3fe22c5081560787c2e8b9df103c83f7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3fe22c5081560787c2e8b9df103c83f7_JaffaCakes118
Size

909KB
MD5

3fe22c5081560787c2e8b9df103c83f7
SHA1

f337ea63621af2257f4cbf51841182166937042c
SHA256

ead32c2b19e2a8829f3a8525e383ae6fffd718296d3d86543528115485a2980c
SHA512

2550ccfa5d3a46d165514d4eef321f11f4c0f29a9c3ab462dc7af20806b863fd8189f9ef09d802b445a0f37158de4d6a71b7c2aa16e0a99a3fda4b8cff518018
SSDEEP

24576:NYsb2EoV1IuZcP3x4Zj8xe6OUOoJt7kgqSM:icAIuMP2UFBM

Score

1^/10

Malware Config

Signatures

Files

3fe22c5081560787c2e8b9df103c83f7_JaffaCakes118
.exe .vbs windows:5 windows x86 arch:x86 polyglot

9bb1fd7a0dcc4f73c00da2e0a1518086

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

23-05-2002 08:00

Not After

25-09-2011 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:05:87:58:00:03:00:00:00:5a
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05-01-2005 23:20

Not After

05-04-2006 23:30

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:3b:af:d1:ee:e1:c8:5a:2f:11:51:ff:e0:f3:b7:16:13:78:e4:12
Signer

Actual PE Digest

61:3b:af:d1:ee:e1:c8:5a:2f:11:51:ff:e0:f3:b7:16:13:78:e4:12

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

advapi32

RegSaveKeyA
AbortSystemShutdownA
RegOpenKeyExW
RegCloseKey
RegQueryValueExA
EnumServicesStatusExA
OpenServiceW
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
FreeSid
RegSetKeySecurity
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AllocateAndInitializeSid
CloseServiceHandle
ControlService
StartServiceA
OpenServiceA
OpenSCManagerA
RegDeleteValueA
RegOpenKeyA
GetServiceDisplayNameA
QueryServiceStatus
SetFileSecurityA
AddAccessAllowedAce
InitializeAcl
EnumDependentServicesA
RegFlushKey
GetFileSecurityA
RegQueryInfoKeyA
AddAce
SetFileSecurityW
GetAclInformation
CopySid
GetLengthSid
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
AdjustTokenPrivileges
RegUnLoadKeyA
RegLoadKeyA
OpenProcessToken
DeregisterEventSource
ReportEventA
RegisterEventSourceA
GetTokenInformation
SetNamedSecurityInfoA
GetNamedSecurityInfoA
UnlockServiceDatabase
ChangeServiceConfigA
QueryServiceConfigA
LockServiceDatabase
InitiateSystemShutdownA

comctl32

CreatePropertySheetPageW
PropertySheetW

crypt32

CertAddCertificateContextToStore
CertSetCertificateContextProperty
CertCreateCertificateContext
CryptEncodeObject
CertOpenStore
CertCloseStore
CertFreeCertificateContext

gdi32

StretchBlt
GetDIBits
CreateCompatibleDC
DeleteObject
CreateFontIndirectA
GetDeviceCaps
BitBlt
SelectObject

