267e02cf17f1d34f473a1849fe86011b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

267e02cf17f1d34f473a1849fe86011b_JaffaCakes118
Size

483KB
MD5

267e02cf17f1d34f473a1849fe86011b
SHA1

dffe1408619b68ae591e02b40b49fc5ff3413770
SHA256

9dc0a77f4a26df00b6f2578826852b98266dd7c6ceafaf498415337873bd9aee
SHA512

9dc2a310594af7ff909d4e9394ee33ac510d6cefd7e7158498bc07b6fd5f308aff5cd5ef274eb3526ab08270ede5554260d4b9ede8300216284ffa265b78823a
SSDEEP

6144:0rYPAUf3VmncB7XTY0OZO2lhZC4JH77N0PkNtbsQYrvk9V8bYX:6YPAYmgM0OHC4JH77N0PkXagE

Score

1^/10

Malware Config

Signatures

Files

267e02cf17f1d34f473a1849fe86011b_JaffaCakes118
.exe windows:4 windows x64 arch:x64

486e28f98b8cf8e4e94e8d192e6156f0

Code Sign

01:00:00:00:00:01:13:9a:c9:74:0d
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

06/07/2007, 09:08

Not After

06/07/2010, 09:08

Subject

CN=HHD Software Ltd.,O=HHD Software Ltd.,C=GB,1.2.840.113549.1.9.1=#0c17636f6e7461637440686864736f6674776172652e636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6e:0d:de:e4:96:0c:db:e5:53:cc:45:cc:52:5e:c4:6e:9b:44:e9:9b
Signer

Actual PE Digest

6e:0d:de:e4:96:0c:db:e5:53:cc:45:cc:52:5e:c4:6e:9b:44:e9:9b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\MyProjects\Elisabeth\release_x64\setup.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetModuleFileNameExW

imagehlp

BindImageEx

rpcrt4

UuidCreate

kernel32

GetTempPathW
SetCurrentDirectoryW
GetTempFileNameW
LoadLibraryW
LockResource
GetProcAddress
SetEvent
RemoveDirectoryW
FreeLibrary
EnterCriticalSection
CreateThread
FindResourceExW
CreateToolhelp32Snapshot
GetVersionExW
Process32FirstW
DeleteFileW
CreateFileW
lstrcmpiW
CreateDirectoryW
GetCurrentThreadId
Process32NextW
GetModuleHandleW
CreateMutexW
GetPrivateProfileStringW
OpenMutexW
GetLastError
GetPrivateProfileIntW
GetCurrentProcessId
CloseHandle
GetPrivateProfileSectionW
SetUnhandledExceptionFilter
GetDriveTypeW
LocalFree
GetDiskFreeSpaceExW
GetCommandLineW
CreateEventW
WideCharToMultiByte
CreateFileMappingW
GetSystemInfo
MoveFileExW
FlushInstructionCache
lstrcpyW
DuplicateHandle
MultiByteToWideChar
LeaveCriticalSection
GetCurrentProcess
GetExitCodeProcess
GetCurrentDirectoryW
SizeofResource
LoadResource
CreateProcessW
InitializeCriticalSection
FindResourceW
LCMapStringA
GetConsoleMode
GetConsoleCP
UnmapViewOfFile
RtlLookupFunctionEntry
RtlVirtualUnwind
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
HeapCreate
HeapSetInformation
ExitProcess
Sleep
FlsAlloc
FlsFree
TlsFree
FlsSetValue
FlsGetValue
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetCPInfo
RtlPcToFileHeader
RtlCaptureContext
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
RtlUnwindEx
GetStartupInfoW
HeapSize
HeapReAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
GetProcessHeap
HeapAlloc
HeapFree
InterlockedPushEntrySList
CompareStringW
FindClose
CopyFileW
FindNextFileW
GetFileSize
LoadLibraryA
SetStdHandle
WriteFile
GetModuleFileNameW
lstrcmpW
GetSystemDirectoryW
lstrlenA
DeleteCriticalSection
FindFirstFileW
GetWindowsDirectoryW
RaiseException
ReadFile
SetLastError
MulDiv
WaitForMultipleObjects
MapViewOfFile
LoadLibraryExW
lstrlenW
WaitForSingleObject
LCMapStringW
GetStringTypeA
CreateFileA
GetStringTypeW
FlushFileBuffers
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

