3b22b199654a06ae6b80b62018762d96_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3b22b199654a06ae6b80b62018762d96_JaffaCakes118
Size

391KB
MD5

3b22b199654a06ae6b80b62018762d96
SHA1

8cb192916f0ff2dc3f5376b02eafbdc90d3d689e
SHA256

59c09b7c416654a76c68165302feacf0a79c60ccc7475a105a4411dec490dcbd
SHA512

6c460881b2c60e2f468029a2cb439232bef579c5f8f71e1650d5dbeee2242d70f942c28d22174d6d44fd1506f4b16f6fe8e45b53f64dac73a54647113de26c2d
SSDEEP

6144:f+W90ldoIGhNhu6FYUCQ+XRvm/TkPtanXM3Tmd1tyvGKPaP:fQdVG41Urem/2pSYtaP

Score

1^/10

Malware Config

Signatures

Files

3b22b199654a06ae6b80b62018762d96_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e9c6d13e7a5bc53020b9ac0320ccddfa

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/05/2002, 00:55

Not After

25/11/2003, 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3d:d7:b3:04:ba:0e:bc:f0:c4:1e:a9:3f:4e:9b:a1:eb:c7:87:e9:f2
Signer

Actual PE Digest

3d:d7:b3:04:ba:0e:bc:f0:c4:1e:a9:3f:4e:9b:a1:eb:c7:87:e9:f2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord3756
ord2505
ord1172
ord5568
ord5506
ord4709
ord1683
ord2520
ord5284
ord4433
ord2046
ord3381
ord4425
ord3695
ord498
ord771
ord1645
ord429
ord4604
ord1008
ord858
ord5706
ord4124
ord2755
ord4585
ord861
ord4430
ord2127
ord1941
ord4029
ord818
ord942
ord538
ord4294
ord4229
ord4370
ord2634
ord6330
ord1125
ord6375
ord4847
ord3592
ord324
ord6238
ord5798
ord3092
ord3568
ord1633
ord3716
ord795
ord3737
ord686
ord556
ord809
ord755
ord470
ord1088
ord2114
ord640
ord5785
ord323
ord2108
ord613
ord289
ord2606
ord6266
ord5783
ord283
ord4474
ord4875
ord2442
ord6168
ord5869
ord2746
ord2631
ord2362
ord1775
ord2810
ord5060
ord1662
ord2644
ord3693
ord765
ord2577
ord4359
ord5079
ord1702
ord1707
ord4398
ord5254
ord3717
ord529
ord796
ord6228
ord6226
ord6144
ord2560
ord6264
ord6267
ord3220
ord3252
ord3907
ord2536
ord2535
ord2503
ord978
ord1724
ord5847
ord2878
ord2390
ord2410
ord6220
ord6222
ord2421
ord2242
ord4726
ord4535
ord2251
ord4830
ord4434
ord3386
ord3715
ord527
ord794
ord1834
ord4237
ord4260
ord2715
ord2382
ord3054
ord5094
ord5097
ord4298
ord3345
ord5006
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord2641
ord1658
ord4421
ord674
ord366
ord5248
ord4331
ord6065
ord4407
ord5906
ord3476
ord2244
ord975
ord5468
ord6191
ord2486
ord5024
ord5278
ord5473
ord6456
ord5048
ord6307
ord4166
ord4584
ord4901
ord6063
ord2992
ord6205
ord2618
ord2100
ord3477
ord5996
ord2109
ord6437
ord2619
ord4451
ord4718
ord3289
ord4028
ord535
ord5571
ord434
ord1649
ord2133
ord348
ord663
ord1937
ord4268
ord2680
ord4717
ord4118
ord5256
ord4343
ord2527
ord5047
ord5848
ord4458
ord4583
ord4582
ord4893
ord4364
ord4886
ord5070
ord4335
ord4884
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4958
ord4955
ord4103
ord5236
ord3743
ord1719
ord4426
ord641
ord560
ord1191
ord3694
