2a227adb7a88a4ba5506f7e73514c312_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2a227adb7a88a4ba5506f7e73514c312_JaffaCakes118
Size

2.3MB
MD5

2a227adb7a88a4ba5506f7e73514c312
SHA1

dad8167db20c57f30eae6b96893fe4dc97199a92
SHA256

9239ce506f2bc39a06803534c7b405ae1b1c9ee381278583f98bc316102bebed
SHA512

28a67f19f5ce01150556a61213f31e5c948bfe6e5713fd992b748194757e8c3f3b40e5163d1ae5e02af34611d6c93e7ff77d58895796ae572f5c0cea43e5d45b
SSDEEP

49152:+O3k0h3NVSz+oE3zUsKB0IyqarSRNyBMz/kaTGEGTs+N:/D3XS/4zJoS2yBMz/0

Score

1^/10

Malware Config

Signatures

Files

2a227adb7a88a4ba5506f7e73514c312_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0fe12cb22dddda302b6456c56f600b9e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:e8:67:af:cd:ca:79:4f:00:b8:1d:64:e1:3d:7a:0b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

10/08/2009, 00:00

Not After

05/10/2012, 23:59

Subject

CN=VoiceFive Networks\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=VoiceFive Networks\, Inc.,L=Reston,ST=VA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyname
WSAGetLastError
inet_addr
ntohl
htons
ioctlsocket
shutdown
setsockopt
closesocket
bind
listen
accept
select
__WSAFDIsSet
WSASetLastError
recv
WSAStartup
send
socket
connect
htonl
ntohs

wininet

InternetGetConnectedState
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetQueryOptionA
HttpQueryInfoA
InternetSetOptionA
DeleteUrlCacheEntry
RetrieveUrlCacheEntryStreamA
ReadUrlCacheEntryStream
UnlockUrlCacheEntryStream

comctl32

ImageList_LoadImageA

rpcrt4

UuidCreate
UuidCompare

winmm

waveInGetNumDevs
waveOutGetNumDevs
midiInGetNumDevs
midiOutGetNumDevs
joyGetNumDevs
auxGetNumDevs
mixerGetNumDevs

iphlpapi

GetNetworkParams
GetIpForwardTable
GetAdaptersInfo

setupapi

SetupDiCreateDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiOpenDeviceInfoA

ws2_32

WSACloseEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAWaitForMultipleEvents
WSACreateEvent

oleacc

AccessibleObjectFromPoint

kernel32

TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapCreate
lstrlenA
GetLastError
InterlockedExchange
lstrcmpiA
GetVersion
GetEnvironmentVariableA
MultiByteToWideChar
WideCharToMultiByte
CompareStringA
lstrlenW
CompareStringW
GetStringTypeExA
QueryPerformanceCounter
CloseHandle
GetTickCount
SetEvent
ResetEvent
WriteFile
CreateFileA
CreateEventA
WaitForMultipleObjects
FormatMessageA
LocalAlloc
GetSystemTimeAsFileTime
LocalFree
GetProcAddress
LoadLibraryA
SetFilePointer
FreeLibrary
OpenProcess
GetFileSize
ReadFile
DeleteFileA
RemoveDirectoryA
GetFileAttributesA
WaitForSingleObject
GetStartupInfoA
Sleep
GetCurrentProcessId
GetTempPathA
CreateProcessA
GetTempFileNameA
CreateDirectoryA
OpenMutexA
GetVersionExA
CopyFileA
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceFrequency
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThread
SetThreadPriority
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
GetModuleHandleA
GetSystemInfo
SetLastError
FindFirstFileW
GetCurrentProcess
IsBadReadPtr
GlobalMemoryStatus
ResumeThread
GetProcessHeap
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
ExitProcess
GlobalAlloc
GlobalFree
WriteProcessMemory
GlobalLock
GlobalUnlock
CreateRemoteThread
GetModuleFileNameA
GetDriveTypeA
FindFirstFileA
SetFileTime
FindNextFileA
FindClose
GetLogicalDriveStringsA
MoveFileExA
GetWindowsDirectoryA
WritePrivateProfileStringA
GetShortPathNameA
LoadResource
LockResource
FindResourceA
SizeofResource
GetUserDefaultLangID
GetLocalTime
MoveFileA
MulDiv
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GlobalMemoryStatusEx
SetConsoleCtrlHandler
DuplicateHandle
GetTimeZoneInformation
GetSystemDefaultLCID
CreateMutexA
ReleaseMutex
GetSystemDefaultLangID
GetSystemDirectoryA
SetFileAttributesA
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetSystemTime
Process32First
Module32First
Process32Next
GlobalSize
RemoveDirectoryW
CreateDirectoryW
FlushInstructionCache
lstrcmpA
RaiseException
GetExitCodeThread
TerminateThread
GetLongPathNameA
GetUserDefaultLCID
GetLogicalDrives
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
GetDiskFreeSpaceA
HeapFree
GetACP
GetLocaleInfoA
GetThreadLocale
HeapDestroy
DeleteFileW
FindNextFileW
OpenEventA
CreateSemaphoreA
ReleaseSemaphore
GetStdHandle
CreateFileW
WriteConsoleA
GetConsoleOutputCP
IsValidCodePage
GetOEMCP
LCMapStringW
LCMapStringA
GetCPInfo
WriteConsoleW
SetHandleCount
HeapReAlloc
HeapSize
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
RtlUnwind
GetConsoleCP
GetConsoleMode
ExitThread
CreateThread
FileTimeToLocalFileTime
GetCommandLineA
GetFileInformationByHandle
PeekNamedPipe
GetFileType
FlushFileBuffers
SetStdHandle
GetFullPathNameA
GetCurrentDirectoryA
FreeEnvironmentStringsA
GetEnvironmentStrings
LoadLibraryExA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
SetEndOfFile
SetEnvironmentVariableA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
GetDateFormatA
GetTimeFormatA
LocalFileTimeToFileTime
GetModuleHandleW
GetComputerNameA
InterlockedCompareExchange

