2867c6976892dc4ec71bcdc6ad933dbc_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2867c6976892dc4ec71bcdc6ad933dbc_JaffaCakes118
Size

483KB
MD5

2867c6976892dc4ec71bcdc6ad933dbc
SHA1

ed5d20f847916e6148cfca494b6ac6820a395bcb
SHA256

241d986b7b36353853127986de8d4687eec42b9c39bad2824c90ab4f18cc4961
SHA512

45c292868c7dcbc62507275b4227fa18d88b05ee45989cb507c3fe24e4aada39ea5e83db924bc8c2cc53e1c4ca8c12b2a3d11cb7b72d09ab6a9e507d1be4c98a
SSDEEP

6144:mq8AuxCLo3eaCt8ekjbM8LigaAYMhZOh7q7BTq4JH77N0PkNtbsQYrvk9tDE:mfAuxVvCqkg/YMhBq4JH77N0PkXaQQ

Score

1^/10

Malware Config

Signatures

Files

2867c6976892dc4ec71bcdc6ad933dbc_JaffaCakes118
.exe windows:4 windows x64 arch:x64

8348720c21fda1d14a5031b5c4ab2cfb

Code Sign

01:00:00:00:00:01:13:9a:c9:74:0d
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

06/07/2007, 09:08

Not After

06/07/2010, 09:08

Subject

CN=HHD Software Ltd.,O=HHD Software Ltd.,C=GB,1.2.840.113549.1.9.1=#0c17636f6e7461637440686864736f6674776172652e636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

42:f7:ea:e2:1b:ef:a7:7d:14:e7:ea:b2:6a:83:e7:ae:91:16:df:4d
Signer

Actual PE Digest

42:f7:ea:e2:1b:ef:a7:7d:14:e7:ea:b2:6a:83:e7:ae:91:16:df:4d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\MyProjects\Elisabeth\release_x64\setup.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetModuleFileNameExW

imagehlp

BindImageEx

rpcrt4

UuidCreate

kernel32

GetTempFileNameW
LoadLibraryW
GetCommandLineW
RaiseException
GetProcAddress
SetEvent
DeleteCriticalSection
RemoveDirectoryW
FreeLibrary
FindFirstFileW
CreateThread
WideCharToMultiByte
MulDiv
lstrcmpW
GetVersionExW
DeleteFileW
FlushInstructionCache
FindNextFileW
CreateDirectoryW
FindClose
CreateMutexW
GetPrivateProfileStringW
GetLastError
GetPrivateProfileIntW
CloseHandle
GetPrivateProfileSectionW
MultiByteToWideChar
EnterCriticalSection
CreateEventW
InitializeCriticalSection
GetModuleHandleW
CreateFileMappingW
WaitForMultipleObjects
SetLastError
GetSystemInfo
MoveFileExW
GetWindowsDirectoryW
GetDriveTypeW
DuplicateHandle
GetSystemDirectoryW
GetDiskFreeSpaceExW
GetCurrentProcess
GetCurrentDirectoryW
CreateProcessW
LockResource
WaitForSingleObject
lstrlenW
MapViewOfFile
ReadFile
FindResourceExW
LeaveCriticalSection
CreateToolhelp32Snapshot
Process32FirstW
SetFilePointer
LoadLibraryA
SetCurrentDirectoryW
RtlLookupFunctionEntry
RtlVirtualUnwind
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
RtlPcToFileHeader
HeapCreate
HeapSetInformation
ExitProcess
Sleep
FlsAlloc
FlsFree
TlsFree
FlsSetValue
FlsGetValue
GetModuleHandleA
RtlCaptureContext
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
RtlUnwindEx
GetStartupInfoW
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
InterlockedPushEntrySList
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
GetStringTypeA
HeapAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
LocalFree
GetTempPathW
GetExitCodeProcess
UnmapViewOfFile
LoadLibraryExW
SetStdHandle
SetUnhandledExceptionFilter
CompareStringW
FindResourceW
GetCurrentProcessId
CopyFileW
GetFileSize
LoadResource
OpenMutexW
WriteFile
lstrcpyW
GetModuleFileNameW
Process32NextW
GetCurrentThreadId
SizeofResource
lstrlenA
lstrcmpiW
CreateFileW
GetConsoleCP
GetConsoleMode
CreateFileA
LCMapStringA
LCMapStringW
FlushFileBuffers
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

