3b1910c827806ee2bb4f1b08f2e3ac69_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3b1910c827806ee2bb4f1b08f2e3ac69_JaffaCakes118
Size

7.3MB
MD5

3b1910c827806ee2bb4f1b08f2e3ac69
SHA1

6a04bb2874f33714d543495d0ab0dc03967a61ff
SHA256

5568241267400d9812e8fc515bf5074f22e7a4f190c04ecf741929b1b571587f
SHA512

fc8e38d8c3ac0888aff9e9407217e8b7d8eed03b7febce2e3793058bc3e8c17b0156f93674e183e42751a95318aba654bae517f2b473c3cf0f8b3306cccc5a20
SSDEEP

49152:qUPwhCN/95XY6yMA2zlF+g3VEmJk5M+mmtU:ihCl95XYOxF+gKmJ0M+mmtU

Score

1^/10

Malware Config

Signatures

Files

3b1910c827806ee2bb4f1b08f2e3ac69_JaffaCakes118
.exe windows:4 windows x86 arch:x86

92fed9f46678f64a3cbc25fe907c7eb4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:68:6c:5c:e6:79:f8:3d:7d:47:22:26:96:8e:df:2f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30/01/2008, 00:00

Not After

05/04/2011, 23:59

Subject

CN=AntiSpyware LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AntiSpyware LLC,L=Las Vegas,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

57:9a:57:00:66:c1:8a:74:7e:41:98:b8:46:c0:b3:e5:be:6c:b0:61
Signer

Actual PE Digest

57:9a:57:00:66:c1:8a:74:7e:41:98:b8:46:c0:b3:e5:be:6c:b0:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Matthew\WorkCode\RegistryClear\trunk\release\RegistryClear.pdb

Imports

tcl

Tcl_ProcCmd
Tcl_CreateInterp
Tcl_CloneInterp
Tcl_DeleteClone
Tcl_EvalEx
Tcl_ResetResult
Tcl_DeleteInterp
Tcl_CreateCommand
Tcl_SplitList
Tcl_FreeList
Tcl_SetResult
Tcl_GetStringResult

kernel32

ExitThread
SetEnvironmentVariableA
SetStdHandle
GetFileType
ExitProcess
RtlUnwind
HeapSize
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetDateFormatA
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeFormatA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
GetCommandLineA
HeapReAlloc
VirtualQuery
VirtualAlloc
VirtualProtect
GetTickCount
SetErrorMode
GetOEMCP
GetCPInfo
InterlockedIncrement
LocalReAlloc
GlobalHandle
GlobalReAlloc
GlobalFlags
RaiseException
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
GetThreadLocale
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GlobalAddAtomA
SuspendThread
InterlockedDecrement
GetModuleFileNameW
GlobalDeleteAtom
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GetCurrentProcessId
ConnectNamedPipe
ReadFile
CreateFileA
CreateNamedPipeA
DisconnectNamedPipe
FlushFileBuffers
WriteFile
HeapCompact
HeapCreate
HeapDestroy
LocalAlloc
GetCurrentThread
GetSystemTime
CreateProcessA
SearchPathA
WritePrivateProfileStringA
MoveFileA
GetFileAttributesA
TerminateProcess
GetSystemInfo
FormatMessageA
GetFileTime
CreateThread
HeapFree
LocalFree
GetProcessHeap
HeapAlloc
TlsFree
TlsAlloc
GetStdHandle
LeaveCriticalSection
DeleteCriticalSection
EnterCriticalSection
CreateDirectoryA
InitializeCriticalSection
GetVersionExA
lstrcatA
lstrcpyA
FreeResource
GlobalAlloc
ResumeThread
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
ResetEvent
SetEvent
GetWindowsDirectoryA
GetModuleFileNameA
WinExec
GetCurrentDirectoryA
SetCurrentDirectoryA
lstrcpynA
GetLocalTime
FindClose
FindNextFileA
DeleteFileA
GetCurrentProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FindFirstFileA
SetThreadPriority
LoadLibraryA
GetProcAddress
GetModuleHandleA
CreateEventA
Sleep
FreeLibrary
CloseHandle
SetLastError
WaitForSingleObject
TlsSetValue
TlsGetValue
GetVersion
GetLastError
CompareStringA
MultiByteToWideChar
CompareStringW
GetEnvironmentVariableA
InterlockedExchange
lstrlenA
LockResource
WideCharToMultiByte
SizeofResource
LoadResource
FindResourceA
GetACP

