1c8195a15d83a969e1c7615c108d3035_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1c8195a15d83a969e1c7615c108d3035_JaffaCakes118
Size

232KB
MD5

1c8195a15d83a969e1c7615c108d3035
SHA1

31e8691162b89d862c085cdd618eeeeff3015067
SHA256

1ebebe4cf789d000f700d89be46dbbfc2b1edca283dc4e2e46eeb0a6d1133144
SHA512

c6d6b6dce3b043c2bb621cbeaa59f6f26953f893f88dd7c792228d2e7b4644604cf05520d2d5309103321b8edb51280d9992b2ccaeac5600123287c33c088d16
SSDEEP

3072:U+/0hiL35cEMkwreSyKws0XmdeqUqr6ejFp+HoqEQD6IZG8uvsGJBbV:hFL35cEfwRKWdefqJhprq7n4vT1

Score

1^/10

Malware Config

Signatures

Files

1c8195a15d83a969e1c7615c108d3035_JaffaCakes118
.exe windows:5 windows x64 arch:x64

f71897fb99dedf050ee0af7a51a83856

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18-12-2008 00:00

Not After

18-12-2011 23:59

Subject

CN=Hewlett-Packard Company,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Hewlett-Packard Company,O=Hewlett-Packard Company,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ff:ec:9c:85:c7:fd:21:d2:4d:51:bf:0f:f9:94:32:dd:cb:53:55:f4
Signer

Actual PE Digest

ff:ec:9c:85:c7:fd:21:d2:4d:51:bf:0f:f9:94:32:dd:cb:53:55:f4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\prog\vendors\OSR\HP3DGSR_Vista\Release\x64\HpTile2.pdb

Imports

accelerometerdll

?IsSoftwareEnabled@@YAKPEAXPEAE@Z
?RegisterForAccelerometerEnabledEvent@@YAPEAXPEAUHWND__@@PEAX@Z
?GetAccelerometerProperty@@YAKPEAXW4_ACCELEROMETER_PROPERTY_FLAGS@@0@Z
?FindAccelerometerDevice@@YAEPEAPEAX@Z

kernel32

MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
RaiseException
CloseHandle
CreateThread
CreateEventW
WaitForSingleObject
GetCurrentThreadId
DeleteCriticalSection
SetEvent
InitializeCriticalSection
GetCurrentProcess
GetEnvironmentVariableW
ReleaseMutex
CreateMutexW
LockResource
FindResourceExW
EnterCriticalSection
FreeLibrary
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetFilePointer
WideCharToMultiByte
GetLocaleInfoA
GetLastError
GetModuleFileNameW
lstrlenW
GetProcAddress
Sleep
GetCommandLineW
GetModuleHandleW
CreateFileA
FlushFileBuffers
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
FlsAlloc
SetLastError
FlsFree
FlsSetValue
SetHandleCount
GetEnvironmentStringsW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapSetInformation
HeapCreate
EncodePointer
DecodePointer
FlsGetValue
FreeEnvironmentStringsW

user32

DispatchMessageW
TranslateMessage
GetMessageW
CharUpperW
ShowWindow
IsIconic
SetForegroundWindow
FindWindowW
CharNextW
LoadStringW
PostThreadMessageW
SendMessageTimeoutW
DestroyWindow
SetWindowLongPtrW
GetWindowLongPtrW
DefWindowProcW
RegisterClassExW
CreateWindowExW
LoadImageW

advapi32

RegEnumKeyExW
TraceMessage
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegQueryInfoKeyW

shell32

ShellExecuteW
SHGetFileInfoW

ole32

CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc
CoUninitialize
StringFromCLSID
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
StringFromGUID2

oleaut32

LoadRegTypeLi
VarUI4FromStr
UnRegisterTypeLi
LoadTypeLi
SysStringLen
RegisterTypeLi
SysAllocString
SysFreeString

shlwapi

StrCatW

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Ѡ
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f71897fb99dedf050ee0af7a51a83856

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cfCertificate

Extended Key Usages

Key Usages

ff:ec:9c:85:c7:fd:21:d2:4d:51:bf:0f:f9:94:32:dd:cb:53:55:f4Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

accelerometerdll

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 106KB - Virtual size: 106KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 7KB - Virtual size: 16KB

.pdata Size: 7KB - Virtual size: 7KB

Ѡ Size: 65KB - Virtual size: 65KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cf
Certificate

ff:ec:9c:85:c7:fd:21:d2:4d:51:bf:0f:f9:94:32:dd:cb:53:55:f4
Signer

.text
Size: 106KB - Virtual size: 106KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 7KB - Virtual size: 16KB

.pdata
Size: 7KB - Virtual size: 7KB

Ѡ
Size: 65KB - Virtual size: 65KB