25eeba5fc42c6260af35e2b23182f142_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

25eeba5fc42c6260af35e2b23182f142_JaffaCakes118
Size

270KB
MD5

25eeba5fc42c6260af35e2b23182f142
SHA1

c5f492fbeff3e08b77f54353e21feeeb4138d4a7
SHA256

cfce03ac70c64894f4afae91c56ad18e4b2a23d91f0209fae619673214aa94e3
SHA512

b11c5be0e8d40f05590d948527a26b78c88ee4947fc8459f5afd49ec942bf2100371dcc637388b43fa397b0ac254076ecdcf2910b2fb7ee63c01dc8b4b73c85f
SSDEEP

3072:oiTgEemrQKBNSLPxpaLF8iKrddf2sHh1GnNk05ol0A3UAs5XPkEOlUvrxsurl8:oEgEemrbSLPxMxsHDGnZmRs58EOGrX8

Score

1^/10

Malware Config

Signatures

Files

25eeba5fc42c6260af35e2b23182f142_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cc4e71ff559c1d08395d120c11b988fe

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

31:3f:5e:6c:e8:6b:5e:55:78:c9:3a:09:0d:94:7b:28
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/11/2009, 00:00

Not After

01/12/2010, 23:59

Subject

CN=INCA Internet Co.\,Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=INCA Internet Co.\,Ltd.,L=Seoul,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a5:49:11:c9:ba:a9:55:4b:fe:7a:0d:bc:a2:39:df:02:f8:f5:49:46
Signer

Actual PE Digest

a5:49:11:c9:ba:a9:55:4b:fe:7a:0d:bc:a2:39:df:02:f8:f5:49:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Work\nsp2007\Usermode\Bin\Release\Kor\Standard\Symbols\nsperaser.pdb

Imports

mfc80

ord5960
ord1600
ord4282
ord4722
ord3403
ord5214
ord4185
ord6275
ord5073
ord1908
ord5152
ord4244
ord1402
ord3946
ord1617
ord1620
ord5915
ord6725
ord760
ord3684
ord709
ord5403
ord2468
ord3761
ord5731
ord501
ord2368
ord2372
ord1191
ord1187
ord1185
ord3441
ord587
ord741
ord605
ord354
ord4262
ord5203
ord1401
ord5912
ord6724
ord1551
ord1670
ord1671
ord4890
ord4735
ord4212
ord5182
ord1794
ord3641
ord2168
ord4580
ord6067
ord784
ord1084
ord3317
ord2991
ord4240
ord1591
ord2095
ord3164
ord4232
ord1545
ord2086
ord781
ord2469
ord715
ord1006
ord4104
ord907
ord911
ord2657
ord4320
ord4125
ord1903
ord3292
ord1581
ord1643
ord558
ord2835
ord736
ord5969
ord3312
ord1588
ord1646
ord3182
ord6090
ord1790
ord6236
ord4001
ord4123
ord3423
ord3934
ord5640
ord5641
ord4115
ord3204
ord4394
ord3891
ord326
ord3989
ord5613
ord1728
ord1489
ord6118
ord299
ord5235
ord3302
ord6062
ord1482
ord3596
ord2654
ord5634
ord502
ord5635
ord589
ord330
ord1467
ord3587
ord651
ord754
ord416
ord1930
ord1969
ord3680
ord1565
ord3401
ord3997
ord5563
ord1005
ord2884
ord2867
ord631
ord1440
ord2748
ord2288
ord2280
ord386
ord4350
ord3799
ord2878
ord4108
ord4109
ord2272
ord3991
ord3255
ord5331
ord262
ord6297
ord2346
ord6286
ord1580
ord1181
ord5320
ord3328
ord2987
ord3883
ord2370
ord5868
ord5233
ord923
ord928
ord4307
ord2714
ord2838
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4481
ord4261
ord3333
ord566
ord757
ord4541
ord3683
ord266
ord265
ord762
ord2902
ord5637
ord3161
ord3163
ord310
ord2322
ord1123
ord3210
ord3287
ord297
ord304
ord876
ord1486
ord578
ord567
ord758
ord2233
ord2264
ord2263
ord1929
ord1934
ord2367
ord2527
ord5611
ord6060
ord5608
ord6054
ord4161
ord6057
ord5888
ord6037
ord5727
ord5642
ord932
ord930
ord934
ord2390
ord2410
ord2394
ord2400
ord2398
ord2396
ord2413
ord2408
ord2392
ord2415
ord2403
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2862
ord4486
ord3337
ord572
ord1063
ord2248
ord1054
ord2020
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord3948
ord4568
ord5230
ord5213
ord5566
ord2537
ord6703
ord2731
ord5647
ord5523
ord5588
ord5414
ord5401
ord5921
ord5719
ord3180
ord347
ord1279
ord1280
ord602
ord746
ord764
ord1207