ExitWindowsEx
SetCursor
GetSysColor
GetCursorPos
FillRect
UnregisterClassA
IsWindow
CreateDialogParamW
CallWindowProcW
DialogBoxParamW
SendMessageW
DestroyWindow
UpdateWindow
WaitForInputIdle
GetSystemMetrics
MessageBoxW
LoadImageW
DispatchMessageW
GetSysColorBrush
LoadBitmapW
TranslateMessage
GetNextDlgTabItem
IsWindowEnabled
SetDlgItemTextW
PeekMessageW
DrawTextW
SetFocus
GetWindow
SetWindowPos
MsgWaitForMultipleObjects
GetClassNameW
SetWindowTextW
SetCapture
CharNextW
LoadCursorW
OffsetRect
SetRectEmpty
KillTimer
ScreenToClient
SetWindowLongW
GetFocus
GetCapture
ShowWindow
ReleaseCapture
SetTimer
GetMessagePos
GetClientRect
DrawFocusRect
EndDialog
DefWindowProcW
GetWindowTextW
ReleaseDC
SetWindowLongPtrW
GetWindowLongPtrW
GetWindowTextLengthW
GetParent
BeginPaint
InvalidateRect
GetDlgCtrlID
GetDC
GetActiveWindow
CreateWindowExW
GetDlgItem
EndPaint
PtInRect
GetWindowRect
GetWindowLongW
MessageBeep
EnableWindow

gdi32

CreateFontIndirectW
GetStockObject
DeleteObject
GetObjectW
SetBkMode
SetTextColor
SetBkColor
GetDeviceCaps
SelectObject

advapi32

CloseServiceHandle
AdjustTokenPrivileges
UnlockServiceDatabase
RegSetValueExW
LookupPrivilegeValueW
LockServiceDatabase
OpenProcessToken
RegQueryValueExW
OpenSCManagerW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW

shell32

SHCreateDirectoryExW
ShellExecuteW
CommandLineToArgvW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetMalloc
SHGetPathFromIDListW
SHChangeNotify

ole32

CLSIDFromString
OleUninitialize
StringFromCLSID
OleInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

PathAddBackslashW
PathGetCharTypeW
SHDeleteKeyW
SHDeleteEmptyKeyW

comctl32

ImageList_Create
InitCommonControlsEx
ImageList_AddMasked
_TrackMouseEvent

Sections

.text
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��c
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8348720c21fda1d14a5031b5c4ab2cfb

Code Sign

01:00:00:00:00:01:13:9a:c9:74:0dCertificate

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:08:d9:61:1c:d6Certificate

Key Usages

04:00:00:00:00:01:08:d9:61:24:48Certificate

Key Usages

61:0b:7f:6b:00:00:00:00:00:19Certificate

Key Usages

42:f7:ea:e2:1b:ef:a7:7d:14:e7:ea:b2:6a:83:e7:ae:91:16:df:4dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

psapi

imagehlp

rpcrt4

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 171KB - Virtual size: 170KB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 12KB - Virtual size: 20KB

.pdata Size: 7KB - Virtual size: 6KB

���c Size: 226KB - Virtual size: 226KB

01:00:00:00:00:01:13:9a:c9:74:0d
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

04:00:00:00:00:01:08:d9:61:24:48
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

42:f7:ea:e2:1b:ef:a7:7d:14:e7:ea:b2:6a:83:e7:ae:91:16:df:4d
Signer

.text
Size: 171KB - Virtual size: 170KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 12KB - Virtual size: 20KB

.pdata
Size: 7KB - Virtual size: 6KB

��c
Size: 226KB - Virtual size: 226KB