2fba6ec701e6b0a8a08210ab02288313_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2fba6ec701e6b0a8a08210ab02288313_JaffaCakes118
Size

165KB
MD5

2fba6ec701e6b0a8a08210ab02288313
SHA1

4d30d0acc87ea78c1a58bd02865aa94066c7d9b0
SHA256

c9d5b80c80594af7f9c5f4bbcc585b32c57a7717c26ab79b231ce596513832c6
SHA512

e15a30a9927d08547b2032fbd991cbe38f66e1a131b2a2d8cd9750d3df848c51cdd930ea5b41d76230850579c24ff9760439982e711587865aa883235a05de9f
SSDEEP

3072:Lq+Zpbsk6bXO9BSnaT7tWsFjjWvzWzWTO6W9XM:LdeOBT59FjyvVO6W9X

Score

1^/10

Malware Config

Signatures

Files

2fba6ec701e6b0a8a08210ab02288313_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7e18607f33b80f89585db065f0ca77fb

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:da:43:8e:69:27:c9:46:a4:9a:dd:3e:6a:c9:da:d2
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

09/11/2004, 00:00

Not After

21/11/2005, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

af:cf:73:5b:b3:ee:33:ca:42:4d:32:ad:75:50:29:a2:b6:31:ff:fe
Signer

Actual PE Digest

af:cf:73:5b:b3:ee:33:ca:42:4d:32:ad:75:50:29:a2:b6:31:ff:fe

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\bld_area\cc\Common_Client_2005101\src\r20051.0.1\bin\bin.ira\ccSetMgr.pdb

Imports

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
WideCharToMultiByte
FreeLibrary
LoadLibraryA
lstrcatA
GetLastError
CloseHandle
CreateFileA
WriteFile
SetFilePointer
GetFileAttributesA
Sleep
CopyFileA
GetTickCount
lstrlenA
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
RaiseException
lstrcmpiA
lstrlenW
EnterCriticalSection
LeaveCriticalSection
lstrcpynA
lstrcpyA
GetModuleFileNameA
IsDBCSLeadByte
LoadLibraryExA
GetModuleHandleA
LocalAlloc
FormatMessageA
GetProcAddress
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoA
ExitProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LocalFree

user32

wsprintfA
PostThreadMessageA
TranslateMessage
DispatchMessageA
GetMessageA
CharNextA

ole32

CoCreateGuid
CoInitializeSecurity
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoResumeClassObjects
StringFromGUID2
CoDisconnectObject
CoSuspendClassObjects
OleRun
CoCreateInstance

oleaut32

VariantClear
SafeArrayPutElement
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocString
SafeArrayGetUBound
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
VariantInit

msvcp71

?_Nomemory@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?find_first_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?find_last_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEABGI@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@XZ
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@XZ
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHIIPBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHPBG@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z

ccl40

ord1454
ord1487
ord1456
ord2079
ord2077
ord971
ord972
ord970
ord969
ord968
ord967
ord966
ord965
ord1683
ord1677
ord1676
ord1675
ord1674
ord1673
ord1672
ord1641
ord1640
ord1639
ord1638
ord1637
ord1636
ord1635
ord1634
ord1633
ord1632
ord1631
ord1630
ord1629
ord1628
ord1687
ord1551
ord894
ord1452
ord1006
ord962
ord1550
ord893
ord1450
ord1004
ord961
ord1334
ord325
ord2051
ord1662
ord1661
ord1658
ord896
ord1663
ord1660
ord1657
ord1667
ord1493
ord1499
ord2063
ord2052
ord2050
ord938
ord939
ord936
ord1258
ord1659
ord1656
ord1410
ord1403
ord1413
ord1409
ord1122
ord1306
ord1316
ord1313
ord1309
ord1304
ord1115
ord2115
ord1137
ord1333
ord2114
ord1558
ord1556
ord2040
ord1395
ord1852
ord1837
ord1855
ord1836
ord1853
ord1851
ord2021
ord2045
ord2044
ord2038
ord2017
ord1215
ord898
ord797
ord778
ord1214
ord1111
ord1112
ord1139
ord1124
ord1123
ord754
ord1114
ord1106
ord1108
ord753
ord1119
ord1121
ord1117
ord1118
ord1479
ord1417
ord1416
ord1415
ord1414
ord802
ord800
ord794
ord777
ord1915
ord1909
ord1669
ord1671
ord1787
ord1908
ord1907
ord1455
ord2011
ord1986
ord1987
ord1345
ord1344
ord1346
ord1343
ord1342
ord1985
ord1980
ord1976
ord160
ord142
ord1756
ord1771
ord1786
ord1802
ord964
ord144
ord1167
ord529
ord1092
ord1284
ord1754
ord1757
ord1761
ord1804
ord1755
ord1286
ord1295
ord1297
ord1299
ord1289
ord1301
ord1298
ord1303
ord1093
ord1689
ord493
ord1691
ord1769
ord1015
ord145
ord1034
ord1439
ord986
ord1014
ord1019
ord1024
ord1664
ord1026
ord1914
ord1922
ord1888
ord1887
ord1886
ord1877
ord1876
ord324
ord1178
ord1176
ord1174
ord1179
ord158
ord157
ord161
ord140
ord139
ord128
ord1166
ord842
ord143
ord1021

msvcr71

wcsncpy
realloc
memset
_callnewh
__security_error_handler
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_resetstkoflw
free
malloc
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_except_handler3
_mbsicmp
_ltow
_wtol
_ultow
towupper
??_V@YAXPAX@Z
towlower
_mbsinc
wcslen
wcscpy
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_localtime64
strftime
_time64
vsprintf
_vscprintf
??3@YAXPAX@Z
__CxxFrameHandler
_purecall
memmove
_CxxThrowException
_wcsicmp

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e18607f33b80f89585db065f0ca77fb

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

4b:da:43:8e:69:27:c9:46:a4:9a:dd:3e:6a:c9:da:d2Certificate

Extended Key Usages

Key Usages

af:cf:73:5b:b3:ee:33:ca:42:4d:32:ad:75:50:29:a2:b6:31:ff:feSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

oleaut32

msvcp71

ccl40

msvcr71

Sections

.text Size: 92KB - Virtual size: 89KB

.rdata Size: 48KB - Virtual size: 45KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 12KB - Virtual size: 11KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

4b:da:43:8e:69:27:c9:46:a4:9a:dd:3e:6a:c9:da:d2
Certificate

af:cf:73:5b:b3:ee:33:ca:42:4d:32:ad:75:50:29:a2:b6:31:ff:fe
Signer

.text
Size: 92KB - Virtual size: 89KB

.rdata
Size: 48KB - Virtual size: 45KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 12KB - Virtual size: 11KB