2b98d87c6d7873ce404652915284826e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b98d87c6d7873ce404652915284826e_JaffaCakes118
Size

4.2MB
MD5

2b98d87c6d7873ce404652915284826e
SHA1

09cd0e1412c3e93002ebea6755561a1db72b717b
SHA256

57c33f030f1497541d64eee241c8cb6584d17622428361c9b8b79e8916861332
SHA512

96e08e1ba05e4fab725e88f102a6f51c96b9fd480ac7eb4758e6ef9769490ae0730ccb74d32a3dfc6b3e97f6f2e4d399c61c379c29545cd3139d6f72141eb731
SSDEEP

49152:8bWfww8Rdi4l5mp5hpnp4/uYrtCk1YjeOvBsduYI/W2DLxZgwSh+EMqazj6xFB1T:b/Cdi4l5q41hCkyDHYKWKZgHBx9H+Y/X

Score

1^/10

Malware Config

Signatures

Files

2b98d87c6d7873ce404652915284826e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a34e5461ed12fd1f4e941bc16c50edee

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:c9:02:d0:26:e3:12:44:c1:25:99:67:71:c9:dc:01
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/01/2008, 00:00

Not After

22/02/2011, 23:59

Subject

CN=TeamViewer GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TeamViewer GmbH,ST=Baden Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

86:13:a2:73:2a:3e:aa:75:0e:ea:18:c2:c3:35:29:37:17:db:0b:62
Signer

Actual PE Digest

86:13:a2:73:2a:3e:aa:75:0e:ea:18:c2:c3:35:29:37:17:db:0b:62

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\TeamViewer5_Release\TeamViewer\qs_release\TeamViewer_qs.pdb

Imports

winmm

mixerOpen
waveOutOpen
waveOutClose
waveInOpen
waveOutGetNumDevs
mixerClose
waveInAddBuffer
waveInPrepareHeader
mixerGetID
waveInReset
waveInUnprepareHeader
waveInClose
waveInStart
mixerSetControlDetails
waveOutPrepareHeader
waveOutWrite
waveOutRestart
waveOutReset
waveOutUnprepareHeader
waveOutPause
waveInGetNumDevs

comctl32

ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_Create
ImageList_Remove
InitCommonControlsEx

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

msvfw32

DrawDibDraw
DrawDibOpen
DrawDibClose

sensapi

IsNetworkAlive

iphlpapi

DeleteIPAddress
GetAdaptersInfo
GetAdapterIndex

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetCloseEnum

kernel32

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SetErrorMode
CompareFileTime
HeapAlloc
SetThreadPriority
VirtualAlloc
VirtualFree
GetCurrentThread
ResetEvent
GetExitCodeThread
CreateThread
LocalLock
LocalSize
LocalUnlock
SetProcessShutdownParameters
GlobalHandle
GlobalFree
CompareStringA
GetModuleHandleA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
QueryPerformanceCounter
QueryPerformanceFrequency
GetLocaleInfoA
GetUserDefaultLCID
MoveFileW
WritePrivateProfileStringW
LocalAlloc
lstrcpyW
DeviceIoControl
ResumeThread
GetOverlappedResult
CreateProcessW
FileTimeToLocalFileTime
CreateFileA
FindNextFileA
SetUnhandledExceptionFilter
FindClose
DeleteFileA
FindFirstFileA
SetFileTime
HeapDestroy
HeapReAlloc
HeapSize
InterlockedCompareExchange
IsProcessorFeaturePresent
GetVersionExA
GetACP
GetThreadLocale
GetFileTime
FormatMessageA
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingA
SetEnvironmentVariableA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetEnvironmentStrings
FreeEnvironmentStringsA
SetHandleCount
GetConsoleMode
GetConsoleCP
GetOEMCP
HeapCreate
GetTimeZoneInformation
ExitThread
SetEndOfFile
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
SetWaitableTimer
CreateWaitableTimerA
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetTimeFormatA
GetDateFormatA
RtlUnwind
GetCommandLineA
GetStartupInfoA
ExitProcess
GetFileType
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFilePointer
GetLocalTime
LockResource
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
MoveFileExW
ReadFile
GetFileSize
InterlockedExchange
FreeLibrary
DeleteCriticalSection
FlushFileBuffers
SizeofResource
WriteFile
GetStringTypeA
GetModuleFileNameA
ReleaseMutex
LocalFree
LoadResource
GetCommandLineW
CreateMutexA
GetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
OpenProcess
Sleep
GetCurrentProcessId
WaitForMultipleObjects
RaiseException
LeaveCriticalSection
EnterCriticalSection
SetLastError
FlushInstructionCache
CreateEventA
HeapFree
GetProcessHeap
CreateSemaphoreA
GetCurrentProcess
DuplicateHandle
GetSystemTimeAsFileTime
SetEvent
GetCurrentThreadId
CloseHandle
GetTickCount
WaitForSingleObject
ReleaseSemaphore
LCMapStringA
GetStdHandle