ord4848
ord6172
ord5845
ord1157
ord3517
ord6408
ord922
ord6399
ord6303
ord521
ord413
ord711
ord4162
ord763
ord3871
ord2290
ord4252
ord2529
ord482
ord483
ord1651
ord293
ord3692
ord3000
ord1196
ord3494
ord2507
ord355
ord4524
ord4538
ord5681
ord3269
ord3348
ord3574
ord736
ord3022
ord439
ord4037
ord6137
ord5855
ord1817
ord4233
ord5817
ord3657
ord414
ord713
ord4817
ord6325
ord1739
ord5092
ord940
ord537
ord860
ord2385
ord4690
ord3053
ord3060
ord6332
ord2502
ord2534
ord5239
ord5736
ord5573
ord3167
ord5649
ord4852
ord2391
ord4381
ord3449
ord3193
ord6076
ord6171
ord4617
ord4420
ord652
ord338
ord4613
ord3688
ord4983
ord4925
ord4930
ord3267
ord430
ord729
ord3747
ord2378
ord5491
ord5764
ord6124
ord6771
ord1698
ord5899
ord4312
ord5784
ord5790
ord6115
ord5214
ord617
ord296
ord4269
ord5496
ord5685
ord2496
ord2717
ord2970
ord5949
ord4532
ord5215
ord2809
ord4667
ord5857
ord5852
ord4263
ord816
ord562
ord4242
ord4408
ord706
ord645
ord1856
ord980
ord774
ord502
ord4480
ord2546
ord5727
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5710
ord3733
ord815
ord561
ord3917
ord1229
ord1150
ord1202
ord2504
ord4816
ord2094
ord4461
ord5469
ord1717
ord5252
ord407
ord5285
ord4110
ord801
ord541
ord5297
ord5499
ord2627
ord1131
ord5208
ord986
ord520
ord2613
ord3093
ord2933
ord4158
ord6865
ord6139
ord6451
ord6316
ord4448
ord3312
ord1831
ord4224
ord3014
ord2508
ord361
ord1105
ord5781
ord5871
ord2054
ord3979
ord2444
ord5600
ord2078
ord3865
ord5677
ord4199
ord3443
ord1657
ord3915
ord2855
ord1821
ord5846
ord3084
ord1900
ord4668
ord496
ord4254
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord692
ord6107
ord6898
ord6896
ord1808
ord656
ord567
ord3605
ord4621
ord3397
ord3076
ord3257
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord5276
ord4846
ord4369
ord4428
ord4222
ord1792
ord2070
ord2567
ord4270
ord609
ord3569
ord4390
ord1709
ord1704
ord2072
ord4071
ord4078
ord3792
ord5878
ord6193
ord384
ord2088
ord2445
ord5867
ord6211
ord6617
ord2400
ord807
ord554
ord3725
ord2436
ord3744
ord6372
ord1569
ord5267
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1768
ord4073
ord6051
ord2859
ord2854

msvcrt

__dllonexit
?terminate@@YAXXZ
_onexit
_except_handler3
_adjust_fdiv
__setusermatherr
malloc
_CIpow
_wtol
_controlfp
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
floor
setlocale
wcstod
_wcsnicmp
_wcsdup
wcsncat
_wcslwr
wcsstr
wcstoul
strncpy
wcscmp
??1type_info@@UAE@XZ
_wmakepath
wcsrchr
_vsnwprintf
_purecall
_ltow
_wtoi
iswdigit
fclose
_wfopen
wcsncpy
fwprintf
_wsetlocale
_itow
wcscat
_wcsicmp
iswspace
wcschr
_ftol
swprintf
wcslen
wcscpy
_wcsupr
wcsncmp
__CxxFrameHandler
free
memmove
__set_app_type
__p__fmode
__p__commode
_wsplitpath

msvcp60

??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHABV12@@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGPAG0@Z