user32

PostThreadMessageA
GetNextDlgGroupItem
RegisterClipboardFormatA
SetWindowContextHelpId
MapDialogRect
CharNextA
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableA
DestroyMenu
RegisterWindowMessageA
WinHelpA
IsChild
GetClassNameA
RemovePropA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
UpdateWindow
GetMenu
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
GetScrollInfo
CallWindowProcA
OffsetRect
IntersectRect
GetWindowPlacement
CreateDialogIndirectParamA
LoadBitmapA
SendMessageA
SetWindowLongA
CharUpperA
DestroyWindow
GetNextDlgTabItem
EndDialog
SetWindowsHookExA
CallNextHookEx
GetMessageA
IsWindowVisible
GetKeyState
ValidateRect
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
SetFocus
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItem
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
ScreenToClient
GrayStringA
DrawTextExA
TabbedTextOutA
PostQuitMessage
GetWindowThreadProcessId
GetLastActivePopup
TrackMouseEvent
SetActiveWindow
GetActiveWindow
IsWindowEnabled
GetDesktopWindow
GetFocus
DestroyIcon
GetCaretPos
SetCapture
PtInRect
MessageBeep
CopyIcon
InflateRect
IsWindow
GetParent
GetWindowTextA
GetWindowTextLengthA
SendMessageCallbackA
CreateWindowExA
EndPaint
BeginPaint
SetPropA
GetDlgCtrlID
DefWindowProcA
GetPropA
UnregisterClassA
RegisterClassExA
MessageBoxA
PostMessageA
FindWindowA
SetTimer
InvalidateRect
GetWindowRect
EnableWindow
KillTimer
PeekMessageA
TranslateMessage
DispatchMessageA
GetWindowLongA
RedrawWindow
LoadMenuA
GetSubMenu
GetCursorPos
TrackPopupMenu
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
LoadIconA
SetForegroundWindow
GetSysColor
CopyRect
DrawTextA
SetWindowRgn
SetCursor
SystemParametersInfoA
SetWindowPos
GetWindowDC
ReleaseDC
LoadCursorA
SetRect
GetSysColorBrush
FillRect
SetClassLongA
DrawEdge
ReleaseCapture
ClientToScreen
WindowFromPoint
GetCapture
DestroyCursor
GetDC
DrawFocusRect
GetClassLongA

gdi32

ScaleWindowExtEx
GetCurrentPositionEx
GetRgnBox
GetMapMode
CreateRectRgnIndirect
CreatePen
ExtSelectClipRgn
ArcTo
RestoreDC
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
MoveToEx
LineTo
GetClipBox
SetMapMode
GetStockObject
GetObjectA
GetDeviceCaps
CreateSolidBrush
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC
BitBlt
CreateFontIndirectA
ExtTextOutA
CreateCompatibleBitmap
StretchBlt
DeleteDC
SelectClipRgn
GetPixel
ExtCreateRegion
SelectObject
GetTextMetricsA
SetTextColor
CreateDCA
SetBkMode
SetBkColor
GetTextExtentPoint32A
GetBkColor
GetTextColor
GetCurrentObject
CreatePatternBrush
CreateBitmap
SaveDC

msimg32

GradientFill

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

AdjustTokenPrivileges
CopySid
RegEnumKeyA
RegDeleteKeyA
LookupAccountNameA
GetSecurityInfo
FreeSid
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
AllocateAndInitializeSid
DuplicateToken
OpenThreadToken
StartServiceA
QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegEnumKeyExA
GetAce
GetAclInformation
EqualSid
LookupAccountSidA
GetSidSubAuthorityCount
IsValidSid
GetSecurityDescriptorControl
GetSecurityDescriptorLength
GetLengthSid
MakeSelfRelativeSD
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegQueryInfoKeyA
RegOpenKeyA
RegCreateKeyA
OpenProcessToken
RegOpenKeyExA
GetUserNameA
LookupPrivilegeValueA
GetSecurityDescriptorDacl
RegEnumValueA
RegQueryValueA
GetTokenInformation
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSidSubAuthority
GetSecurityDescriptorSacl

comctl32

_TrackMouseEvent

shlwapi

PathIsUNCA
PathStripToRootA
UrlUnescapeA
PathFindFileNameA
PathFindExtensionA
PathIsDirectoryA
PathFileExistsA
SHDeleteKeyA

oledlg

ord8

ole32

CoTaskMemAlloc
CLSIDFromString
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemFree
CoCreateInstance
CreateStreamOnHGlobal
CoGetClassObject
CoUninitialize
CoInitializeEx

oleaut32

OleCreateFontIndirect
SystemTimeToVariantTime
OleLoadPicture
SysFreeString
SysStringLen
VarBstrCmp
SysAllocStringLen
SysAllocString
VariantClear
SysAllocStringByteLen
VariantChangeType
VariantInit
VariantCopy
DispCallFunc
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SafeArrayDestroy
VariantTimeToSystemTime

wininet

InternetOpenUrlA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetSetOptionExA
InternetQueryDataAvailable

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

zlib

inflate
inflateInit2_
inflateEnd

Sections

.text
Size: 560KB - Virtual size: 559KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92fed9f46678f64a3cbc25fe907c7eb4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

2b:68:6c:5c:e6:79:f8:3d:7d:47:22:26:96:8e:df:2fCertificate

Extended Key Usages

Key Usages

57:9a:57:00:66:c1:8a:74:7e:41:98:b8:46:c0:b3:e5:be:6c:b0:61Signer

Headers

File Characteristics

PDB Paths

Imports

tcl

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

version

zlib

Sections

.text Size: 560KB - Virtual size: 559KB

.rdata Size: 132KB - Virtual size: 128KB

.data Size: 20KB - Virtual size: 33KB

.rsrc Size: 6.6MB - Virtual size: 6.6MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

2b:68:6c:5c:e6:79:f8:3d:7d:47:22:26:96:8e:df:2f
Certificate

57:9a:57:00:66:c1:8a:74:7e:41:98:b8:46:c0:b3:e5:be:6c:b0:61
Signer

.text
Size: 560KB - Virtual size: 559KB

.rdata
Size: 132KB - Virtual size: 128KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 6.6MB - Virtual size: 6.6MB