDlgButton
ShowWindow
IsWindow
LoadImageW
PostMessageW
PeekMessageW
SetWindowPos
MapWindowPoints
GetClientRect
GetCursorPos
GetWindow
InvalidateRect
GetWindowLongW
OffsetRect
PtInRect
ReleaseDC
GetDC
GetWindowRect
MonitorFromRect
GetMonitorInfoW
MonitorFromPoint
GetParent
DialogBoxParamW
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
GetShellWindow
GetWindowThreadProcessId
GetWindowTextW
GetClassNameW

gdi32

CreateRectRgn
SetBitmapDimensionEx
CombineRgn
GetBitmapDimensionEx
GetObjectA
GetPixel
LineTo
MoveToEx
GetClipRgn
SelectClipRgn
CreateRoundRectRgn
SetBkColor
ExcludeClipRect
RoundRect
GetObjectW
DeleteObject
RestoreDC
SetBkMode
SaveDC
SetTextColor
StretchBlt
SetLayout
GetLayout
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
Rectangle
SelectObject
GetStockObject
CreatePen
GetDeviceCaps
CreateFontIndirectW
GetTextExtentPoint32W

advapi32

RegCloseKey
RegNotifyChangeKeyValue
AdjustTokenPrivileges
LookupPrivilegeValueW
SetFileSecurityA
SetFileSecurityW
CopySid
GetLengthSid
EqualSid
GetTokenInformation
OpenProcessToken
RegFlushKey
RegSetValueExW
RegQueryValueExW
SetNamedSecurityInfoW
SetEntriesInAclW
GetExplicitEntriesFromAclW
BuildTrusteeWithSidW
CreateWellKnownSid
GetNamedSecurityInfoW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW

shell32

ShellExecuteW
SHBrowseForFolderW
CommandLineToArgvW
SHFileOperationW
SHChangeNotify
SHGetMalloc
SHGetPathFromIDListW
SHGetFolderLocation
SHGetFolderPathW
SHCreateDirectoryExW

ole32

OleUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemAlloc
StringFromGUID2
CoGetClassObject
CLSIDFromString
OleLockRunning
CLSIDFromProgID
OleInitialize
OleRun
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SysFreeString
VariantInit
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
VariantChangeType
VariantCopy
DispCallFunc
OleCreateFontIndirect
SysStringLen
LoadRegTypeLi
LoadTypeLi
GetErrorInfo

Sections

.text
Size: 687KB - Virtual size: 686KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f644ed860f1cb6d75ed7e9990e839002

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

6d:f4:31:8f:9e:a4:ee:b8:e0:1f:4b:0b:02:cd:f9:83Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

riched20

comctl32

version

wtsapi32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 687KB - Virtual size: 686KB

.rdata Size: 127KB - Virtual size: 127KB

.data Size: 21KB - Virtual size: 45KB

.rsrc Size: 4.1MB - Virtual size: 4.1MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

6d:f4:31:8f:9e:a4:ee:b8:e0:1f:4b:0b:02:cd:f9:83
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 687KB - Virtual size: 686KB

.rdata
Size: 127KB - Virtual size: 127KB

.data
Size: 21KB - Virtual size: 45KB

.rsrc
Size: 4.1MB - Virtual size: 4.1MB