1683d989e115f9a0d47b489834c3ab63_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1683d989e115f9a0d47b489834c3ab63_JaffaCakes118
Size

3.6MB
MD5

1683d989e115f9a0d47b489834c3ab63
SHA1

088290dc4a06edad6bd1088c97b4afce85ee4a01
SHA256

01c6f62a3d98550a7603f91ea9bb16d680073b148a8e12e2a8f05c75b00b4b59
SHA512

24944a8ae7c64057405dc28c2ecf48ce31daec2929391c7031255a546c7ddbfc50b0a02260142b8312844e91ad126e4e2644a94b7ecd7c07f9654515ca66bc2e
SSDEEP

98304:a0hNKuXku9QQaWnGGj4BkqRxscH7zDtJOTx9+qScmK:1QyGU4JRxsczSVsxcD

Score

1^/10

Malware Config

Signatures

Files

1683d989e115f9a0d47b489834c3ab63_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ccadba51b26e4f832454dce384dc6e17

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

30:e6:88:41:8a:08:2c:86:08:1e:57:01:45:9a:ff:52
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

18/01/2010, 00:00

Not After

18/01/2012, 23:59

Subject

CN=Serhiy Horobets,O=Serhiy Horobets,POSTALCODE=03127,STREET=Sechenova st. 7a - 38,L=Kiev,ST=Kiev,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dd:95:c3:4d:24:32:c4:62:fe:1a:5a:fe:c8:19:7b:92:5e:e2:a0:24
Signer

Actual PE Digest

dd:95:c3:4d:24:32:c4:62:fe:1a:5a:fe:c8:19:7b:92:5e:e2:a0:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BranchAI\win\Release\stubs\x86a\setup.pdb

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

lstrlenA
lstrcpynA
lstrcmpA
GlobalLock
GlobalUnlock
GlobalFree
GlobalAlloc
MultiByteToWideChar
GetSystemTime
FindFirstFileA
FormatMessageA
CreateProcessA
GetExitCodeProcess
ReadFile
GetVersion
FindClose
GetStringTypeExA
GetDiskFreeSpaceA
GetModuleHandleA
CreateDirectoryA
GetEnvironmentVariableA
RemoveDirectoryA
LoadLibraryExA
EnumResourceLanguagesA
GetSystemDefaultLangID
GetUserDefaultLangID
GetTempPathA
GetTempFileNameA
FindNextFileA
GetLogicalDriveStringsA
GetDriveTypeA
GetSystemDirectoryA
GetWindowsDirectoryA
GlobalMemoryStatus
GetModuleFileNameA
TerminateProcess
CreateNamedPipeA
ConnectNamedPipe
SearchPathA
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
lstrlenW
GetShortPathNameA
CreateMutexA
GetCommandLineA
SetCurrentDirectoryA
GetFileAttributesA
SetFileAttributesA
CopyFileA
HeapDestroy
LocalAlloc
GetLocalTime
OutputDebugStringA
GetCurrentProcessId
HeapAlloc
HeapSize
DebugBreak
ExitProcess
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
lstrcatA
lstrcpyA
VirtualProtect
FlushInstructionCache
HeapReAlloc
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
MulDiv
GetProcessHeap
HeapFree
FreeLibrary
lstrcmpiA
GetProcAddress
LoadLibraryA
ResetEvent
FlushFileBuffers
Sleep
WriteFile
MoveFileA
DeleteFileA
GetFileSize
SetFilePointer
CreateFileA
SetEvent
CreateEventA
CreateThread
SetLastError
TerminateThread
GetExitCodeThread
WaitForSingleObject
GetLastError
FindResourceExA
LoadResource
LockResource
SizeofResource
FindResourceA
WideCharToMultiByte
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
InitializeCriticalSection
RaiseException
DeleteCriticalSection
CloseHandle
VirtualAlloc
GetSystemInfo
VirtualQuery
OpenProcess
RtlUnwind

user32

LoadImageA
MsgWaitForMultipleObjects
ScreenToClient
GetSubMenu
LoadMenuA
TrackPopupMenu
ExitWindowsEx
GetDC
GetSystemMetrics
LoadIconA
GetScrollPos
GetScrollRange
ModifyMenuA
DefWindowProcA
CallWindowProcA
RemovePropA
SetPropA
GetDlgCtrlID
MessageBoxA
KillTimer
SetTimer
DestroyMenu
EnableMenuItem
GetSystemMenu
EnableWindow
SetForegroundWindow
CreateDialogParamA
DispatchMessageA
GetForegroundWindow
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
DialogBoxParamA
GetActiveWindow
SetWindowLongA
InvalidateRect
SetWindowPos
RedrawWindow
SetFocus
MessageBeep
ShowWindow
SendMessageA
SetDlgItemTextA
GetWindowTextA
GetWindowTextLengthA
GetWindowRect
TranslateMessage
PeekMessageA
GetPropA
CreateWindowExA
IsWindow
GetClientRect
DestroyWindow
GetWindowLongA
EndDialog
GetWindow
SystemParametersInfoA
GetParent
GetDlgItem
PostQuitMessage
FindWindowA
CopyRect
ReleaseDC
PostMessageA
GetWindowDC
IsWindowVisible
GetDesktopWindow
wvsprintfA
CharNextA
SetWindowTextA
LoadStringA
UnregisterClassA
MapWindowPoints

gdi32

GetObjectA
CreateFontIndirectA
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetWindowExtEx
GetViewportExtEx
SetMapMode
GetMapMode
GetDeviceCaps
DeleteObject
GetStockObject
DeleteDC
SetBkMode

advapi32

RegCreateKeyA
CloseServiceHandle
UnlockServiceDatabase
StartServiceA
QueryServiceStatus
OpenServiceA
GetUserNameA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegEnumValueA
RegOpenKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
LockServiceDatabase
RegEnumKeyExA
OpenSCManagerA
RegSetValueExA

shell32

SHGetSpecialFolderLocation
SHBrowseForFolderA
ShellExecuteA
ShellExecuteExA
SHGetMalloc
SHGetPathFromIDListA

ole32

CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
StgCreateDocfileOnILockBytes
CoTaskMemFree
CoUninitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

VarUI4FromStr
OleLoadPicture

shlwapi

PathFileExistsA

comctl32

PropertySheetA
CreatePropertySheetPageA
DestroyPropertySheetPage

Sections

.text
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ccadba51b26e4f832454dce384dc6e17

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

30:e6:88:41:8a:08:2c:86:08:1e:57:01:45:9a:ff:52Certificate

Extended Key Usages

Key Usages

dd:95:c3:4d:24:32:c4:62:fe:1a:5a:fe:c8:19:7b:92:5e:e2:a0:24Signer

Headers

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 175KB - Virtual size: 174KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 81KB - Virtual size: 80KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

30:e6:88:41:8a:08:2c:86:08:1e:57:01:45:9a:ff:52
Certificate

dd:95:c3:4d:24:32:c4:62:fe:1a:5a:fe:c8:19:7b:92:5e:e2:a0:24
Signer

.text
Size: 175KB - Virtual size: 174KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 81KB - Virtual size: 80KB