21d626c07e9d63973bf3e9d1619852c1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

21d626c07e9d63973bf3e9d1619852c1_JaffaCakes118
Size

293KB
MD5

21d626c07e9d63973bf3e9d1619852c1
SHA1

09c6a32e0878f9d3e124fb7257612236afa44199
SHA256

987fce8190c4fad68b9723dc443960030e97029ed735884430ce2b6e003c766c
SHA512

cdc0d86124cb8f77642d148c95ce5f2a82971f6dc2ed4b4d71d70d40ad4ca44f54bff719c7c6489ec7be0a61bb4185e37196dacead88a1029e0eabf07c785282
SSDEEP

3072:Bc/IC5h2Gz46utWpCYjFS461zW0JS5W/mOvnv5AhawuNmAT118WttvAFeeVLJSl/:m/ICHC08S5pOSh5uNMilSEXHWY

Score

1^/10

Malware Config

Signatures

Files

21d626c07e9d63973bf3e9d1619852c1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e792a36cd4f7bf250760adee35ab25b5

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:ba:d2:0f:63:1d:29:f3:a7:b3:b3:81:d8:c5:5d:25
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

10/06/2005, 00:00

Not After

10/06/2006, 23:59

Subject

CN=Rsupport Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Marketing Team,O=Rsupport Co.\, Ltd.,L=Songpa-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

GlobalFlags
GlobalReAlloc
TlsSetValue
LocalReAlloc
GlobalHandle
TlsFree
SizeofResource
GetProcessVersion
GetCPInfo
GetOEMCP
TlsGetValue
GetCurrentDirectoryA
RtlUnwind
HeapFree
SetEnvironmentVariableA
SetCurrentDirectoryA
GetStartupInfoA
ExitProcess
HeapAlloc
RaiseException
CreateThread
ExitThread
SetStdHandle
GetACP
HeapReAlloc
SetErrorMode
TlsAlloc
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
LockResource
GlobalUnlock
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
GetFileAttributesA
MulDiv
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
GlobalAlloc
lstrcmpA
GetCurrentThread
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GlobalLock
HeapSize
GlobalFree
GetSystemDirectoryA
GetPrivateProfileSectionA
OpenFile
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
CreateProcessA
GetTickCount
SetLastError
CreateDirectoryA
GetCurrentProcessId
WaitForSingleObject
GetVersionExA
GetCurrentProcess
LoadLibraryA
GetProcAddress
FreeLibrary
OpenProcess
TerminateProcess
lstrcmpiA
GetFileSize
lstrlenA
ReadFile
DeleteFileA
CreateFileA
WriteFile
Sleep
CloseHandle
GetLastError
GetProfileStringA
FindResourceA
LoadResource
GetVolumeInformationA
GetFullPathNameA
UnlockFile
SetEndOfFile
DuplicateHandle
LockFile
FlushFileBuffers
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
LocalAlloc
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
lstrcpyA
lstrcpynA
GetFileTime
FormatMessageA
LocalFree
SetFilePointer
FileTimeToLocalFileTime
FileTimeToSystemTime
FindFirstFileA
FindClose
GetThreadLocale
GetTempPathA
GetExitCodeProcess
SetFileAttributesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
WinExec
GetCommandLineA
CopyFileA
SetUnhandledExceptionFilter
GetModuleHandleA
GetWindowsDirectoryA
GetFileType
GetTimeZoneInformation
LCMapStringA

user32

InvalidateRect
RegisterClipboardFormatA
PostThreadMessageA
DestroyMenu
GetSysColorBrush
LoadCursorA
PtInRect
GetClassNameA
LoadStringA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GetDC
MapDialogRect
SetWindowContextHelpId
GetMessageA
ValidateRect
GetCursorPos
SetCursor
PostQuitMessage
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
ShowWindow
SetWindowTextA
IsDialogMessageA
MessageBeep
InflateRect
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
GetFocus
SetFocus
AdjustWindowRectEx
ScreenToClient
GetClientRect
CopyRect
IsWindowVisible
GetTopWindow
IsChild
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetNextDlgGroupItem
SetRect
CopyAcceleratorTableA
CharNextA
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
UnhookWindowsHookEx
CharUpperA
wsprintfA
GetParent
GetDesktopWindow
GetLastActivePopup
SetForegroundWindow
MessageBoxA
TranslateMessage
DispatchMessageA
PeekMessageA
KillTimer
PostMessageA
LoadImageA
LoadIconA
SetTimer
EnableWindow
IsWindow
GetSystemMetrics
GetWindowRect
MoveWindow
SendMessageA
GetCapture
ReleaseDC
DrawFocusRect
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DefDlgProcA
IsWindowUnicode

gdi32

SetTextColor
BitBlt
SetBkColor
GetObjectA
CreateBitmap
PatBlt
GetClipBox
DeleteDC
GetTextExtentPointA
CreateCompatibleDC
CreateDIBitmap
DeleteObject
GetViewportExtEx
GetWindowExtEx
GetDeviceCaps
CreateSolidBrush
RectVisible
TextOutA
PtVisible
Escape
ExtTextOutA
GetTextColor
DPtoLP
GetBkColor
GetMapMode
LPtoDP
IntersectClipRect
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RevertToSelf
ImpersonateLoggedOnUser
RegEnumKeyExA
RegDeleteValueA
RegOpenKeyA
RegSetValueExA
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
CreateProcessAsUserA

shell32

ShellExecuteA

comctl32

ord17

oledlg

ord8

ole32

CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoTaskMemFree
CreateILockBytesOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoRegisterMessageFilter

olepro32

ord253

oleaut32

SysAllocStringByteLen
SysAllocString
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString
SysStringLen

wininet

InternetQueryOptionA
InternetSetOptionA
HttpOpenRequestA
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpSendRequestA
InternetCrackUrlA
InternetReadFile
HttpQueryInfoA

msvcrt

_strlwr
_strupr

Sections

.text
Size: 188KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e792a36cd4f7bf250760adee35ab25b5

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

79:ba:d2:0f:63:1d:29:f3:a7:b3:b3:81:d8:c5:5d:25Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wininet

msvcrt

Sections

.text Size: 188KB - Virtual size: 184KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 20KB - Virtual size: 36KB

.rsrc Size: 36KB - Virtual size: 34KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

79:ba:d2:0f:63:1d:29:f3:a7:b3:b3:81:d8:c5:5d:25
Certificate

.text
Size: 188KB - Virtual size: 184KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 20KB - Virtual size: 36KB

.rsrc
Size: 36KB - Virtual size: 34KB