CreateWindowExW
SetFocus
UpdateWindow
SetWindowTextW
SetWindowPos
UnregisterClassA
GetDC
SetWindowLongW
ShowWindow
IsWindowEnabled
SetTimer
GetClientRect
DispatchMessageW
EndDialog
DefWindowProcW
TranslateMessage
SetCapture
MessageBeep
PeekMessageW
MsgWaitForMultipleObjects
EnableWindow
GetFocus
GetCapture
OffsetRect
ReleaseDC
GetActiveWindow
GetDlgItem
LoadBitmapW
DrawFocusRect
GetSysColorBrush
SetWindowLongPtrW
GetWindowRect
GetWindowLongW
GetWindowLongPtrW
BeginPaint
CharNextW
GetWindow
GetSysColor
GetClassNameW
ExitWindowsEx
InvalidateRect
GetDlgCtrlID
LoadCursorW
EndPaint
CallWindowProcW
KillTimer
WaitForInputIdle
CreateDialogParamW
DialogBoxParamW
SendMessageW
SetRectEmpty
PtInRect
ScreenToClient
FillRect
SetCursor
GetWindowTextW
GetSystemMetrics
IsWindow
GetCursorPos
MessageBoxW
LoadImageW
DrawTextW
GetMessagePos
GetWindowTextLengthW
GetNextDlgTabItem
DestroyWindow
ReleaseCapture
SetDlgItemTextW
GetParent

gdi32

GetStockObject
SetBkMode
DeleteObject
GetDeviceCaps
GetObjectW
SetTextColor
SetBkColor
CreateFontIndirectW
SelectObject

advapi32

RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
OpenProcessToken
LookupPrivilegeValueW
CloseServiceHandle
AdjustTokenPrivileges
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerW
RegDeleteValueW
RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW

shell32

SHGetPathFromIDListW
SHChangeNotify
ShellExecuteW
SHGetSpecialFolderPathW
SHBrowseForFolderW
CommandLineToArgvW
SHCreateDirectoryExW

ole32

CLSIDFromString
CoTaskMemAlloc
OleUninitialize
CoTaskMemRealloc
StringFromCLSID
OleInitialize
CoTaskMemFree
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

SHDeleteEmptyKeyW
PathAddBackslashW
PathGetCharTypeW
SHDeleteKeyW

comctl32

InitCommonControlsEx
ImageList_Create
_TrackMouseEvent
ImageList_AddMasked

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��c
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

486e28f98b8cf8e4e94e8d192e6156f0

Code Sign

01:00:00:00:00:01:13:9a:c9:74:0dCertificate

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:08:d9:61:1c:d6Certificate

Key Usages

04:00:00:00:00:01:08:d9:61:24:48Certificate

Key Usages

61:0b:7f:6b:00:00:00:00:00:19Certificate

Key Usages

6e:0d:de:e4:96:0c:db:e5:53:cc:45:cc:52:5e:c4:6e:9b:44:e9:9bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

psapi

imagehlp

rpcrt4

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 171KB - Virtual size: 171KB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 12KB - Virtual size: 20KB

.pdata Size: 7KB - Virtual size: 6KB

���c Size: 226KB - Virtual size: 226KB

01:00:00:00:00:01:13:9a:c9:74:0d
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

04:00:00:00:00:01:08:d9:61:24:48
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

6e:0d:de:e4:96:0c:db:e5:53:cc:45:cc:52:5e:c4:6e:9b:44:e9:9b
Signer

.text
Size: 171KB - Virtual size: 171KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 12KB - Virtual size: 20KB

.pdata
Size: 7KB - Virtual size: 6KB

��c
Size: 226KB - Virtual size: 226KB