3f4b470a3c322f68659cc5753d183a36_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3f4b470a3c322f68659cc5753d183a36_JaffaCakes118
Size

377KB
MD5

3f4b470a3c322f68659cc5753d183a36
SHA1

1aa8c96ca20398b27f90cdc308acdd61cee52189
SHA256

c9fa9da46a71b695f1abefcba9d73b8a3b2fca7da916e46669fc5d8b2fc7f175
SHA512

80150abf3319b45d1f3210b7c9927c8c1e7bc08ce769cfe2660e88ec2cd473ec7674d847412cdb508bc86de636e48ec9e87d39a910177f889b818a18008d347b
SSDEEP

3072:ijIHrBRftGYTnLiplFN/GxOtERwoM6Gh+v8PlNkqeAqgEkMWwVfdihFS35y:PV4FFGUuRmb+QlGM5MWUiht

Score

1^/10

Malware Config

Signatures

Files

3f4b470a3c322f68659cc5753d183a36_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9ff440e01edefc03ae804ff03604afe1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:a0:0c:ae:a0:54:61:4d:44:d3:11:9b:6d:b4:8a:d8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

14/02/2008, 00:00

Not After

12/05/2010, 23:59

Subject

CN=Zango,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Zango,O=Zango,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ff:02:26:5e:42:d3:11:f3:48:6b:29:3c:b6:83:e2:a2:6b:4a:fd:78
Signer

Actual PE Digest

ff:02:26:5e:42:d3:11:f3:48:6b:29:3c:b6:83:e2:a2:6b:4a:fd:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\080523_000332_build_BECKS\Client_Build_BECKS_10.3.65.0\compile\source_sa\Bin\zango_release\ZangoSADF.pdb

Imports

kernel32

GetModuleHandleA
UnmapViewOfFile
WriteProcessMemory
ReadProcessMemory
GetTickCount
DeleteFileA
WriteFile
CreateFileA
GetVersionExA
LocalFree
LocalAlloc
RemoveDirectoryA
SetFileAttributesA
GetFileAttributesA
FindClose
FindFirstFileA
ReadFile
GetFileSize
GetTempPathA
GetTempFileNameA
GetPrivateProfileStringA
GetModuleFileNameA
LoadLibraryExA
SetLastError
OpenProcess
CreateDirectoryA
OpenFile
GetShortPathNameA
SetFilePointer
GetWindowsDirectoryA
MoveFileExA
FindNextFileA
GetComputerNameA
GetDriveTypeA
GetVolumeInformationA
SetErrorMode
lstrcpyA
GetComputerNameExA
GetSystemDirectoryA
GetOEMCP
GetACP
GetThreadLocale
CreateFileMappingA
GetSystemDefaultLangID
DosDateTimeToFileTime
GetProcessHeap
HeapFree
HeapAlloc
FormatMessageA
OutputDebugStringA
SetEnvironmentVariableA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
SetConsoleCtrlHandler
Sleep
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCurrentThread
GetCurrentThreadId
TlsFree
TlsSetValue
MapViewOfFile
LoadLibraryA
GetProcAddress
GetCurrentProcess
CloseHandle
InterlockedExchange
FreeLibrary
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
GetEnvironmentVariableA
InterlockedDecrement
lstrlenA
lstrcmpiW
lstrcmpiA
CompareStringW
CompareStringA
lstrlenW
GetVersion
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetUserDefaultLangID
TlsAlloc
TlsGetValue
IsValidCodePage
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStdHandle
ExitProcess
HeapCreate
VirtualFree
FatalAppExitA
RtlUnwind
GetStartupInfoA
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapSize
HeapReAlloc
HeapDestroy
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA

user32

CreateWindowExA
ShowWindow
GetSystemMetrics
PostQuitMessage
DefWindowProcA
RegisterClassExA
LoadCursorA
LoadIconA
CharLowerA
CharLowerW
UpdateWindow
GetDC
ExitWindowsEx
GetWindowLongA
UnregisterClassA
ReleaseDC
EqualRect
UpdateLayeredWindow
GetParent
GetWindowDC
GetWindowRect
BeginPaint
EndPaint
GetClientRect
LoadStringA
SetWindowLongA
SetWindowPos
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
KillTimer
SendMessageA
CallWindowProcA
CharUpperW
CharUpperA

gdi32

CreateCompatibleDC
SelectObject
GetDeviceCaps
BitBlt
DeleteDC
DeleteObject
CreateDIBSection

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
LookupAccountNameA
ConvertSidToStringSidA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

ShellExecuteA

ole32

OleRun
OleCreate
OleDraw
OleInitialize
OleSetContainedObject
CoCreateInstance
OleUninitialize

oleaut32

SysAllocString
GetErrorInfo
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
VariantInit
SysStringLen
SysFreeString
CreateErrorInfo
SetErrorInfo
VariantClear

shlwapi

StrToIntA

rpcrt4

UuidCreate

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 292KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ff440e01edefc03ae804ff03604afe1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

1c:a0:0c:ae:a0:54:61:4d:44:d3:11:9b:6d:b4:8a:d8Certificate

Extended Key Usages

Key Usages

ff:02:26:5e:42:d3:11:f3:48:6b:29:3c:b6:83:e2:a2:6b:4a:fd:78Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

rpcrt4

version

Sections

.text Size: 292KB - Virtual size: 288KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 12KB - Virtual size: 18KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

1c:a0:0c:ae:a0:54:61:4d:44:d3:11:9b:6d:b4:8a:d8
Certificate

ff:02:26:5e:42:d3:11:f3:48:6b:29:3c:b6:83:e2:a2:6b:4a:fd:78
Signer

.text
Size: 292KB - Virtual size: 288KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 12KB - Virtual size: 18KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 1KB