user32

DrawFocusRect
FrameRect
GetMenuState
SetDlgItemTextA
SendDlgItemMessageA
CreateMenu
IsMenu
GetMenuItemCount
GetIconInfo
GetCursorInfo
SetThreadDesktop
GetWindowRgn
OpenInputDesktop
CloseDesktop
GetUserObjectInformationW
GetThreadDesktop
InvalidateRgn
SetCursorPos
CreateIconIndirect
CreatePopupMenu
MsgWaitForMultipleObjects
GetSystemMenu
GetSysColor
DrawEdge
GetWindowPlacement
SetWindowPlacement
DestroyAcceleratorTable
GetNextDlgTabItem
GetCapture
GetMessagePos
EndDeferWindowPos
BeginDeferWindowPos
FlashWindow
GetDialogBaseUnits
DeferWindowPos
MapDialogRect
DrawIconEx
CreateWindowExA
GetDlgItemTextA
SetScrollPos
GetScrollInfo
ScrollWindowEx
SetScrollInfo
SetParent
GetSysColorBrush
GetDesktopWindow
MessageBeep
GetWindowDC
WindowFromPoint
SetRectEmpty
DestroyIcon
BlockInput
DeleteMenu
ScreenToClient
ReleaseDC
RedrawWindow
BringWindowToTop
GetDlgCtrlID
IsWindowEnabled
PostQuitMessage
MessageBoxA
UnhookWindowsHookEx
CallNextHookEx
GetAsyncKeyState
DestroyCursor
SendInput
GetKeyState
ToUnicode
GetKeyboardState
ToAscii
OpenClipboard
ChangeClipboardChain
SetClipboardViewer
SetWindowContextHelpId
IsChild
CharUpperW
CharLowerW
CloseClipboard
SetClipboardData
EmptyClipboard
SetCursor
SetCapture
GetCursor
ReleaseCapture
IsWindowVisible
EnumWindows
GetGUIThreadInfo
GetWindowThreadProcessId
GetForegroundWindow
EqualRect
GetActiveWindow
GetDlgItem
EndDialog
GetDC
UnionRect
IsRectEmpty
ShowScrollBar
GetSystemMetrics
CopyRect
FillRect
UpdateWindow
SetForegroundWindow
IntersectRect
AdjustWindowRect
IsIconic
CheckMenuItem
RemoveMenu
SetRect
SetWindowRgn
OffsetRect
DestroyMenu
SetFocus
EnableMenuItem
CheckMenuRadioItem
ShowWindow
GetSubMenu
TrackPopupMenuEx
ClientToScreen
GetCursorPos
DestroyWindow
KillTimer
PtInRect
BeginPaint
GetClientRect
GetParent
EndPaint
TrackMouseEvent
InvalidateRect
MapWindowPoints
GetWindowRect
InflateRect
SetTimer
GetWindow
MoveWindow
SetWindowPos
TranslateMessage
IsWindow
GetFocus
OpenDesktopW
UnregisterClassA
SetActiveWindow

