1c8f22a61c04151563320d450c002efd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1c8f22a61c04151563320d450c002efd_JaffaCakes118
Size

533KB
MD5

1c8f22a61c04151563320d450c002efd
SHA1

0e4d70096f8588d41820953946c843a174550e22
SHA256

f2511304af66704980fec447e8b54982a276fb0dfa820656027e376f01dc6898
SHA512

22e5cda47ea1c6fe5b5bdd77db85920e646b2ccc2fac263238b96f5f9d5b99dd991cd566a20f75f782e9128799f019ef3fadd86437808462e3fa50b0cf28a26c
SSDEEP

6144:Fno+8bUYVlm0TIr7xxhblSsE1Fd+7gbXIzSPJP0vEQb+ob1ilaBqwqbovnTFgOi:7dY+0TIZxhMLIk0zSBDQ7bawkovnTbi

Score

1^/10

Malware Config

Signatures

Files

1c8f22a61c04151563320d450c002efd_JaffaCakes118
.exe windows:6 windows x86 arch:x86

a6369c54f46f5552ec98c2d4263d1b03

Code Sign

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

02/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:ab:dc:23:7d:1b:a3:16:64:ba:4e:7b:05:f2:36:52
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

10/07/2009, 00:00

Not After

15/08/2012, 23:59

Subject

CN=PC Tools,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=PC Tools,L=Melbourne,ST=Victoria,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:2d:5d:c4:16:e5:d9:ae:2e:83:31:43:24:2e:71:b0:d1:ee:8f:ae
Signer

Actual PE Digest

32:2d:5d:c4:16:e5:d9:ae:2e:83:31:43:24:2e:71:b0:d1:ee:8f:ae

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\Exploit_FFToolbar\Sources\bin\BDTUpdateService.pdb

Imports

wininet

InternetReadFile
InternetOpenUrlW
InternetOpenW
HttpQueryInfoW
InternetCloseHandle

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses

kernel32

WriteFile
MultiByteToWideChar
LoadLibraryExW
CreateFileW
OutputDebugStringW
Sleep
SetFilePointer
GetCommandLineW
OpenMutexW
OpenEventW
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
GetTickCount
GetCurrentProcessId
lstrlenA
FindClose
FindFirstFileW
CreateThread
CreateDirectoryW
MoveFileExW
EnterCriticalSection
LeaveCriticalSection
GetFileSize
ReadFile
WideCharToMultiByte
GetSystemTime
GetVersionExW
GetModuleHandleW
Module32NextW
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetExitCodeThread
VirtualFreeEx
Module32FirstW
GetWindowsDirectoryW
GetSystemDirectoryW
GetTempPathW
SetThreadPriority
GetThreadPriority
TerminateThread
SetFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
GetFileAttributesW
MapViewOfFileEx
CompareStringA
CreateFileA
SetEndOfFile
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
LoadLibraryA
IsValidLocale
EnumSystemLocalesA
GetCurrentThreadId
CreateToolhelp32Snapshot
Process32FirstW
ProcessIdToSessionId
Process32NextW
FreeLibrary
GetProcAddress
lstrcpyW
LoadLibraryW
lstrcmpiW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
OpenProcess
TerminateProcess
DeleteFileW
GetModuleFileNameW
WaitForMultipleObjects
InterlockedDecrement
GetSystemTimeAsFileTime
InterlockedIncrement
WaitForSingleObject
ReleaseMutex
CreateMutexW
SetEvent
ResetEvent
CreateEventW
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
CloseHandle
GetLastError
CompareStringW
SetEnvironmentVariableA
RtlUnwind
ExitThread
GetStartupInfoW
GetUserDefaultLCID
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
GetModuleFileNameA
HeapCreate
VirtualAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
VirtualFree
IsValidCodePage
GetOEMCP
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
GetVersionExA
HeapDestroy
HeapSize
InterlockedExchange
LCMapStringA

user32

GetForegroundWindow
CharLowerBuffW
wsprintfW
LoadStringW
CharNextW
CharUpperW
UnregisterClassA
MessageBoxW
GetMessageW
TranslateMessage
PostThreadMessageW
DispatchMessageW
PeekMessageW

advapi32

SetTokenInformation
CryptAcquireContextW
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptDestroyHash
RegOpenCurrentUser
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
RegNotifyChangeKeyValue
ChangeServiceConfigW
CreateProcessAsUserW
ControlService
DeleteService
OpenProcessToken
DuplicateTokenEx
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumKeyExW
CreateServiceW
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
SetNamedSecurityInfoW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
SHFileOperationW

ole32

CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc

oleaut32

VarI4FromStr
SysAllocString
VariantClear
SysAllocStringLen
SysStringLen
SysFreeString
VarUI4FromStr

shlwapi

PathRemoveExtensionW
PathFileExistsW
PathMatchSpecW
PathAddBackslashW
PathCombineW
PathAppendW
PathFindFileNameW
PathRemoveFileSpecW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

dbghelp

ImageDirectoryEntryToData

Sections

.text
Size: 428KB - Virtual size: 427KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6369c54f46f5552ec98c2d4263d1b03

Code Sign

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:beCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

42:ab:dc:23:7d:1b:a3:16:64:ba:4e:7b:05:f2:36:52Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

32:2d:5d:c4:16:e5:d9:ae:2e:83:31:43:24:2e:71:b0:d1:ee:8f:aeSigner

Headers

File Characteristics

PDB Paths

Imports

wininet

psapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

dbghelp

Sections

.text Size: 428KB - Virtual size: 427KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 12KB - Virtual size: 25KB

.tls Size: 4KB - Virtual size: 9B

.rsrc Size: 4KB - Virtual size: 3KB

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

42:ab:dc:23:7d:1b:a3:16:64:ba:4e:7b:05:f2:36:52
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

32:2d:5d:c4:16:e5:d9:ae:2e:83:31:43:24:2e:71:b0:d1:ee:8f:ae
Signer

.text
Size: 428KB - Virtual size: 427KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 12KB - Virtual size: 25KB

.tls
Size: 4KB - Virtual size: 9B

.rsrc
Size: 4KB - Virtual size: 3KB