imagehlp

EnumerateLoadedModules64

kernel32

GetFullPathNameA
ExitProcess
SetUnhandledExceptionFilter
SetEnvironmentVariableA
GetSystemInfo
lstrlenA
FreeResource
LockResource
LoadResource
FindResourceA
LoadLibraryExA
GetTempPathA
GetCurrentProcess
GetDiskFreeSpaceExA
GetDiskFreeSpaceA
GetCompressedFileSizeA
GetComputerNameA
ReleaseSemaphore
SetEndOfFile
InterlockedDecrement
GetCurrentThread
GetExitCodeThread
CreateSemaphoreA
MoveFileA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
DosDateTimeToFileTime
HeapCreate
HeapDestroy
GlobalAlloc
LocalFileTimeToFileTime
SetFileTime
GetFileInformationByHandle
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
FileTimeToDosDateTime
OpenFileMappingA
GetVolumeInformationA
DuplicateHandle
GetSystemDefaultLangID
GetModuleFileNameW
ReleaseMutex
CopyFileW
GetTempFileNameW
GetVersionExW
ExpandEnvironmentStringsW
SearchPathW
lstrcpyW
lstrcpynW
GetDriveTypeW
lstrlenW
GetLocalTime
OpenEventA
GetFileSizeEx
GetFullPathNameW
InterlockedIncrement
CreateRemoteThread
VirtualAllocEx
WriteProcessMemory
CreateEventW
QueryDosDeviceA
DefineDosDeviceA
lstrcpynA
LoadLibraryW
FindFirstFileW
lstrcmpiW
FindNextFileW
MapViewOfFileEx
CreateProcessA
GetExitCodeProcess
FlushFileBuffers
HeapFree
GetProcessHeap
HeapAlloc
FlushViewOfFile
CreateFileW
DeleteFileW
GetFileTime
GetStartupInfoA
DelayLoadFailureHook
lstrcmpA
GetWindowsDirectoryW
GetVolumeInformationW
SetErrorMode
GetCommandLineA
GetCommandLineW
CreateMutexA
CreateProcessW
WaitForSingleObject
GetModuleHandleA
FormatMessageW
ReadFile
GetTickCount
CreateEventA
CreateThread
SetThreadPriority
WaitForMultipleObjects
SetEvent
RemoveDirectoryA
EnterCriticalSection
LeaveCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
DeviceIoControl
GetFileAttributesExA
VirtualFree
WritePrivateProfileStringA
SetCurrentDirectoryA
GetModuleFileNameA
GetEnvironmentVariableA
InitializeCriticalSection
Sleep
GetThreadLocale
GetLocaleInfoA
GetPrivateProfileStringA
VirtualAlloc
SetFilePointer
WriteFile
InterlockedCompareExchange
GetSystemDirectoryA
GetTempFileNameA
CopyFileA
OpenProcess
MoveFileExA
SetFileAttributesA
GetVersionExA
LocalAlloc
LocalFree
SetLastError
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
GetDriveTypeA
ExpandEnvironmentStringsA
FindFirstFileA
FindNextFileA
FindClose
MultiByteToWideChar
WideCharToMultiByte
lstrcmpiA
FormatMessageA
GetFileAttributesA
CreateDirectoryA
GetSystemDirectoryW
LoadLibraryA
GetProcAddress
GetLastError
GetWindowsDirectoryA
DeleteFileA
RaiseException
FreeLibrary
VirtualProtect
TlsFree
TlsAlloc
TlsGetValue
GetSystemTime
InitializeCriticalSectionAndSpinCount
GetVersion
TlsSetValue
DeleteCriticalSection

mpr

WNetGetUserA
WNetGetUniversalNameA

msvcrt

strncpy
_except_handler3
strchr
_stricmp
sprintf
strrchr
mbstowcs
malloc
free
_vsnprintf
strncmp
memmove
vsprintf
strncat
_wcsdup
_errno
_open
_read
_write
_close
_lseek
remove
_tempnam
wcscat
_vsnwprintf
ctime
wcscpy
rename
wcsstr
_itoa
_local_unwind2
_memicmp
atoi
realloc
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
swprintf
wcslen
_strnicmp
memchr
_strcmpi
_snprintf
?terminate@@YAXXZ
??1type_info@@UAE@XZ
wcstoul
_snwprintf
_mbslwr
strstr
_strdup
calloc
getenv
strtoul
_wcsicmp
_ltoa
_mbsupr
wcschr
fprintf
strcspn
isdigit
wcsrchr
wcscmp
wcsncat
wcsncpy
toupper
strspn
atol
strpbrk
isspace
_ultoa
_wtoi64
_wcslwr
strtok
_itow
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
__CxxFrameHandler
??3@YAXPAX@Z
??0exception@@QAE@ABV0@@Z
_CxxThrowException
fclose
??2@YAPAXI@Z
fopen

ntdll

NtQuerySystemTime
RtlFreeUnicodeString
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
NtClose
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationProcess
RtlCharToInteger
LdrAccessResource
LdrFindResource_U
NtQuerySystemInformation
NtShutdownSystem
RtlFreeHeap
RtlAllocateHeap
RtlRaiseStatus
NtYieldExecution
NtSetSystemInformation
NtCreateSection
NtOpenFile
NtOpenSection
NtOpenDirectoryObject
RtlCompareUnicodeString
NtCreateFile
RtlDosPathNameToNtPathName_U
RtlTimeToTimeFields
LdrUnloadDll
NtFreeVirtualMemory
NtQueryInformationThread
NtWaitForSingleObject
RtlCreateUserThread
NtWriteVirtualMemory
NtAllocateVirtualMemory
NtOpenProcess
LdrGetProcedureAddress
LdrLoadDll
RtlDestroyHeap
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlGetAce
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
RtlAllocateAndInitializeSid
RtlCreateHeap
DbgPrint
RtlFreeAnsiString
RtlInitAnsiString
RtlAnsiStringToUnicodeString