msvcr80

_setmbcp
memcpy
_CxxThrowException
_purecall
printf
strlen
_resetstkoflw
_vsnprintf
wcscpy_s
malloc
free
calloc
_recalloc
sprintf_s
_splitpath_s
_mbsnbcmp
labs
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
memmove_s
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
memset
__CxxFrameHandler3
wcslen
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
qsort
_mbsnicmp
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_except_handler4_common
?terminate@@YAXXZ
_amsg_exit
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs

kernel32

GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
GetTickCount
GetFileAttributesA
GetDriveTypeA
GetCurrentProcessId
TerminateThread
CreateThread
InterlockedIncrement
FindFirstFileA
FindNextFileA
FindClose
lstrlenA
lstrcmpiW
GetStringTypeExA
GetStringTypeExW
WideCharToMultiByte
lstrlenW
CompareStringA
CompareStringW
GetEnvironmentVariableA
MultiByteToWideChar
InterlockedExchange
GetVersion
GetEnvironmentVariableW
lstrcmpiA
GetModuleHandleA
GetCurrentProcess
GetSystemInfo
CreateMutexA
CreateProcessA
Sleep
LocalAlloc
LocalFree
GetSystemDefaultLangID
GetUserDefaultLangID
OpenEventA
DeleteCriticalSection
OpenFileMappingA
MapViewOfFile
EnterCriticalSection
SetEvent
WaitForSingleObject
ResetEvent
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
SetLastError
CreateFileA
GetLastError
WaitNamedPipeA
SetNamedPipeHandleState
WriteFile
ReadFile
CloseHandle
GetVersionExA
FreeLibrary
LoadLibraryA
GetProcAddress
GetACP
GetLocaleInfoA
GetThreadLocale
GetSystemTimeAsFileTime

user32

TabbedTextOutA
DrawTextA
OffsetRect
ShowWindow
SetWindowPos
LoadCursorA
PtInRect
SetCursor
RedrawWindow
UpdateWindow
FillRect
CopyRect
GetWindowRect
IsIconic
DrawIcon
GetSystemMetrics
SetRect
SetTimer
IsWindow
CharUpperA
CharUpperW
CharLowerA
IntersectRect
SetRectEmpty
GetIconInfo
CreateIconIndirect
GetDesktopWindow
GetDC
CharLowerW
EnableWindow
ReleaseDC
IsRectEmpty
InflateRect
GetClientRect
GrayStringA
ScreenToClient
DrawIconEx
GetCursorPos
GetParent
InvalidateRect
GetSysColor
LoadIconA
DestroyIcon
SetForegroundWindow
PostMessageA
FindWindowA
SendMessageA
DrawTextExA

gdi32

EndPath
PolyBezier
BeginPath
GetStockObject
CreateFontIndirectA
RoundRect
GetTextExtentPoint32A
LineTo
MoveToEx
CreateRoundRectRgn
FillRgn
StretchBlt
FillPath
SetTextColor
SetBkColor
GetBkColor
GetMapMode
GetViewportExtEx
GetWindowExtEx
DPtoLP
LPtoDP
CreateRectRgnIndirect
CreatePolygonRgn
GetRgnBox
Rectangle
Escape
ExtTextOutA
TextOutA
Polygon
RectVisible
PtVisible
CreateSolidBrush
CreatePen
GetObjectA
CreateBitmap
GetPixel
SetPixel
DeleteObject
DeleteDC
GetDeviceCaps
EnumFontFamiliesExA
BitBlt
CreateCompatibleDC
SetStretchBltMode
SelectObject
CreateCompatibleBitmap

msimg32

GradientFill
TransparentBlt

advapi32

CreateServiceA
QueryServiceStatus
ControlService
StartServiceA
QueryServiceConfigA
ChangeServiceConfigA
OpenServiceA
DeleteService
OpenSCManagerA
RegCreateKeyExA
CloseServiceHandle
RegOpenKeyExA
RegCreateKeyA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
RegCloseKey

shell32

SHGetFileInfoA
SHGetDesktopFolder
SHGetSpecialFolderLocation
ShellExecuteExA
SHGetMalloc

comctl32

_TrackMouseEvent

shlwapi

StrRetToStrA
PathIsRootA
PathIsDirectoryA

ole32

CoTaskMemFree

oleaut32

SysFreeString

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Sections

.text
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cc4e71ff559c1d08395d120c11b988fe

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

31:3f:5e:6c:e8:6b:5e:55:78:c9:3a:09:0d:94:7b:28Certificate

Extended Key Usages

Key Usages

a5:49:11:c9:ba:a9:55:4b:fe:7a:0d:bc:a2:39:df:02:f8:f5:49:46Signer

Headers

File Characteristics

PDB Paths

Imports

mfc80

msvcr80

kernel32

user32

gdi32

msimg32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp80

Sections

.text Size: 164KB - Virtual size: 160KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 44KB - Virtual size: 40KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

31:3f:5e:6c:e8:6b:5e:55:78:c9:3a:09:0d:94:7b:28
Certificate

a5:49:11:c9:ba:a9:55:4b:fe:7a:0d:bc:a2:39:df:02:f8:f5:49:46
Signer

.text
Size: 164KB - Virtual size: 160KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 44KB - Virtual size: 40KB