3c0b9c82f0a1c2528f2ee22715ba1d82_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3c0b9c82f0a1c2528f2ee22715ba1d82_JaffaCakes118
Size

2.4MB
MD5

3c0b9c82f0a1c2528f2ee22715ba1d82
SHA1

eda451bf50f825f4c8a15394dc562b46b31834bb
SHA256

d86f2dafdb23212bef7239fa4b54b07eaaee16244ba147f524ff5a3756722c93
SHA512

055c28adb6d51e433dad0fd99ba9a9d3f06ef9b0f161db40942097cde082fb30f3c7a88be4d89705be440d0a3525ddb024b7cebf2f8a814608e59b4897503a09
SSDEEP

49152:wTdh8jgydkZkPyQtx4x6mar14tjz8VnyBA5hPKJHPKJgPKJ5PKJtPKJSPKJxcfZW:FoWPPtxN14tj+cfI

Score

1^/10

Malware Config

Signatures

Files

3c0b9c82f0a1c2528f2ee22715ba1d82_JaffaCakes118
.exe windows:4 windows x86 arch:x86

47ee3b6c539ae1e4b5d27fd1a144b645

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:53:41:ab:e9:7d:fd:cd:50:7e:54:b6:c3:76:d4:9c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/01/2009, 00:00

Not After

31/01/2012, 23:59

Subject

CN=MicroWorld Technologies Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=MicroWorld Technologies Inc.,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:5d:47:43:bb:2e:af:02:f9:41:9b:da:ba:53:06:4f:e6:78:ed:23
Signer

Actual PE Digest

41:5d:47:43:bb:2e:af:02:f9:41:9b:da:ba:53:06:4f:e6:78:ed:23

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

comctl32

PropertySheetA
InitCommonControlsEx
ord17

kernel32

FormatMessageA
GetEnvironmentVariableA
CreateMutexA
CreateSemaphoreA
CreateEventA
GetSystemInfo
lstrcmpA
WaitForSingleObject
OpenEventA
FindNextChangeNotification
FindCloseChangeNotification
FindFirstChangeNotificationA
GetDriveTypeA
_llseek
ReleaseMutex
GetCurrentThreadId
lstrcmpW
SetEvent
CompareFileTime
WideCharToMultiByte
WinExec
SetCurrentDirectoryA
GetPrivateProfileSectionA
FlushFileBuffers
GetLogicalDrives
GetSystemDefaultLangID
SizeofResource
FileTimeToDosDateTime
FindResourceA
EnumResourceNamesA
EnumResourceTypesA
TerminateProcess
GetCurrentProcessId
ReadProcessMemory
VirtualQueryEx
ExpandEnvironmentStringsA
OpenSemaphoreA
OpenMutexA
CopyFileA
SetPriorityClass
QueryDosDeviceA
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
GetSystemTime
DuplicateHandle
InterlockedExchange
GetVolumeInformationA
VirtualFreeEx
VirtualProtectEx
VirtualAllocEx
SetProcessWorkingSetSize
_lclose
OpenFile
LoadLibraryExA
GetVersion
SetFileTime
CreateDirectoryA
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GlobalMemoryStatus
GetFileInformationByHandle
SystemTimeToFileTime
FileTimeToSystemTime
AreFileApisANSI
lstrcpynA
GetFileTime
GetFileAttributesA
GetVersionExA
GetProcessHeap
HeapFree
HeapAlloc
OpenProcess
GetCurrentThread
GetCurrentProcess
GetLocalTime
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
GetDateFormatA
GetShortPathNameA
SetLastError
GetFileSize
CreateFileMappingA
GetDiskFreeSpaceA
GetTickCount
Sleep
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
GetTempPathA
GetTempFileNameA
SetFileAttributesA
RemoveDirectoryA
GetLastError
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
ReadFile
InitializeCriticalSection
EnterCriticalSection
lstrcatA
LeaveCriticalSection
lstrlenA
lstrcpyA
SetUnhandledExceptionFilter
GetStringTypeW
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileA
GetFullPathNameA
GetSystemDirectoryA
DeleteFileA
LocalFree
CloseHandle
DeviceIoControl
PeekNamedPipe
SetEnvironmentVariableW
CreateProcessA
GetExitCodeProcess
GetTimeFormatA
GetTimeZoneInformation
GetWindowsDirectoryA
WriteProfileStringA
GetProfileStringA
GetPrivateProfileStringA
WritePrivateProfileSectionA
WritePrivateProfileStringA
MoveFileExA
SetEndOfFile
GetModuleFileNameA
lstrcmpiA
CreateThread
WaitForSingleObjectEx
TerminateThread
LocalAlloc
MoveFileA
GetThreadLocale
GetCurrentDirectoryA
WriteFile
LoadResource
GetStringTypeA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
SetStdHandle
UnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
TlsGetValue
TlsAlloc
GetOEMCP
GetACP
GetCPInfo
DeleteCriticalSection
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
RaiseException
GetCommandLineA
GetStartupInfoA
ExitProcess
HeapSize
HeapReAlloc
ExitThread
TlsSetValue
ResumeThread
RtlUnwind
SetEnvironmentVariableA
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW