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString

psapi

GetModuleFileNameExA

rpcrt4

UuidFromStringA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA
SHGetSpecialFolderPathA

updspapi

UpdSpFindNextMatchLineW
UpdSpFindFirstLineW
UpdSpGetMultiSzFieldW
UpdSpGetTargetPathW
UpdSpFindNextLine
UpdSpGetFieldCount
UpdSpGetLineTextA
UpdSpSetDynamicStringA
UpdSpGetStringFieldA
UpdSpGetLineByIndexA
UpdSpGetLineCountA
UpdSpInstallFilesFromInfSectionA
UpdSpSetDirectoryIdA
UpdSpCloseInfFile
UpdSpOpenInfFileA
UpdSpGetLineTextW
UpdSpScanFileQueueA
UpdSpGetBinaryField
UpdSpGetIntField
UpdSpQueueCopyA
UpdSpInstallFromInfSectionA
UpdSpGetTargetPathA
UpdSpDecompressOrCopyFileA
UpdSpDefaultQueueCallbackA
UpdSpDefaultQueueCallbackW
UpdSpCloseFileQueue
UpdSpGetSourceFileLocationA
UpdSpGetSourceInfoA
UpdSpOpenFileQueue
UpdSpCommitFileQueueA
UpdSpGetStringFieldW
UpdSpGetLineByIndexW
UpdSpGetLineCountW
UpdSpIterateCabinetA
UpdSpInitDefaultQueueCallbackEx
UpdSpPromptForDiskA
UpdSpCopyErrorA
UpdSpFindFirstLineA

user32

CloseWindowStation
EnumDesktopsA
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationA
GetThreadDesktop
SetThreadDesktop
EnumWindows
CloseDesktop
GetClientRect
FindWindowExA
GetWindowThreadProcessId
GetWindow
RegisterClassA
CreateWindowExA
DefWindowProcA
MessageBoxW
EnumWindowStationsA
wvsprintfW
OpenDesktopA
GetSystemMetrics
LoadStringA
LoadStringW
MessageBoxA
PostQuitMessage
DestroyWindow
SendMessageA
SetDlgItemTextA
ShowWindow
EnableWindow
GetDlgItem
DispatchMessageA
TranslateMessage
GetMessageA
PostThreadMessageA
SetWindowTextW
RedrawWindow
SetWindowLongA
GetWindowLongA
GetWindowTextA
PostMessageA
EnumChildWindows
SetDlgItemTextW
LoadBitmapA
IsDlgButtonChecked
SetTimer
CheckDlgButton
KillTimer
ReleaseDC
GetDC
SystemParametersInfoA
SetForegroundWindow
SetWindowTextA
EndDialog
DialogBoxParamA
GetDesktopWindow
SetFocus

userenv

ord138
ord121
ord119

version

VerQueryValueA
VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoSizeW

winspool.drv

GetPrinterDriverDirectoryA

Sections

.text
Size: 571KB - Virtual size: 571KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 502KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

hX�
Size: 235KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9bb1fd7a0dcc4f73c00da2e0a1518086

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7eCertificate

Extended Key Usages

Key Usages

61:05:87:58:00:03:00:00:00:5aCertificate

Extended Key Usages

Key Usages

61:3b:af:d1:ee:e1:c8:5a:2f:11:51:ff:e0:f3:b7:16:13:78:e4:12Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

crypt32

gdi32

imagehlp

kernel32

mpr

msvcrt

ntdll

ole32

oleaut32

psapi

rpcrt4

shell32

updspapi

user32

userenv

version

winspool.drv

Sections

.text Size: 571KB - Virtual size: 571KB

.data Size: 4KB - Virtual size: 502KB

.rsrc Size: 90KB - Virtual size: 90KB

hX� Size: 235KB - Virtual size: 236KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:0c:ab:11:d8:22:ef:7d:6c:79:7e
Certificate

61:05:87:58:00:03:00:00:00:5a
Certificate

61:3b:af:d1:ee:e1:c8:5a:2f:11:51:ff:e0:f3:b7:16:13:78:e4:12
Signer

.text
Size: 571KB - Virtual size: 571KB

.data
Size: 4KB - Virtual size: 502KB

.rsrc
Size: 90KB - Virtual size: 90KB

hX�
Size: 235KB - Virtual size: 236KB