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteKeyW
RegCreateKeyW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegOpenKeyW
RegOpenKeyExW
RegDeleteValueW
RegEnumKeyW

kernel32

GetModuleHandleA
GetDateFormatW
GetTimeFormatW
GetSystemDirectoryW
IsBadStringPtrW
GetSystemTimeAsFileTime
SystemTimeToFileTime
lstrcmpW
IsBadReadPtr
GetDriveTypeW
GlobalAlloc
GlobalReAlloc
LCMapStringW
SetUnhandledExceptionFilter
CreateFileW
CopyFileW
GetSystemTime
GetLocaleInfoW
GetCommandLineW
GetVersionExW
GetModuleFileNameW
CreateProcessW
GetFullPathNameW
SetThreadLocale
GetCurrentThreadId
lstrlenA
GetModuleHandleW
FreeLibrary
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GlobalFree
MulDiv
MoveFileExW
SetCurrentDirectoryW
GetACP
WideCharToMultiByte
GetFileAttributesW
GetTempPathW
GetTempFileNameW
GlobalLock
HeapAlloc
GlobalUnlock
GetProcessHeap
HeapFree
CreateFileMappingW
GetLastError
MapViewOfFile
UnmapViewOfFile
CloseHandle
GetCurrentDirectoryW
lstrcpynW
lstrcpyW
lstrcatW
CompareStringW
FormatMessageW
LocalFree
WaitForSingleObject
ResetEvent
SetEvent
Sleep
GetFileAttributesExW
GetSystemPowerStatus
lstrlenW
CreateDirectoryW
DeleteFileW
GetStringTypeExW
GetTickCount
lstrcmpiW
IsBadWritePtr
GetProcAddress
LoadLibraryA
WriteFile
ReadFile
SetFilePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetErrorMode
GetVersionExA
LockFile
UnlockFile
FlushFileBuffers
GetFileInformationByHandle
GetLocaleInfoA
GetUserDefaultLCID
GetVersion
LoadLibraryW
SetLastError
OutputDebugStringA
FormatMessageA
TerminateProcess
GetCurrentProcess
RaiseException
QueryPerformanceCounter
GetCurrentProcessId
LocalAlloc
InterlockedExchange
GetStartupInfoW

gdi32

CreateFontIndirectW
GetTextMetricsW
GetCharWidthW
SelectObject
CreateFontW
GetStockObject
CreateSolidBrush
CreatePen
MaskBlt
GetObjectW
CreateCompatibleDC
PatBlt
ExtTextOutW
SetBkMode
SetTextColor
GetBkColor
DPtoLP
GetNearestColor
CreateDCW
GetDIBits
RealizePalette
SelectPalette
CreateCompatibleBitmap
DeleteObject
GetTextExtentPoint32W
GetDeviceCaps
Rectangle
MoveToEx
DeleteDC
CreatePalette
GetPaletteEntries
CreateDIBSection
LineTo

user32

LockWindowUpdate
IntersectRect
SendMessageA
IsWindowUnicode
WindowFromPoint
SetCursor
GetCursorPos
GetDialogBaseUnits
OffsetRect
ShowCursor
CreateWindowExW
RegisterClassW
GetClassInfoW
PtInRect
SetCapture
IsWindowEnabled
DefWindowProcW
UnionRect
IsWindow
SetWindowLongW
EndPaint
BeginPaint
GetWindowLongW
DrawTextW
ReleaseCapture
UpdateWindow
SetFocus
GetMessagePos
GetMessageTime
DeleteMenu
AppendMenuW
CheckMenuItem
GetMenuItemCount
IsIconic
SetForegroundWindow
GetKeyState
GetWindowTextW
SetWindowTextW
ModifyMenuW
LoadCursorW
MessageBoxW
InsertMenuW
BeginDeferWindowPos
EndDeferWindowPos
DeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsZoomed
RedrawWindow
SetActiveWindow
FindWindowW
RegisterWindowMessageW
DispatchMessageW
TranslateMessage
PeekMessageW
SetMenu
LoadIconW
GetLastActivePopup
SetDlgItemTextW
GetDlgItemTextW
GetClassLongW
PostQuitMessage
KillTimer
SetTimer
EqualRect
IsDialogMessageW
SendMessageTimeoutW
GetActiveWindow
PostMessageW
RegisterClipboardFormatW
IsClipboardFormatAvailable
GetFocus
GetMenu
GetParent
GetMenuStringW
DrawFrameControl
DrawFocusRect
DestroyWindow
GetSysColor
SystemParametersInfoW
MessageBoxA
GetWindowLongA
SetPropW
GetPropW
SetWindowPos
ScreenToClient
LoadImageW
GetSysColorBrush
GetWindow
IsWindowVisible
LoadStringW
IsChild
wsprintfW
TrackPopupMenuEx
FillRect
FrameRect
GetSystemMetrics
SetRect
GetDesktopWindow
RemovePropW
GetWindowTextLengthW
ReleaseDC
GetDC
SendMessageW
GetWindowRect
EnableWindow
GetClientRect
MessageBeep
InvalidateRect
ClientToScreen
MapWindowPoints
GetSystemMenu
LoadMenuW
GetSubMenu
EnableMenuItem
LoadBitmapW
InflateRect
SetRectEmpty
IsRectEmpty
CopyRect

