2ff2a84ea656b9ca808051eed7d3471d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2ff2a84ea656b9ca808051eed7d3471d_JaffaCakes118
Size

555KB
MD5

2ff2a84ea656b9ca808051eed7d3471d
SHA1

2f9f7cc5502cfbe55f4bcdbf27c905012ed0b6d5
SHA256

cfb700f5dfb37e29debc37bb7cefc501f8a45820c5099db9d77d4cdf9144f349
SHA512

ce9dc46298e6aa7c197adad404ff2e9c6afb205e205c6c1f4e5e45c31dc2af89ad216ebabac37d81ab03d98b9c705bc0ebbdff63d11d941e131f5d46ef6c5143
SSDEEP

12288:V6WnTwGPKZqk47F6NRYUOoFv128d/nLETwFbs9sCaNlTMfSsrL+IvRk:V66TwGPoqkHkiggb8sCaN9MxL+IvRk

Score

1^/10

Malware Config

Signatures

Files

2ff2a84ea656b9ca808051eed7d3471d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3d85990886ae607a16820b9242c3d934

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:54:8d:34:bc:72:7d:ed:eb:3c:b1:d4:52:ba:3f:fb
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

16/08/2010, 00:00

Not After

16/08/2011, 23:59

Subject

CN=RealNetworks\, Inc.,OU=Media Web Services,O=RealNetworks\, Inc.,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

12:92:7e:26:9b:e9:96:75:d6:33:a2:4e:4c:83:f4:4f:15:2e:3a:9f
Signer

Actual PE Digest

12:92:7e:26:9b:e9:96:75:d6:33:a2:4e:4c:83:f4:4f:15:2e:3a:9f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\build\source\rnmininst\rel32s\rnmininst.pdb

Imports

ole32

CoCreateInstance
OleCreate
OleSetContainedObject
CoInitialize
OleInitialize
OleUninitialize
CoUninitialize

shlwapi

PathFileExistsA
SHDeleteKeyA
SHDeleteValueA

wininet

InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetTimeToSystemTime
InternetCrackUrlA
InternetGetLastResponseInfoA
InternetGetConnectedState
HttpQueryInfoA
InternetOpenUrlA
InternetSetOptionA
InternetOpenA
InternetReadFile
InternetCloseHandle

user32

CreateDialogParamA
IsWindowVisible
PostMessageA
LoadStringA
SendDlgItemMessageA
PeekMessageA
GetSysColor
EnableWindow
KillTimer
RedrawWindow
GetClassInfoExA
LoadCursorA
RegisterClassExA
GetWindowTextA
GetClassNameA
GetSystemMetrics
CreateWindowExA
UpdateWindow
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
DialogBoxParamA
CharNextA
CharPrevA
SetWindowRgn
DestroyWindow
ClientToScreen
GetFocus
DefWindowProcA
GetForegroundWindow
GetCursorPos
PtInRect
InvalidateRect
BeginPaint
EndPaint
SetWindowTextA
LoadIconA
SendMessageA
GetSystemMenu
EnableMenuItem
SetDlgItemTextA
GetDlgItem
SetForegroundWindow
SetActiveWindow
SetFocus
ShowWindow
GetWindowRect
ScreenToClient
SetWindowPos
EndDialog
GetDC
ReleaseDC
DrawTextW
SetWindowLongA
GetClientRect
GetWindowLongA
GetAsyncKeyState
MessageBoxA
GetShellWindow
GetWindowThreadProcessId
EnumWindows

oleaut32

VariantClear
SysAllocString
VariantInit
SysFreeString
SysAllocStringLen
SysStringLen

gdi32

GetObjectA
BitBlt
StretchBlt
SetBkMode
SetTextColor
CreateBitmap
SelectObject
DeleteDC
GetTextExtentPointW
CreateFontW
DeleteObject
CreateSolidBrush
GetDeviceCaps
CreatePatternBrush
CombineRgn
GetPixel
CreateRectRgn
SetPixel
CreateCompatibleDC

advapi32

ConvertStringSidToSidW
LookupAccountSidW
RegEnumKeyExA
IsValidSid
GetLengthSid
InitializeAcl
AddAccessDeniedAce
AddAccessAllowedAce
DuplicateTokenEx
InitializeSecurityDescriptor
RegSetValueA
RegOpenKeyA
OpenProcessToken
GetTokenInformation
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
FreeSid
GetUserNameA
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
LookupAccountNameA
AllocateAndInitializeSid
ConvertSidToStringSidW

shell32

ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetSpecialFolderPathA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

msimg32

TransparentBlt

secur32

GetUserNameExW

kernel32

GetConsoleMode
GetConsoleCP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetSystemTimeAsFileTime
SetFilePointer
GetCommandLineA
GetStartupInfoA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
GetFileType
GetCPInfo
DeleteCriticalSection
GetACP
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CopyFileA
GetCurrentDirectoryA
GetVersion
GetSystemInfo
GetWindowsDirectoryA
MoveFileA
CreateDirectoryA
GetFileAttributesA
GetTempPathA
GetTempFileNameA
InterlockedDecrement
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetModuleHandleW
ExitProcess
SetEnvironmentVariableA
SetCurrentDirectoryA
GetFullPathNameA
SetEndOfFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetStdHandle
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
CompareStringA
CompareStringW
InitializeCriticalSection
ConnectNamedPipe
InterlockedIncrement
LocalFree
GetFileTime
SystemTimeToFileTime
CompareFileTime
GetDriveTypeA
FreeResource
WaitForSingleObject
GetExitCodeProcess
GetNamedPipeHandleStateA
SetErrorMode
RaiseException
GetLastError
lstrcpyA
lstrlenA
CloseHandle
ReadFile
PeekNamedPipe
WriteFile
SetEnvironmentVariableW
CreateNamedPipeA
CreateProcessA
Process32Next
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
WideCharToMultiByte
RemoveDirectoryA
FindClose
DeleteFileA
FindNextFileA
MoveFileExA
FindFirstFileA
GetModuleFileNameA
GetCurrentProcess
GetModuleHandleA
GetFileSize
CreateFileA
MultiByteToWideChar
GetPrivateProfileStringA
WritePrivateProfileStringA
GlobalFree
GlobalAlloc
Sleep
GetTickCount
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateMutexA
OpenMutexA
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
TerminateProcess
GetLocaleInfoA
CreateThread

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CryptMsgClose
CertCloseStore
CryptQueryObject

Sections

.text
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d85990886ae607a16820b9242c3d934

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

4c:54:8d:34:bc:72:7d:ed:eb:3c:b1:d4:52:ba:3f:fbCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

12:92:7e:26:9b:e9:96:75:d6:33:a2:4e:4c:83:f4:4f:15:2e:3a:9fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ole32

shlwapi

wininet

user32

oleaut32

gdi32

advapi32

shell32

version

msimg32

secur32

kernel32

crypt32

Sections

.text Size: 448KB - Virtual size: 447KB

.rdata Size: 50KB - Virtual size: 49KB

.data Size: 11KB - Virtual size: 108KB

.rsrc Size: 39KB - Virtual size: 39KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

4c:54:8d:34:bc:72:7d:ed:eb:3c:b1:d4:52:ba:3f:fb
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

12:92:7e:26:9b:e9:96:75:d6:33:a2:4e:4c:83:f4:4f:15:2e:3a:9f
Signer

.text
Size: 448KB - Virtual size: 447KB

.rdata
Size: 50KB - Virtual size: 49KB

.data
Size: 11KB - Virtual size: 108KB

.rsrc
Size: 39KB - Virtual size: 39KB