33d700a70cdd24149d0ec6a3565a5458_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

33d700a70cdd24149d0ec6a3565a5458_JaffaCakes118
Size

161KB
MD5

33d700a70cdd24149d0ec6a3565a5458
SHA1

8f33cf2285ff7446f4bc3a645c5a4920752330f1
SHA256

a23fdd72c717eb3552c9c91d6aacbebb8588fb2b665f7afcd971049637f3cbec
SHA512

dc9e4ddd8d6c298a008eabb70e42a46afa2949618c96b0a5da41b14e6b090ca578a48c71f5a41aa080202e44940ee4a56a4781da1b633cdd4621ad84f22c2d9c
SSDEEP

3072:6BxCICYSyaJNl1Rp82fs0dnb9xcMv8etafKXBmD5cuMwAw3DQXquMJNwXjSJBQR6:6BDCY9aj3M2frHsf2mDOuMhw8aTsjSJV

Score

1^/10

Malware Config

Signatures

Files

33d700a70cdd24149d0ec6a3565a5458_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7bed1a59d288ca28563d9b01e5ae609b

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

34:11:c5:0a:8e:92:1d:c1:af:43:2c:f0:12:a1:5e:d0
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

29/08/2006, 07:13

Not After

29/08/2007, 07:13

Subject

CN=TNL Corp.,OU=Marketing,O=TNL Corp.,L=Goyang,ST=kyunggi\ ,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

lstrcmpiA
lstrlenA
lstrcatA
lstrcpyA
SetEvent
CloseHandle
WinExec
GetTempFileNameA
GetTempPathA
CreateFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetTickCount
WaitForSingleObject
FreeLibrary
GetProcAddress
LoadLibraryA
CreateEventA
WriteFile
DeleteFileA
ReadFile
lstrcmpA
Sleep
CreateThread
lstrcpynA
LeaveCriticalSection
EnterCriticalSection
ResetEvent
GetModuleFileNameA
SetFilePointer
FlushFileBuffers
DeleteCriticalSection
UnlockFile
SetEndOfFile
GetCurrentProcessId
TerminateThread
CreateDirectoryA
GetVolumeInformationA
GetSystemDirectoryA
GetWindowsDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
WaitForMultipleObjects
CreateMutexA
SetFileAttributesA
GetFileAttributesA
GetLongPathNameA
CallNamedPipeA
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeA
GetFileSize
WritePrivateProfileStringA
GetShortPathNameA
MoveFileExA
CopyFileA
GetFileType
DuplicateHandle
GetCurrentProcess
SystemTimeToFileTime
DosDateTimeToFileTime
GetCurrentDirectoryA
SetFileTime
TerminateProcess
OpenProcess
GetCurrentThreadId
FindClose
FindFirstFileA
InitializeCriticalSection
GetLastError
GetSystemTimeAsFileTime
QueryPerformanceCounter
ExitProcess
GetStartupInfoA
GetModuleHandleA
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LockFile

user32

wsprintfA
DestroyIcon
GetWindowThreadProcessId
PeekMessageA
TranslateMessage
DispatchMessageA
UpdateWindow
RegisterWindowMessageA
GetDesktopWindow
DefWindowProcA

advapi32

InitializeAcl
IsValidAcl
SetSecurityDescriptorDacl
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyA
RegEnumKeyExA
RegSetKeySecurity
IsValidSecurityDescriptor
InitializeSecurityDescriptor
RegCloseKey

ole32

CoCreateInstance
CoInitialize
CoCreateGuid
CoUninitialize

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA

oleaut32

SysAllocString
VariantInit
SysStringLen
SysAllocStringLen
VariantClear
SysFreeString

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Xran@_String_base@std@@QBEXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@Viterator@12@0PBD@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Nomemory@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcr71

??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@XZ
free
malloc
__CxxFrameHandler
??3@YAXPAX@Z
??0exception@@QAE@ABV0@@Z
atoi
_itoa
_mbschr
_controlfp
__security_error_handler
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_callnewh
memset
strncat
wcsncmp
wcschr
wcsncpy
wcsstr
strncpy
gmtime
calloc
_mbsnbcpy
_mbsrev
_mbsicmp
isdigit
mktime
time
atol
bsearch
srand
rand
_vsnprintf
strncmp
??_V@YAXPAX@Z
strrchr
memmove
strchr
strstr
_mbslwr
_mbsnbicmp
_except_handler3
_strnicmp
_strlwr
_stricmp
_wcslwr
_wcsicmp
_setmbcp
_mbsstr

mfc71

ord5233
ord5235
ord1054
ord6090
ord757
ord566
ord3333
ord4261
ord4481
ord2838
ord5566
ord5213
ord2390
ord2400
ord2398
ord2396
ord2392
ord2415
ord2403
ord635
ord395
ord4541
ord3683
ord4038
ord4014
ord1207
ord5230
ord4568
ord3948
ord2248
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord3207
ord4265
ord4486
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2862
ord2714
ord4307
ord2835
ord2731
ord2537
ord5200
ord1599
ord1655
ord1656
ord1964
ord5165
ord1362
ord4967
ord3345
ord6277
ord3802
ord6279
ord1522
ord2172
ord2178
ord2405
ord2387
ord2385
ord2408
ord2413
ord2394
ord2410
ord934
ord6278
ord930
ord932
ord928
ord923
ord5960
ord1600
ord4277
ord4722
ord3403
ord1306
ord2173
ord5205
ord4185
ord6275
ord5073
ord1908
ord5148
ord4244
ord1402
ord3945
ord1617
ord1620
ord5915
ord4019
ord2424
ord2425
ord2992
ord5356
ord943
ord4904
ord2939
ord4135
ord4309
ord5012
ord5009
ord2615
ord1913
ord2246
ord4299
ord4799
ord1160
ord1557
ord2372
ord1084
ord3648

urlmon

URLDownloadToFileA

iphlpapi

GetAdaptersInfo

wininet

HttpSendRequestA
HttpOpenRequestA
InternetConnectA
HttpQueryInfoA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile
InternetOpenA

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7bed1a59d288ca28563d9b01e5ae609b

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

34:11:c5:0a:8e:92:1d:c1:af:43:2c:f0:12:a1:5e:d0Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

version

kernel32

user32

advapi32

ole32

shell32

oleaut32

msvcp71

msvcr71

mfc71

urlmon

iphlpapi

wininet

Sections

.text Size: 104KB - Virtual size: 102KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 1KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

34:11:c5:0a:8e:92:1d:c1:af:43:2c:f0:12:a1:5e:d0
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

.text
Size: 104KB - Virtual size: 102KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 1KB