22c59a6e0e720478b0b9422329ee124e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

22c59a6e0e720478b0b9422329ee124e_JaffaCakes118
Size

651KB
MD5

22c59a6e0e720478b0b9422329ee124e
SHA1

05ad331d83b3432de219da93198919bad35400a2
SHA256

99c8aeb94c3a4bbc35efd7cb9a39d6f54f23352f8fe58f64c56d1d9ffcd190b7
SHA512

8e4f9392fecb493fc8698f399252f529ab6b59ff2fddd65652876e2abd5d0ce17dbf47828d9fdb8c025844a3043b1ac4148be50c9ab93e718f8121c573eba553
SSDEEP

12288:X7KHVFOLXNqQvT1Em5IxdqwsxAV8dJS7QqyIi/DTVqn6YEpMVi:X7KHVLm5AV8dJ3qyIgDTV+6YsMM

Score

1^/10

Malware Config

Signatures

Files

22c59a6e0e720478b0b9422329ee124e_JaffaCakes118
.exe windows:6 windows x86 arch:x86

502edc40f2d7d6cf2177254990c7d551

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:88:18:fb:72:46:bf:6f:22:fa:d9:45:d9:a2:b5:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

31/03/2011, 00:00

Not After

30/03/2014, 23:59

Subject

CN=Juniper Networks\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ASG-Engineering 2011,O=Juniper Networks\, Inc.,L=Sunnyvale,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\src\ssl-vpnBuild\win32\rr\Release\dsNcService.pdb

Imports

ws2_32

recvfrom
sendto
getsockopt
select
WSAIoctl
__WSAFDIsSet
WSASetLastError
getservbyport
gethostbyaddr
getservbyname
WSAEventSelect
ntohl
ntohs
inet_addr
accept
recv
send
connect
socket
WSAGetLastError
ioctlsocket
setsockopt
bind
listen
getsockname
closesocket
inet_ntoa
htonl
gethostbyname
htons
WSAStartup
gethostname
WSACleanup

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

GetStringTypeW
LoadLibraryW
MoveFileA
GetFileInformationByHandle
SetFilePointer
InterlockedCompareExchange
FatalAppExitA
GetVersionExA
GetSystemDirectoryA
GetCurrentProcess
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
GetCurrentThreadId
GetLocalTime
GetLocaleInfoA
GetTempPathA
OpenFileMappingA
CreateMutexA
ReleaseMutex
InterlockedExchange
SetConsoleCtrlHandler
Sleep
GetModuleFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
WritePrivateProfileStringA
GetPrivateProfileStringA
GetStringTypeA
GetTimeZoneInformation
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
GetCurrentProcessId
TlsAlloc
CreateDirectoryA
FindFirstFileA
FindNextFileA
FindClose
TlsFree
WriteFile
PulseEvent
GetFileSize
GetComputerNameW
ProcessIdToSessionId
GetTempFileNameA
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
WaitForSingleObject
CreateThread
DeleteFileA
CloseHandle
UnmapViewOfFile
GetEnvironmentVariableA
MapViewOfFile
CreateFileMappingA
GetLastError
CreateFileA
CreateEventA
GetModuleHandleA
SetEvent
SleepEx
LocalFree
lstrlenA
FormatMessageA
ResetEvent
WideCharToMultiByte
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetConsoleOutputCP
LCMapStringA
RaiseException
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetCurrentThread
InterlockedDecrement
InterlockedIncrement
HeapReAlloc
GetModuleFileNameW
GetStdHandle
GetFileType
WriteConsoleW
GetDateFormatA
GetTimeFormatA
GlobalFree
GlobalAlloc
LocalAlloc
ReadFile
GetWindowsDirectoryA
DeviceIoControl
GetOverlappedResult
CancelIo
GetExitCodeProcess
CreateProcessA
MultiByteToWideChar
GetPrivateProfileSectionA
GetSystemInfo
WaitForMultipleObjectsEx
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSection
LoadLibraryExA
ExitThread
GetTickCount
ExitProcess
HeapAlloc
HeapFree
RtlUnwind
ResumeThread
GetCommandLineA
GetProcessHeap
GetStartupInfoA
GetSystemTimeAsFileTime
WriteConsoleA

user32

CreateWindowExA
RegisterClassA
GetMessageA
LoadIconA
SendMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
LoadCursorA
DestroyWindow
GetDesktopWindow

gdi32

GetStockObject

advapi32

CryptCreateHash
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
DuplicateTokenEx
GetLengthSid
SetTokenInformation
CreateProcessAsUserA
OpenProcessToken
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryInfoKeyA
QueryServiceConfigA
ChangeServiceConfigA
RegEnumKeyExA
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExA
CryptHashData
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
RevertToSelf
RegOpenKeyA
GetUserNameA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerExA
RegQueryValueExA
RegDeleteValueA
ControlService
DeleteService
CreateServiceA
SetServiceStatus
RegOpenKeyExA
RegSetValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
QueryServiceStatus
StartServiceA
CloseServiceHandle
RegisterEventSourceA
ReportEventA
DeregisterEventSource
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetFolderPathA
SHGetSpecialFolderLocation

iphlpapi

DeleteIpForwardEntry
CreateIpForwardEntry
IpReleaseAddress
IpRenewAddress
GetIpForwardTable
GetAdaptersInfo
GetInterfaceInfo
GetIfEntry
GetIpAddrTable
GetAdapterIndex

crypt32

CertFreeCertificateChain
CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CryptMsgClose
CertCloseStore
CertGetCertificateChain

wininet

HttpSendRequestExA
InternetErrorDlg
InternetQueryDataAvailable
HttpQueryInfoA
InternetReadFile
InternetSetCookieA
InternetGetCookieA
InternetSetStatusCallback
InternetOpenA
InternetConnectA
InternetReadFileExA
HttpEndRequestA
InternetWriteFile
HttpOpenRequestA
HttpAddRequestHeadersA
InternetCloseHandle

setupapi

SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList

Sections

.text
Size: 468KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

502edc40f2d7d6cf2177254990c7d551

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

1a:88:18:fb:72:46:bf:6f:22:fa:d9:45:d9:a2:b5:3eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

version

kernel32

user32

gdi32

advapi32

shell32

iphlpapi

crypt32

wininet

setupapi

Sections

.text Size: 468KB - Virtual size: 464KB

.rdata Size: 116KB - Virtual size: 113KB

.data Size: 16KB - Virtual size: 92KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 28KB - Virtual size: 27KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

1a:88:18:fb:72:46:bf:6f:22:fa:d9:45:d9:a2:b5:3e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 468KB - Virtual size: 464KB

.rdata
Size: 116KB - Virtual size: 113KB

.data
Size: 16KB - Virtual size: 92KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 28KB - Virtual size: 27KB