36d87f8c41fea332995433d38bcb10f2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

36d87f8c41fea332995433d38bcb10f2_JaffaCakes118
Size

1.4MB
MD5

36d87f8c41fea332995433d38bcb10f2
SHA1

9358ca230276bc8f83f35f0768d3bc4e0cbd3ab0
SHA256

49d2629b49e58c6f508177a4f18c3842ec713c5ee7151baf2747e6a9713132f7
SHA512

5ac1823ee5d16ee7e49d8f1d0a9fb3404693950c2bc5487c81fb4865de7829ed436aace3af35ac38d371b82b8b038a63580864d8bdb687e5f4bdb673a67cf1f2
SSDEEP

24576:oJv6agUpS8x7mmUkI5gzMl2qKQ3UbH8zJvdZKaTv8vWuce2Jffk/bl:oJv/gj8x7mmUkfzQ2qKO6WxdZKa7f82U

Score

1^/10

Malware Config

Signatures

Files

36d87f8c41fea332995433d38bcb10f2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6dce638f64bc82493eead21e41537353

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:63:1f:3f:1e:79:39:ba:30:df:b5:64:7c:1a:1a:ad
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

13-03-2008 02:46

Not After

13-03-2009 00:16

Subject

CN=WildTangent Inc,OU=Product Development,O=WildTangent Inc,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

b0:12:cb:a3:48:90:a6:1b:e9:52:16:e6:f5:df:41:da:1f:18:d4:59
Signer

Actual PE Digest

b0:12:cb:a3:48:90:a6:1b:e9:52:16:e6:f5:df:41:da:1f:18:d4:59

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MulDiv
lstrcpyA
EnumResourceLanguagesA
ConvertDefaultLocale
lstrcmpA
GlobalDeleteAtom
FreeResource
GlobalAddAtomA
lstrcmpW
lstrcatA
GlobalFindAtomA
GlobalGetAtomNameA
GlobalReAlloc
GlobalHandle
LocalReAlloc
TlsFree
GlobalFlags
LockFile
UnlockFile
GetCPInfo
GetOEMCP
SetErrorMode
GetFileTime
RtlUnwind
ExitProcess
VirtualQuery
HeapReAlloc
GlobalLock
GetCommandLineA
ExitThread
GetDriveTypeA
GetSystemTimeAsFileTime
GetFileType
HeapSize
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
SetStdHandle
GetStringTypeA
GetStringTypeW
IsBadCodePtr
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEnvironmentVariableA
GlobalUnlock
VirtualProtectEx
IsBadReadPtr
HeapAlloc
HeapFree
DeviceIoControl
GetVolumeInformationA
SetLastError
VirtualAllocEx
CreateRemoteThread
ReadProcessMemory
VirtualFreeEx
DosDateTimeToFileTime
SetFileTime
OpenEventA
OpenMutexA
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateThread
WaitForMultipleObjects
ResetEvent
GetExitCodeProcess
TerminateProcess
GetProcessId
OpenProcess
OpenThread
WritePrivateProfileStringA
WriteProcessMemory
GetFullPathNameA
TlsAlloc
ResumeThread
TlsSetValue
TlsGetValue
FlushFileBuffers
MoveFileA
CopyFileA
LocalFileTimeToFileTime
SetFileAttributesA
DeleteFileA
FindNextFileA
GetFileAttributesExA
GetCurrentDirectoryA
SetThreadAffinityMask
QueryPerformanceCounter
QueryPerformanceFrequency
DebugBreak
DuplicateHandle
CreateDirectoryA
FindFirstFileA
GetWindowsDirectoryA
LocalAlloc
LocalFree
FormatMessageA
FileTimeToSystemTime
CreateEventA
SetEndOfFile
SetFilePointer
WriteFile
SetEvent
TerminateThread
GetSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
IsDBCSLeadByte
InterlockedIncrement
lstrcpynA
CompareStringW
CompareStringA
lstrcmpiA
GetVersion
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
LoadLibraryExA
FindResourceA
LockResource
SizeofResource
ReleaseMutex
CreateMutexA
lstrlenW
FindResourceExA
LoadResource
GetFileSize
GlobalAlloc
ReadFile
GlobalFree
WideCharToMultiByte
GetFileAttributesW
GetModuleFileNameW
FindFirstFileW
FindNextFileW
FindClose
GetNumberFormatW
GetDateFormatW
GetUserDefaultLCID
GetUserGeoID
GetUserDefaultUILanguage
GetSystemDefaultLangID
GetLocaleInfoW
LoadLibraryW
FreeLibrary
GetCurrentProcessId
GetModuleFileNameA
GetPrivateProfileStringA
lstrlenA
MultiByteToWideChar
GetLastError
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
WaitForSingleObject
Sleep
IsDebuggerPresent
SetUnhandledExceptionFilter
LoadLibraryA
GetTickCount
GetCurrentThread
GetThreadContext
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetModuleHandleA
GetProcAddress
GetCurrentProcess
CreateFileA
GetCurrentThreadId
CreateProcessA
CloseHandle
GetFileAttributesA
DeleteCriticalSection
InitializeCriticalSection
GetStartupInfoA
RaiseException

