14b30faf22a62ea630066cef43e21623_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14b30faf22a62ea630066cef43e21623_JaffaCakes118
Size

4.0MB
MD5

14b30faf22a62ea630066cef43e21623
SHA1

03c5b7c4c615ffaaf7cb670a2a7fbf84184d36cc
SHA256

d1e69a7ae0600b6c80916682f73dbdfd78c8bd9ecde173bcb300b97a21047f23
SHA512

26e4cbc630e4098928d9b9b6328748d5fcb9a47644b81e205047ffab99b22e059cac3c7e8ebde5b2255d9f37fc161ef2a82ffe79143066024390ce1fe2d11a1c
SSDEEP

98304:VFO38Zi5HBnyJ8CfRgCgeju8f6xeXPo2UEqq5AWK8dknLvPD:VFOCUHVOgCge1f0b2OWtw

Score

1^/10

Malware Config

Signatures

Files

14b30faf22a62ea630066cef43e21623_JaffaCakes118
.exe windows:5 windows x86 arch:x86

17f5d5aeb7c898aa0d41b99ce5af5d41

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:04
Certificate

Issuer

CN=yessignCA General Class 1,OU=AccreditedCA,O=yessign,C=kr

Not Before

27/01/2010, 15:00

Not After

28/01/2011, 14:59

Subject

CN=모아커뮤니케이션(MOA Communication),OU=code-sign+OU=20100128000003,O=yessign,C=kr

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

27:7c
Certificate

Issuer

CN=KISA RootCA 1,OU=Korea Certification Authority Central,O=KISA,C=KR

Not Before

22/08/2008, 05:39

Not After

22/08/2018, 05:39

Subject

CN=yessignCA General Class 1,OU=AccreditedCA,O=yessign,C=kr

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f9:11:aa:75:aa:fc:ad:bf:20:8e:cb:42:94:a3:c1:c6:e4:9a:fa:d5
Signer

Actual PE Digest

f9:11:aa:75:aa:fc:ad:bf:20:8e:cb:42:94:a3:c1:c6:e4:9a:fa:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

CreateProcessW
GetExitCodeProcess
GetVersion
GetVersionExW
FindClose
CreateDirectoryW
WideCharToMultiByte
CreateFileA
GetDiskFreeSpaceExW
GetEnvironmentVariableW
GetCurrentProcess
FlushInstructionCache
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
RemoveDirectoryW
MulDiv
OutputDebugStringW
LoadLibraryExW
InterlockedExchange
GetSystemDefaultLangID
GetUserDefaultLangID
EnumResourceLanguagesW
GetTempPathW
GetTempFileNameW
FindNextFileW
GetLogicalDriveStringsW
GetDriveTypeW
GetSystemDirectoryW
GetWindowsDirectoryW
GlobalMemoryStatus
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
TerminateProcess
lstrlenW
lstrcmpiW
GetModuleHandleW
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
CreateMutexW
GetFileAttributesW
SetFileAttributesW
CopyFileW
GetLocaleInfoA
ReadFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LoadLibraryA
LocalAlloc
GetLocaleInfoW
FormatMessageW
FindFirstFileW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GlobalAlloc
GlobalFree
GlobalUnlock
GlobalLock
FreeLibrary
MultiByteToWideChar
GetModuleFileNameW
LoadLibraryW
GetProcAddress
ResetEvent
FlushFileBuffers
Sleep
WriteFile
MoveFileW
DeleteFileW
GetFileSize
SetFilePointer
CreateFileW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CreateEventW
SetEvent
GetLastError
CreateThread
CloseHandle
TerminateThread
GetExitCodeThread
WaitForSingleObject
RaiseException
InitializeCriticalSectionAndSpinCount
GetModuleHandleA

user32

GetWindowDC
GetSubMenu
CharNextW
GetPropW
LoadImageW
ReleaseDC
LoadMenuW
TrackPopupMenu
EnableMenuItem
ScreenToClient
ExitWindowsEx
GetDC
GetSystemMetrics
SetFocus
CallWindowProcW
DestroyMenu
ModifyMenuW
DefWindowProcW
GetSystemMenu
LoadIconW
InvalidateRect
RedrawWindow
RemovePropW
SetPropW
GetDlgCtrlID
MessageBoxW
KillTimer
EnableWindow
SetTimer
PostMessageW
IsWindow
CreateWindowExW
DestroyWindow
CreateDialogParamW
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
ShowWindow
GetActiveWindow
LoadStringW
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
EndDialog
GetWindow
SystemParametersInfoW
GetWindowRect
GetClientRect
MapWindowPoints
GetDlgItem
SetWindowTextW
GetParent
SendMessageW
GetWindowLongW
SetWindowLongW
SetWindowPos
GetDesktopWindow
IsWindowVisible
UnregisterClassA
DialogBoxParamW

gdi32

CreateCompatibleDC
GetWindowExtEx
GetViewportExtEx
SetMapMode
CreateCompatibleBitmap
GetDeviceCaps
DeleteObject
GetStockObject
SetBkMode
DeleteDC
SelectObject
CreateFontIndirectW
GetMapMode
GetObjectW

advapi32

RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerW
RegEnumKeyExW
RegOpenKeyW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegQueryInfoKeyW

shell32

ShellExecuteW
ShellExecuteExW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW

ole32

CoTaskMemRealloc
CoInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoTaskMemFree

oleaut32

VarUI4FromStr
OleLoadPicture

comctl32

PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW

Sections

.text
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17f5d5aeb7c898aa0d41b99ce5af5d41

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

03:04Certificate

Extended Key Usages

Key Usages

27:7cCertificate

Key Usages

f9:11:aa:75:aa:fc:ad:bf:20:8e:cb:42:94:a3:c1:c6:e4:9a:fa:d5Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: 178KB - Virtual size: 178KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 38KB - Virtual size: 38KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

03:04
Certificate

27:7c
Certificate

f9:11:aa:75:aa:fc:ad:bf:20:8e:cb:42:94:a3:c1:c6:e4:9a:fa:d5
Signer

.text
Size: 178KB - Virtual size: 178KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 38KB - Virtual size: 38KB