shlwapi

PathFindSuffixArrayW
PathFindFileNameW
StrChrW
PathRemoveExtensionW
StrStrIW
PathRemoveFileSpecW
PathAppendW
PathFindExtensionW
PathAddBackslashW

comctl32

ImageList_Draw
ImageList_SetBkColor
ImageList_AddMasked
ord17

shell32

SHBrowseForFolderW
DragQueryFileW
SHChangeNotify
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetFolderPathW
SHIsFileAvailableOffline
SHGetDiskFreeSpaceExW
ShellExecuteW
CommandLineToArgvW
SHAddToRecentDocs
SHAppBarMessage

ole32

CoUninitialize
CoInitialize
OleUninitialize
OleInitialize
CoGetMalloc
StringFromGUID2
StgOpenStorageEx
StgCreateStorageEx
ReleaseStgMedium
PropVariantClear
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

SysFreeString
VarFormatNumber
VariantClear
VariantTimeToSystemTime
VariantChangeType
SysStringLen
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SysAllocStringLen
VariantInit
SysAllocString

msimg32

AlphaBlend

comdlg32

CommDlgExtendedError
GetFileTitleW

winspool.drv

OpenPrinterW
ord203
AdvancedDocumentPropertiesW
EnumPrintersW
ClosePrinter
DocumentPropertiesW

urlmon

HlinkNavigateString

mspcore

_IsFileOfSupportedType@8

mspgimme

EPLoadMSO
SetupGimme
EPMsoLoadLibraryByName

msi

ord39

Sections

.text
Size: 327KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mspdta
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e9c6d13e7a5bc53020b9ac0320ccddfa

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:07:11:43:00:00:00:00:00:34Certificate

Extended Key Usages

Key Usages

3d:d7:b3:04:ba:0e:bc:f0:c4:1e:a9:3f:4e:9b:a1:eb:c7:87:e9:f2Signer

Headers

DLL Characteristics

File Characteristics

Imports

mfc42u

msvcrt

msvcp60

advapi32

kernel32

gdi32

user32

shlwapi

comctl32

shell32

ole32

oleaut32

msimg32

comdlg32

winspool.drv

urlmon

mspcore

mspgimme

msi

Sections

.text Size: 327KB - Virtual size: 327KB

.data Size: 13KB - Virtual size: 20KB

.mspdta Size: 512B - Virtual size: 4B

.rsrc Size: 48KB - Virtual size: 64KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:07:11:43:00:00:00:00:00:34
Certificate

3d:d7:b3:04:ba:0e:bc:f0:c4:1e:a9:3f:4e:9b:a1:eb:c7:87:e9:f2
Signer

.text
Size: 327KB - Virtual size: 327KB

.data
Size: 13KB - Virtual size: 20KB

.mspdta
Size: 512B - Virtual size: 4B

.rsrc
Size: 48KB - Virtual size: 64KB