user32

GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
WinHelpA
GetCapture
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
IsChild
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
UpdateWindow
GetMenu
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
CopyRect
RegisterWindowMessageA
RegisterClipboardFormatA
SetWindowContextHelpId
MapDialogRect
SetMenuItemBitmaps
UnregisterClassA
IntersectRect
GetSystemMetrics
SetFocus
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
ModifyMenuA
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetLastActivePopup
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
UnhookWindowsHookEx
GetWindowTextA
GetFocus
SetWindowPos
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
IsRectEmpty
SetRect
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
PostThreadMessageA
GetMenuState
GetMenuItemID
GetSubMenu
PostQuitMessage
FindWindowExA
SetWindowPlacement
WaitForInputIdle
GetForegroundWindow
GetWindowRect
MoveWindow
SystemParametersInfoA
PostMessageA
wsprintfA
CharLowerBuffW
PtInRect
OffsetRect
GetCursorPos
SetCapture
ReleaseCapture
IsWindow
SetCursor
LoadCursorA
MessageBoxW
CharLowerBuffA
LoadIconA
EnableMenuItem
GetMenuItemCount
InsertMenuA
SendMessageA
GetSystemMenu
IsIconic
SetWindowRgn
GetClientRect
InvalidateRect
SetTimer
EnableWindow
CharUpperA
CharNextA
ReleaseDC
GetDC
ChangeDisplaySettingsA
MessageBoxA
GetWindowPlacement
EnumWindows
GetClassNameA
FindWindowA
ShowWindow
GetLastInputInfo
IsWindowVisible
GetParent
CreateWindowExA

gdi32

GetRgnBox
GetTextColor
GetBkColor
GetMapMode
CreateRectRgnIndirect
GetStockObject
DeleteDC
ExtSelectClipRgn
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetObjectA
SetBkColor
SetTextColor
CreateRoundRectRgn
CreateRectRgn
GetDeviceCaps
OffsetViewportOrgEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
GetClipBox
CreateBitmap
SetViewportExtEx

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

CryptDestroyHash
CryptReleaseContext
GetUserNameA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegCloseKey
CryptSetKeyParam
CryptDeriveKey
CryptHashData
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegOpenKeyExW
RegQueryValueExW
CryptDestroyKey
RegSetKeySecurity
RevertToSelf
ImpersonateSelf
CryptDecrypt
CryptAcquireContextW
CryptCreateHash

shell32

SHGetSpecialFolderPathA
ShellExecuteExA
SHFileOperationA

comctl32

ord17

shlwapi

PathRemoveFileSpecA
PathStripPathA
PathAppendA
PathUnquoteSpacesW
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFileExistsA

oledlg

ord8

ole32

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoRevokeClassObject
CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
CoInitialize
CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoInitializeEx
CreateILockBytesOnHGlobal
CoUninitialize
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
StringFromCLSID
CoCreateGuid
CLSIDFromString

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantClear
VariantInit
DispCallFunc
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
VariantCopy
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect

urlmon

URLDownloadToCacheFileA

ws2_32

gethostname
gethostbyname
ntohl
WSACleanup
WSAStartup

crypt32

CertFreeCertificateContext
CertNameToStrA
CryptMsgGetAndVerifySigner
CryptQueryObject
CryptMsgClose

wintrust

WinVerifyTrust

wininet

InternetCloseHandle
HttpAddRequestHeadersA
InternetGetLastResponseInfoA
InternetReadFile
InternetQueryOptionA
HttpSendRequestA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpQueryInfoA

winmm

timeGetTime
PlaySoundA

iphlpapi

GetAdaptersInfo

dinput8

DirectInput8Create

version

VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 493KB - Virtual size: 492KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pecode
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pccode
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.phs
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6dce638f64bc82493eead21e41537353

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

38:63:1f:3f:1e:79:39:ba:30:df:b5:64:7c:1a:1a:adCertificate

Extended Key Usages

b0:12:cb:a3:48:90:a6:1b:e9:52:16:e6:f5:df:41:da:1f:18:d4:59Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

ws2_32

crypt32

wintrust

wininet

winmm

iphlpapi

dinput8

version

Sections

.text Size: 493KB - Virtual size: 492KB

.pecode Size: 81KB - Virtual size: 80KB

.pccode Size: 8KB - Virtual size: 7KB

.rdata Size: 137KB - Virtual size: 137KB

.data Size: 13KB - Virtual size: 37KB

.phs Size: 1KB - Virtual size: 1KB

.rsrc Size: 63KB - Virtual size: 63KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

38:63:1f:3f:1e:79:39:ba:30:df:b5:64:7c:1a:1a:ad
Certificate

b0:12:cb:a3:48:90:a6:1b:e9:52:16:e6:f5:df:41:da:1f:18:d4:59
Signer

.text
Size: 493KB - Virtual size: 492KB

.pecode
Size: 81KB - Virtual size: 80KB

.pccode
Size: 8KB - Virtual size: 7KB

.rdata
Size: 137KB - Virtual size: 137KB

.data
Size: 13KB - Virtual size: 37KB

.phs
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 63KB - Virtual size: 63KB