25d40ad7ae5fe052211b17f79764032d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

25d40ad7ae5fe052211b17f79764032d_JaffaCakes118
Size

1.9MB
MD5

25d40ad7ae5fe052211b17f79764032d
SHA1

6adc13ef3f11a7f2734a109d085865f9b9f10d13
SHA256

b9072e68a42bad862224c355d5e1f2ba0a808be88008b0efb0e801b8c3e55b97
SHA512

1596d035e76e03808eb0deb63a039624eb28d439a2f76183a9a00639401879590e6a80e5111fa49c144919769c66bd532c15c4f2314fa3615931c45037a6749f
SSDEEP

49152:30SUqU1UaQQUPNGOtzFNzvh7XyQNf7rR6tdYNdd/n:30SUqU1UaQQSJHvhTVNfvYtKl

Score

1^/10

Malware Config

Signatures

Files

25d40ad7ae5fe052211b17f79764032d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ccadba51b26e4f832454dce384dc6e17

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

30:e6:88:41:8a:08:2c:86:08:1e:57:01:45:9a:ff:52
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

18/01/2010, 00:00

Not After

18/01/2012, 23:59

Subject

CN=Serhiy Horobets,O=Serhiy Horobets,POSTALCODE=03127,STREET=Sechenova st. 7a - 38,L=Kiev,ST=Kiev,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d0:a1:28:a8:58:2a:9d:ac:a9:0e:82:ad:f5:e9:4f:02:25:45:e8:42
Signer

Actual PE Digest

d0:a1:28:a8:58:2a:9d:ac:a9:0e:82:ad:f5:e9:4f:02:25:45:e8:42

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BranchAI\win\Release\stubs\x86a\setup.pdb

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

lstrlenA
lstrcpynA
lstrcmpA
GlobalLock
GlobalUnlock
GlobalFree
GlobalAlloc
MultiByteToWideChar
GetSystemTime
FindFirstFileA
FormatMessageA
CreateProcessA
GetExitCodeProcess
ReadFile
GetVersion
FindClose
GetStringTypeExA
GetDiskFreeSpaceA
GetModuleHandleA
CreateDirectoryA
GetEnvironmentVariableA
RemoveDirectoryA
LoadLibraryExA
EnumResourceLanguagesA
GetSystemDefaultLangID
GetUserDefaultLangID
GetTempPathA
GetTempFileNameA
FindNextFileA
GetLogicalDriveStringsA
GetDriveTypeA
GetSystemDirectoryA
GetWindowsDirectoryA
GlobalMemoryStatus
GetModuleFileNameA
TerminateProcess
CreateNamedPipeA
ConnectNamedPipe
SearchPathA
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
lstrlenW
GetShortPathNameA
CreateMutexA
GetCommandLineA
SetCurrentDirectoryA
GetFileAttributesA
SetFileAttributesA
CopyFileA
HeapDestroy
LocalAlloc
GetLocalTime
OutputDebugStringA
GetCurrentProcessId
HeapAlloc
HeapSize
DebugBreak
ExitProcess
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
lstrcatA
lstrcpyA
VirtualProtect
FlushInstructionCache
HeapReAlloc
GetCurrentProcess
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
MulDiv
GetProcessHeap
HeapFree
FreeLibrary
lstrcmpiA
GetProcAddress
LoadLibraryA
ResetEvent
FlushFileBuffers
Sleep
WriteFile
MoveFileA
DeleteFileA
GetFileSize
SetFilePointer
CreateFileA
SetEvent
CreateEventA
CreateThread
SetLastError
TerminateThread
GetExitCodeThread
WaitForSingleObject
GetLastError
FindResourceExA
LoadResource
LockResource
SizeofResource
FindResourceA
WideCharToMultiByte
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
InitializeCriticalSection
RaiseException
DeleteCriticalSection
CloseHandle
VirtualAlloc
GetSystemInfo
VirtualQuery
OpenProcess
RtlUnwind

user32

LoadImageA
MsgWaitForMultipleObjects
ScreenToClient
GetSubMenu
LoadMenuA
TrackPopupMenu
ExitWindowsEx
GetDC
GetSystemMetrics
LoadIconA
GetScrollPos
GetScrollRange
ModifyMenuA
DefWindowProcA
CallWindowProcA
RemovePropA
SetPropA
GetDlgCtrlID
MessageBoxA
KillTimer
SetTimer
DestroyMenu
EnableMenuItem
GetSystemMenu
EnableWindow
SetForegroundWindow
CreateDialogParamA
DispatchMessageA
GetForegroundWindow
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
DialogBoxParamA
GetActiveWindow
SetWindowLongA
InvalidateRect
SetWindowPos
RedrawWindow
SetFocus
MessageBeep
ShowWindow
SendMessageA
SetDlgItemTextA
GetWindowTextA
GetWindowTextLengthA
GetWindowRect
TranslateMessage
PeekMessageA
GetPropA
CreateWindowExA
IsWindow
GetClientRect
DestroyWindow
GetWindowLongA
EndDialog
GetWindow
SystemParametersInfoA
GetParent
GetDlgItem
PostQuitMessage
FindWindowA
CopyRect
ReleaseDC
PostMessageA
GetWindowDC
IsWindowVisible
GetDesktopWindow
wvsprintfA
CharNextA
SetWindowTextA
LoadStringA
UnregisterClassA
MapWindowPoints

gdi32

GetObjectA
CreateFontIndirectA
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetWindowExtEx
GetViewportExtEx
SetMapMode
GetMapMode
GetDeviceCaps
DeleteObject
GetStockObject
DeleteDC
SetBkMode

advapi32

RegCreateKeyA
CloseServiceHandle
UnlockServiceDatabase
StartServiceA
QueryServiceStatus
OpenServiceA
GetUserNameA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegEnumValueA
RegOpenKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
LockServiceDatabase
RegEnumKeyExA
OpenSCManagerA
RegSetValueExA

shell32

SHGetSpecialFolderLocation
SHBrowseForFolderA
ShellExecuteA
ShellExecuteExA
SHGetMalloc
SHGetPathFromIDListA

ole32

CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
StgCreateDocfileOnILockBytes
CoTaskMemFree
CoUninitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

VarUI4FromStr
OleLoadPicture

shlwapi

PathFileExistsA

comctl32

PropertySheetA
CreatePropertySheetPageA
DestroyPropertySheetPage

Sections

.text
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ccadba51b26e4f832454dce384dc6e17

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

30:e6:88:41:8a:08:2c:86:08:1e:57:01:45:9a:ff:52Certificate

Extended Key Usages

Key Usages

d0:a1:28:a8:58:2a:9d:ac:a9:0e:82:ad:f5:e9:4f:02:25:45:e8:42Signer

Headers

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 175KB - Virtual size: 174KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 87KB - Virtual size: 87KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

30:e6:88:41:8a:08:2c:86:08:1e:57:01:45:9a:ff:52
Certificate

d0:a1:28:a8:58:2a:9d:ac:a9:0e:82:ad:f5:e9:4f:02:25:45:e8:42
Signer

.text
Size: 175KB - Virtual size: 174KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 87KB - Virtual size: 87KB