34535b9c9317ecf13508011251355585_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

34535b9c9317ecf13508011251355585_JaffaCakes118
Size

356KB
MD5

34535b9c9317ecf13508011251355585
SHA1

8bdd6c28814df68bb73445e3ac04752a471bd398
SHA256

70d3cdd3b2c7461352c04677085359c3837a6aad43dceb80d8d22db8d6fa19df
SHA512

fecda55b1468eda69becf0bc093c7fc143cbbe5ac6ee3f6e9a29e95ff9803fca762d9bdd22854fc27bb92bfc3ae34359e9f61710673bf1032fdf475533b4407c
SSDEEP

6144:GVobDkedjV1dYJw8TUhrVsK4WgKB3jLHELQNZMuPLn1pHYMv:GG3keRVEJwUUbnp9B4

Score

1^/10

Malware Config

Signatures

Files

34535b9c9317ecf13508011251355585_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bf4c7c6d85da8e80e06a124b225c73c0

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:e2:99:00:6f:7a:e2:5e:06:2b:1a:7a:06:7f:c5:48
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

05-04-2006 00:00

Not After

13-04-2009 23:59

Subject

CN=CyberLink,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CyberLink,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ff:2d:54:ee:4a:7c:48:18:66:b2:2c:2a:31:88:ce:11:83:08:34:74
Signer

Actual PE Digest

ff:2d:54:ee:4a:7c:48:18:66:b2:2c:2a:31:88:ce:11:83:08:34:74

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\OLReg4.0\Release\OLReg.pdb

Imports

kernel32

SetLastError
LoadLibraryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
CompareStringA
GetSystemDefaultLangID
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
WaitForSingleObject
TerminateThread
GetLastError
CloseHandle
ExitProcess
FreeLibrary
LoadResource
LockResource
SizeofResource
SetEnvironmentVariableA
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetOEMCP
IsBadWritePtr
GetTimeZoneInformation
SetUnhandledExceptionFilter
LCMapStringA
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapSize
GetFileType
SetStdHandle
TerminateProcess
HeapReAlloc
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
CreateThread
ExitThread
RtlUnwind
GetTickCount
SetErrorMode
GetFileTime
FileTimeToLocalFileTime
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
GetVersionExA
lstrlenA
GlobalDeleteAtom
GetCurrentThreadId
FreeResource
LocalFree
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
GlobalFree
InterlockedDecrement
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
GetCurrentThread
ResumeThread
LocalAlloc
LeaveCriticalSection
GlobalReAlloc
GlobalHandle
EnterCriticalSection
TlsGetValue
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GlobalFlags
InterlockedIncrement
RaiseException
FileTimeToSystemTime
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile

advapi32

RegCloseKey

user32

ReleaseDC
GetDC
CopyRect
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPos
GetDlgCtrlID
EqualRect
ScreenToClient
AdjustWindowRectEx
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenu
IsWindowVisible
GetKeyState
MapWindowPoints
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
DestroyWindow
GetTopWindow
GetDlgItem
SetActiveWindow
GetForegroundWindow
IsChild
SetFocus
GetFocus
SendDlgItemMessageA
CallNextHookEx
MoveWindow
IsWindowEnabled
GetMenuState
BeginPaint
InflateRect
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetCursorPos
PostQuitMessage
ValidateRect
GetActiveWindow
EndDialog
GetNextDlgTabItem
GetDesktopWindow
MapDialogRect
SetWindowContextHelpId
DestroyMenu
GetSysColorBrush
IsRectEmpty
SetRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
EndPaint
GetWindowRect
GetClientRect
ClientToScreen
GetWindowDC
UpdateWindow
InvalidateRect
SetTimer
KillTimer
GetCapture
SetCapture
GetParent
WindowFromPoint
ReleaseCapture
IsWindow
SetCursor
PtInRect
RedrawWindow
GetSysColor
CopyIcon
SetForegroundWindow
ShowWindow
IsIconic
GetLastActivePopup
TranslateMessage
GetWindow
DrawIcon
GetSystemMetrics

gdi32

SetMapMode
GetRgnBox
GetTextColor
GetBkColor
GetMapMode
CreateRectRgnIndirect
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
CreateCompatibleBitmap
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
PtInRegion
DeleteObject
GetDeviceCaps
CreateBitmap
SetBkColor
GetStockObject
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox

shell32

ord165
SHGetSpecialFolderPathW

wininet

InternetOpenW
HttpOpenRequestW
InternetOpenUrlW
InternetCloseHandle
InternetConnectW
InternetReadFile
HttpSendRequestA

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathFileExistsW
PathUnquoteSpacesW
PathRemoveArgsW
PathAddBackslashW
PathRemoveFileSpecW
PathRemoveBackslashW
PathIsUNCW

comctl32

ord17
_TrackMouseEvent

ole32

CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoTaskMemFree
CoRevokeClassObject
OleInitialize
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

OleCreateFontIndirect
SysAllocString
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
SysStringLen
SysFreeString
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen

winspool.drv

ClosePrinter

Sections

.text
Size: 224KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bf4c7c6d85da8e80e06a124b225c73c0

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

79:e2:99:00:6f:7a:e2:5e:06:2b:1a:7a:06:7f:c5:48Certificate

Extended Key Usages

Key Usages

ff:2d:54:ee:4a:7c:48:18:66:b2:2c:2a:31:88:ce:11:83:08:34:74Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

gdi32

shell32

wininet

shlwapi

comctl32

ole32

oleaut32

winspool.drv

Sections

.text Size: 224KB - Virtual size: 222KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 16KB - Virtual size: 29KB

.rsrc Size: 56KB - Virtual size: 56KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

79:e2:99:00:6f:7a:e2:5e:06:2b:1a:7a:06:7f:c5:48
Certificate

ff:2d:54:ee:4a:7c:48:18:66:b2:2c:2a:31:88:ce:11:83:08:34:74
Signer

.text
Size: 224KB - Virtual size: 222KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 56KB - Virtual size: 56KB