gdi32

CreateBitmap
PatBlt
CreatePatternBrush
CreateDIBSection
CreateCompatibleBitmap
MaskBlt
SetStretchBltMode
CreatePalette
GetObjectType
SetBrushOrgEx
SetPixel
SelectPalette
RealizePalette
GetSystemPaletteEntries
GetDIBits
CreateRoundRectRgn
FrameRgn
SetDIBitsToDevice
GetPixel
SetViewportOrgEx
SetWindowOrgEx
DPtoLP
StretchBlt
SetBkColor
GetDeviceCaps
LineTo
SetDIBColorTable
MoveToEx
Rectangle
Polygon
Ellipse
SetBkMode
SelectObject
SetTextColor
CreateSolidBrush
CreatePen
CreateCompatibleDC
OffsetRgn
SetRectRgn
SelectClipRgn
PtInRegion
CreateRectRgnIndirect
BitBlt
RectInRegion
CombineRgn
CreateRectRgn
CreatePolygonRgn
DeleteObject
DeleteDC
RoundRect
GetStockObject

advapi32

LookupAccountNameW
RegSetValueExA
GetTokenInformation
RegEnumValueW
RegEnumKeyExA
RegEnumValueA
GetSidIdentifierAuthority
CreateProcessAsUserW
SetEntriesInAclW
SetNamedSecurityInfoW
AllocateAndInitializeSid
DuplicateTokenEx
SetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
FreeSid
RevertToSelf
ImpersonateLoggedOnUser
RegisterEventSourceW
ReportEventW
DeregisterEventSource
SetSecurityDescriptorDacl
RegCloseKey
EqualSid
OpenProcessToken
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
InitializeSecurityDescriptor

shell32

ord155
ord680
CommandLineToArgvW
SHGetSpecialFolderLocation
DragAcceptFiles
SHAppBarMessage

ole32

CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
OleUninitialize
CreateStreamOnHGlobal
CoGetClassObject
OleLockRunning
OleInitialize
CLSIDFromProgID
CLSIDFromString
StringFromGUID2
CoCreateGuid
CoTaskMemRealloc

oleaut32

VariantInit
SafeArrayGetDim
SafeArrayGetElement
VarUI4FromStr
SysFreeString
VariantChangeType
VariantCopy
VariantClear
OleCreatePropertyFrame
LoadRegTypeLi
LoadTypeLi
SysAllocStringLen
SysStringLen
SysStringByteLen
OleCreateFontIndirect
SysAllocString

shlwapi

PathCompactPathW
PathRemoveFileSpecW

wsock32

htonl
WSAStartup
select
ioctlsocket
ntohs
shutdown
closesocket
gethostname
inet_addr
gethostbyname
setsockopt
socket
sendto
htons
inet_ntoa
WSAGetLastError
recv
listen
accept
recvfrom
bind
connect
WSACleanup
getsockname
getpeername
__WSAFDIsSet
send

wininet

InternetSetOptionW
InternetOpenW
InternetReadFile
HttpQueryInfoA
HttpQueryInfoW
InternetErrorDlg
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetQueryDataAvailable
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetGoOnlineA
HttpSendRequestA
InternetQueryOptionW
InternetCloseHandle

ws2_32

WSAEventSelect
WSAWaitForMultipleEvents
WSAResetEvent
WSACloseEvent
WSASetEvent
WSACreateEvent

crypt32

CertGetNameStringW
CertGetNameStringA
CertFreeCertificateContext
CryptVerifyMessageSignature

imagehlp

ImageEnumerateCertificates
ImageGetCertificateData
ImageGetCertificateHeader

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 810KB - Virtual size: 809KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 134KB - Virtual size: 678KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a34e5461ed12fd1f4e941bc16c50edee

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

25:c9:02:d0:26:e3:12:44:c1:25:99:67:71:c9:dc:01Certificate

Extended Key Usages

Key Usages

86:13:a2:73:2a:3e:aa:75:0e:ea:18:c2:c3:35:29:37:17:db:0b:62Signer

Headers

File Characteristics

PDB Paths

Imports

winmm

comctl32

avicap32

msvfw32

sensapi

iphlpapi

mpr

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wsock32

wininet

ws2_32

crypt32

imagehlp

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 810KB - Virtual size: 809KB

.data Size: 134KB - Virtual size: 678KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 24KB - Virtual size: 24KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

25:c9:02:d0:26:e3:12:44:c1:25:99:67:71:c9:dc:01
Certificate

86:13:a2:73:2a:3e:aa:75:0e:ea:18:c2:c3:35:29:37:17:db:0b:62
Signer

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 810KB - Virtual size: 809KB

.data
Size: 134KB - Virtual size: 678KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 24KB - Virtual size: 24KB