2e0bdb96059d00f2507eb6ef766e3262_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2e0bdb96059d00f2507eb6ef766e3262_JaffaCakes118
Size

457KB
MD5

2e0bdb96059d00f2507eb6ef766e3262
SHA1

8b2e7f7e374dff9f82676b16113e1200f3981488
SHA256

98174f0f55205fa2584900ec1d3892c73309e928e8fd944c05cfa662a4bd4b86
SHA512

3dcc8c908f3c32b737b8c72b9fd88815f2ed615f090d735066c802802db757de1256c9499b4b5838d5954466d3ee6697cf4e38aef79326b6808836206aaadb64
SSDEEP

3072:rp6GU0ERcFiBtLtvt39YYU5qcOYShVuDleyESWOHDBndeJOddyw+0aeCsQ2u+7B8:t6UUTx9FUDLShMWO9nxjc25f9HHofC5q

Score

1^/10

Malware Config

Signatures

Files

2e0bdb96059d00f2507eb6ef766e3262_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1bdb4089bff21d5e4317a45c291cecca

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:3d:16:59:54:71:1b:8e:51:d4:aa:8f:0a:e8:c3:ef
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

26/06/2008, 08:34

Not After

25/06/2009, 06:16

Subject

CN=ezsoft,OU=Software Development Department,O=ezsoft,L=Seongdong-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\사이트\닥터스파이제로\install\Release\install.pdb

Imports

netapi32

Netbios

iphlpapi

GetAdaptersInfo

kernel32

LockFile
HeapCreate
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
CreateDirectoryA
SizeofResource
LockResource
LoadResource
FindResourceA
WideCharToMultiByte
CloseHandle
WriteFile
CreateFileA
GetComputerNameA
DeleteFileA
CreateProcessA
Sleep
SetEnvironmentVariableA
IsBadCodePtr
IsBadReadPtr
GetTimeZoneInformation
SetUnhandledExceptionFilter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
lstrcatA
ReadFile
GetFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetFullPathNameA
lstrcpyA
WaitForSingleObject
GetFileSize
FileTimeToLocalFileTime
FileTimeToSystemTime
GetVolumeInformationA
GetSystemDirectoryA
CompareStringW
CompareStringA
lstrcmpiA
GetVersion
GetLastError
GetModuleFileNameA
MultiByteToWideChar
GetFileAttributesA
FindFirstFileA
FindClose
lstrlenA
UnhandledExceptionFilter
GetStdHandle
IsBadWritePtr
GetProcAddress
GetModuleHandleA
lstrcpynA
lstrcmpW
FreeLibrary
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
FreeResource
LocalFree
FormatMessageA
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
GlobalFree
SetLastError
InterlockedDecrement
SetThreadPriority
ResumeThread
SetEvent
SuspendThread
CreateEventA
SetFilePointer
FlushFileBuffers
HeapDestroy
UnlockFile
SetEndOfFile
DuplicateHandle
GetCurrentProcess
LocalAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EnumResourceLanguagesA
ConvertDefaultLocale
lstrcmpA
GetCurrentThread
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
InterlockedIncrement
GetCPInfo
GetOEMCP
RaiseException
SetErrorMode
WritePrivateProfileStringA
GetTickCount
ExitProcess
RtlUnwind
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
TerminateProcess
GetStartupInfoA
GetCommandLineA
ExitThread
CreateThread
HeapReAlloc
HeapSize
SetStdHandle
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualFree

user32

MapWindowPoints
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
DestroyWindow
GetTopWindow
GetDlgItem
SetActiveWindow
GetLastActivePopup
GetForegroundWindow
GetWindowTextA
IsChild
SetFocus
IsWindow
GetFocus
SendDlgItemMessageA
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassInfoExA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetCapture
WinHelpA
RegisterWindowMessageA
SetWindowTextA
MoveWindow
ShowWindow
IsWindowEnabled
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
ValidateRect
GetCursorPos
GetActiveWindow
GetMessageA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
GetDesktopWindow
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamA
PostQuitMessage
SetCursor
MapDialogRect
SetWindowContextHelpId
DestroyMenu
GetSysColorBrush
CharNextA
IsRectEmpty
SetRect
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
GetParent
EqualRect
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
CallWindowProcA
GetWindowLongA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
PtInRect
GetWindow
LoadBitmapA
SendMessageA
PostMessageA
DefWindowProcA
GetClientRect
InvalidateRect
EnableWindow
wsprintfA
FindWindowA
LoadCursorA
LoadIconA
SetCapture
ReleaseCapture
MessageBoxA
CharUpperA
CopyRect
DrawIcon
IsIconic
GetSystemMetrics
TranslateMessage
IsDialogMessageA
DispatchMessageA
PeekMessageA
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx

gdi32

GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreateRectRgnIndirect
CreateFontIndirectA
GetMapMode
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
GetObjectA
CreateCompatibleDC
BitBlt
GetStockObject
SelectObject
DeleteObject
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap
SetBkColor
SetTextColor
GetClipBox

advapi32

RegQueryValueA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey
RegEnumKeyA
RegOpenKeyA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoInitialize
CoCreateInstance
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CLSIDFromString

comctl32

ord17

shlwapi

PathIsUNCA
UrlUnescapeA
PathFindExtensionA
PathStripToRootA
PathFindFileNameA

oledlg

ord8

ws2_32

WSAStartup
WSACleanup

wininet

InternetConnectA
InternetCanonicalizeUrlA
HttpQueryInfoA
InternetGetLastResponseInfoA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetOpenA
HttpOpenRequestA
HttpSendRequestA
InternetOpenUrlA
InternetCloseHandle
InternetQueryDataAvailable
InternetReadFile
InternetCrackUrlA

oleacc

LresultFromObject
CreateStdAccessibleObject

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comdlg32

GetFileTitleA

oleaut32

SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringByteLen
SysStringLen
SysFreeString
VariantClear
SysAllocStringLen
OleCreateFontIndirect
VariantInit
VariantChangeType

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1bdb4089bff21d5e4317a45c291cecca

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0c:3d:16:59:54:71:1b:8e:51:d4:aa:8f:0a:e8:c3:efCertificate

Extended Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

netapi32

iphlpapi

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

shlwapi

oledlg

ws2_32

wininet

oleacc

winspool.drv

comdlg32

oleaut32

Sections

.text Size: 208KB - Virtual size: 207KB

.rdata Size: 52KB - Virtual size: 50KB

.data Size: 16KB - Virtual size: 28KB

.rsrc Size: 172KB - Virtual size: 171KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0c:3d:16:59:54:71:1b:8e:51:d4:aa:8f:0a:e8:c3:ef
Certificate

.text
Size: 208KB - Virtual size: 207KB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 172KB - Virtual size: 171KB