user32

SetForegroundWindow
GetWindowThreadProcessId
GetClassNameA
GetWindowTextA
ExitWindowsEx
GetSystemMetrics
GetClientRect
MoveWindow
FindWindowExA
SetWindowRgn
EnableWindow
IsIconic
EnumWindows
SendMessageTimeoutA
DestroyIcon
SystemParametersInfoA
GetWindowRect
GetCursorPos
RegisterWindowMessageA
PostMessageA
CharLowerA
wsprintfA
GetDesktopWindow
CharUpperA
SetActiveWindow
BringWindowToTop
AttachThreadInput
GetForegroundWindow
GetParent
RedrawWindow
SetCursorPos
LoadImageA
GetUserObjectSecurity
GetDC
ScreenToClient
CreateCursor
DestroyCursor
SetSystemCursor
CloseDesktop
CloseWindowStation
OpenInputDesktop
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationA
GetSysColor
SetPropA
GetPropA
GetDlgItem
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
DefWindowProcA
ReleaseDC
SendMessageA
FindWindowA
EndPaint
ClientToScreen
BeginPaint
EnumDesktopWindows
OpenDesktopA
EqualRect
GetWindowLongA
PostThreadMessageA
SetFocus
UpdateWindow
SetDlgItemTextA
LoadIconA
SetWindowLongA
GetDlgItemTextA
IsDlgButtonChecked
CheckDlgButton
GetDlgCtrlID
EnumChildWindows
KillTimer
DialogBoxParamA
SendDlgItemMessageA
SetWindowTextA
SetTimer
DeleteMenu
GetSystemMenu
EndDialog
IsWindow
DispatchMessageA
TranslateMessage
IsDialogMessageA
GetMessageA
DestroyWindow
CreateDialogParamA
ShowWindow
IsWindowVisible
CopyImage
MessageBoxA
GetCapture

gdi32

CreateRectRgn
SelectObject
CreateFontIndirectA
GetTextFaceA
GetTextMetricsA
SetBkColor
SetTextColor
DeleteObject
GetStockObject
GetTextExtentPoint32A
CreateHalftonePalette
DeleteDC
CreatePalette
GetDIBColorTable
CreateCompatibleDC
GetObjectA
GetDeviceCaps
StretchBlt
BitBlt
RealizePalette
SelectPalette
CreateFontA
CreateSolidBrush

advapi32

EnumDependentServicesA
GetUserNameA
RegCloseKey
RegSetValueExA
StartServiceA
DeregisterEventSource
RegUnLoadKeyA
RegLoadKeyA
RegCreateKeyA
RegEnumValueA
RegEnumKeyA
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
OpenThreadToken
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteValueA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
UnlockServiceDatabase
QueryServiceLockStatusA
LockServiceDatabase
ChangeServiceConfigA
QueryServiceConfigA
RegDeleteKeyA
QueryServiceStatus
CreateProcessAsUserA
DeleteService
ControlService
IsValidSid
GetSidIdentifierAuthority
ReportEventA
RegisterEventSourceA
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
EqualSid
AllocateAndInitializeSid
LookupAccountSidA
CryptGetHashParam
GetSecurityDescriptorOwner
CreateServiceA
DuplicateToken
DuplicateTokenEx
RevertToSelf
ImpersonateLoggedOnUser
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
LogonUserA
EnumServicesStatusA

shell32

SHBrowseForFolderA
ShellExecuteA
Shell_NotifyIconA
SHGetSpecialFolderLocation
SHChangeNotify
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc

ole32

CLSIDFromString
CoTaskMemFree
CoInitializeEx
OleRun
CoCreateGuid
StringFromGUID2
CoUninitialize
CoInitialize
CLSIDFromProgID
CoCreateInstance

oleaut32

GetErrorInfo
VariantTimeToSystemTime
SysStringLen
VariantChangeType
SysAllocString
VariantCopy
VariantInit
SysStringByteLen
SysAllocStringByteLen
VariantClear
SysFreeString

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 856KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47ee3b6c539ae1e4b5d27fd1a144b645

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

51:53:41:ab:e9:7d:fd:cd:50:7e:54:b6:c3:76:d4:9cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

41:5d:47:43:bb:2e:af:02:f9:41:9b:da:ba:53:06:4f:e6:78:ed:23Signer

Headers

File Characteristics

Imports

version

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 856KB - Virtual size: 1.0MB

.rsrc Size: 356KB - Virtual size: 355KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

51:53:41:ab:e9:7d:fd:cd:50:7e:54:b6:c3:76:d4:9c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

41:5d:47:43:bb:2e:af:02:f9:41:9b:da:ba:53:06:4f:e6:78:ed:23
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 856KB - Virtual size: 1.0MB

.rsrc
Size: 356KB - Virtual size: 355KB