user32

GetWindowTextA
RedrawWindow
GetSysColor
CreateAcceleratorTableA
GetWindow
SystemParametersInfoA
InvalidateRgn
GetClassNameA
CharNextA
FillRect
ScreenToClient
GetClassInfoExA
GetFocus
ClientToScreen
DestroyAcceleratorTable
SetWindowPos
FlashWindowEx
SetClassLongA
EnumWindows
IsWindowVisible
GetClientRect
GetDesktopWindow
ReleaseDC
GetDC
InvalidateRect
SetWindowRgn
DrawTextA
KillTimer
EndPaint
BeginPaint
SetTimer
TrackPopupMenu
GetCursorPos
DestroyMenu
DestroyIcon
IsChild
ReleaseCapture
GetWindowTextLengthA
GetParent
GetDlgItem
LoadImageA
FindWindowA
GetWindowRect
IsWindow
PeekMessageA
MsgWaitForMultipleObjects
SetWindowTextA
UpdateWindow
DestroyWindow
MoveWindow
PostQuitMessage
SendMessageA
SetWindowLongA
GetWindowLongA
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
PostMessageA
IsDialogMessageA
TranslateAcceleratorA
LoadAcceleratorsA
ShowWindow
RegisterWindowMessageA
CallWindowProcA
DefWindowProcA
TranslateMessage
GetMenu
CheckMenuItem
SetForegroundWindow
SetFocus
SetActiveWindow
PostThreadMessageA
DispatchMessageA
GetMessageA
GetWindowThreadProcessId
MessageBoxA
CallNextHookEx
SetCapture
SetWindowsHookExA
UnregisterDeviceNotification
UnhookWindowsHookEx
GetSystemMetrics
CreateDialogParamA
SetDlgItemTextA
SetDlgItemInt
EndDialog
EnableWindow
LoadMenuA
GetSubMenu
CreatePopupMenu
RemoveMenu
InsertMenuItemA
RegisterDeviceNotificationA
ExitWindowsEx
UnregisterClassA
RegisterClassA
IsWindowEnabled
EnumChildWindows
LoadStringA
wsprintfA

gdi32

GetStockObject
BitBlt
GetObjectA
CreateSolidBrush
GetDIBits
CreateCompatibleBitmap
GetDeviceCaps
CombineRgn
CreateRectRgn
SetTextColor
SetBkMode
SelectObject
CreateDIBSection
CreateCompatibleDC
CreateFontA
DeleteDC
DeleteObject

winspool.drv

EnumPrintersA

comdlg32

GetSaveFileNameA
FindTextA

advapi32

GetSidSubAuthority
InitializeSid
DeleteService
GetSidSubAuthorityCount
GetTokenInformation
SetTokenInformation
SetFileSecurityA
RegSetKeySecurity
SetSecurityInfo
CreateProcessAsUserA
DuplicateTokenEx
RegCreateKeyA
GetAclInformation
AddAce
MakeAbsoluteSD
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CopySid
GetLengthSid
IsValidSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
InitializeAcl
RegOpenKeyA
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
AddAccessAllowedAce
RegOpenKeyExA
RegEnumKeyExA
SetNamedSecurityInfoA
RegNotifyChangeKeyValue
RegEnumValueA
RegEnumKeyA
RegSetValueExA
SetNamedSecurityInfoW
GetSidLengthRequired

shell32

Shell_NotifyIconA
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

ole32

GetHGlobalFromStream
CoSetProxyBlanket
CoInitializeEx
CoMarshalInterface
CreateStreamOnHGlobal
CoGetMarshalSizeMax
OleInitialize
CoCreateGuid
OleRun
CoUninitialize
CoInitialize
CoCreateInstance
OleUninitialize
CLSIDFromProgID
CLSIDFromString
OleLockRunning
CoTaskMemFree
StringFromGUID2
CoGetClassObject
CoTaskMemAlloc

oleaut32

VariantClear
DispGetParam
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit
VariantCopy
SysAllocString
SysStringByteLen
LoadRegTypeLi
OleCreateFontIndirect
LoadTypeLi
SysAllocStringLen
SysStringLen
VariantChangeType
SysFreeString

shlwapi

SHCopyKeyA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

??0CNGCTraceProxy@@QAE@ABV0@@Z
??0CNGCTraceProxy@@QAE@XZ
??4CNGCTraceProxy@@QAEAAV0@ABV0@@Z
??_7CNGCTraceProxy@@6B@

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 448KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0fe12cb22dddda302b6456c56f600b9e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

7f:e8:67:af:cd:ca:79:4f:00:b8:1d:64:e1:3d:7a:0bCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

wsock32

wininet

comctl32

rpcrt4

winmm

iphlpapi

setupapi

ws2_32

oleacc

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

version

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 448KB - Virtual size: 448KB

.data Size: 34KB - Virtual size: 199KB

.rsrc Size: 36KB - Virtual size: 35KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

7f:e8:67:af:cd:ca:79:4f:00:b8:1d:64:e1:3d:7a:0b
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 448KB - Virtual size: 448KB

.data
Size: 34KB - Virtual size: 199KB

.rsrc
Size: 36KB - Virtual size: 35KB