42a07840888f2b306245266a20339d58_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

42a07840888f2b306245266a20339d58_JaffaCakes118
Size

4.3MB
MD5

42a07840888f2b306245266a20339d58
SHA1

6bfac6750209136f6dbf4ee62158407c0c5fb41e
SHA256

4ace8392bdc4b562f20be2702f8e98f3160b05c7f05970bc68bb97ca7bc9efb0
SHA512

a8b9ea66534544054e96864ae0594acaaa56e83f440123582e10743fcc8a6e91a76d2c396074437095d9bea414033f6c9b4fbcbbbb4631b947b7b2612cbb1e4b
SSDEEP

49152:PmGSg2TNJVGQyuVXaAUojOslH8Nq7g6PmjcKA9j6AKWBBPr5PmyvGy32Tyf/3uae:pSg2TN3byuEPIxg0mjcKAFmUPZp8L

Score

1^/10

Malware Config

Signatures

Files

42a07840888f2b306245266a20339d58_JaffaCakes118
.exe windows:5 windows x86 arch:x86

90d0b35def79cef97e2cedb148195461

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:57:f9:cb:ca:c1:ea:95:04:83:8e:3e:d9:35:5d:2d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24-10-2008 00:00

Not After

10-12-2009 23:59

Subject

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Information Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c7:c0:09:27:0f:7f:e9:3a:5d:f3:73:ab:9a:ab:ec:92:3d:66:b5:dd
Signer

Actual PE Digest

c7:c0:09:27:0f:7f:e9:3a:5d:f3:73:ab:9a:ab:ec:92:3d:66:b5:dd

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\flashfarm\depot\main\player\branches\FlashPlayer\FlashPlayer10_DotReleases\platform\win32\obj\player\Release\FlashPlayer.pdb

Imports

wininet

HttpQueryInfoA

crypt32

CryptGetMessageCertificates
CertCreateCertificateContext
CertFindCertificateInStore
CertVerifySubjectCertificateContext
CertFreeCertificateContext
CryptVerifyMessageSignature
CertCloseStore

urlmon

CopyStgMedium

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

winmm

waveOutGetDevCapsA
waveInGetDevCapsA
waveOutGetNumDevs
waveOutOpen
waveInStart
waveInAddBuffer
waveInGetNumDevs
waveInOpen
timeSetEvent
timeKillEvent
waveOutGetPosition
timeBeginPeriod
timeGetTime
waveInStop
waveInReset
waveInUnprepareHeader
waveInClose
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutClose
waveOutReset
timeGetDevCaps
waveInPrepareHeader
timeEndPeriod

oleaut32

SysFreeString

kernel32

FreeLibrary
GetSystemDefaultLangID
MoveFileA
DeleteFileA
GetFileAttributesA
GetSystemInfo
GetUserDefaultLangID
ExitThread
GlobalFree
WriteFile
SetFilePointer
CreateFileA
ReadFile
GetFileSize
LockResource
LoadResource
FindResourceExA
FindResourceExW
GetFileAttributesW
SetUnhandledExceptionFilter
GetTempPathA
FindClose
FindNextFileA
FindFirstFileA
InterlockedIncrement
InterlockedDecrement
GetTimeZoneInformation
GetSystemTime
SystemTimeToFileTime
CreateDirectoryA
GetModuleFileNameA
CreateMutexA
CreateFileW
GetCurrentDirectoryA
GlobalAlloc
GetFullPathNameA
GetSystemDirectoryA
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
GetFileAttributesExA
SetCurrentDirectoryA
RemoveDirectoryA
SetFilePointerEx
GetFileSizeEx
UnmapViewOfFile
ReleaseMutex
MapViewOfFile
CreateFileMappingA
TerminateThread
lstrcpyA
lstrlenA
IsDBCSLeadByteEx
GetModuleHandleA
GetCommandLineW
DeleteFileW
SetEndOfFile
SetFileAttributesA
CopyFileA
GetStartupInfoA
GetCommandLineA
GetProcessHeap
HeapFree
VirtualAlloc
VirtualFree
VirtualProtect
CreateSemaphoreA
ReleaseSemaphore
UnhandledExceptionFilter
GetStdHandle
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
TerminateProcess
GlobalSize
GetCurrentProcessId
GlobalLock
GlobalUnlock
WideCharToMultiByte
GetCurrentProcess
GetProcessTimes
CreateWaitableTimerA
CreateThread
SetWaitableTimer
WaitForSingleObject
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
CreateProcessA
LCMapStringW
LCMapStringA
GetTickCount
GetCurrentThreadId
FlushInstructionCache
GetLocaleInfoA
SetErrorMode
GetLastError
GetVersionExA
LoadLibraryA
GetProcAddress
GetCurrentThread
SetThreadAffinityMask
VirtualQuery
IsDBCSLeadByte
GetACP
GetCPInfo
MultiByteToWideChar
ResetEvent
CreateEventA
CloseHandle
WaitForMultipleObjects
SetEvent
InterlockedExchange
InterlockedCompareExchange
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
HeapAlloc
VirtualProtectEx
IsDebuggerPresent
HeapCreate
HeapReAlloc
GetOEMCP
IsValidCodePage
RtlUnwind
HeapSize
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
RaiseException
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetTempFileNameA

user32

LoadAcceleratorsA
GetWindowTextLengthA
GetDlgItemTextA
EnableWindow
SetDlgItemTextW
SetDlgItemTextA
GetWindowTextA
ShowWindow
UpdateWindow
UnregisterClassA
RemoveMenu
InsertMenuW
InsertMenuA
SetMenu
MoveWindow
LoadStringW
EnumDisplaySettingsA
GetWindow
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetWindowLongA
GetWindowThreadProcessId
IsWindow
CreateWindowExA
SetCapture
ReleaseCapture
GetMenuItemID
DeleteMenu
InsertMenuItemA
TrackPopupMenu
DefWindowProcA
GetCapture
WindowFromPoint
GetFocus
DestroyWindow
GetMenu
LoadCursorA
SetCursor
GetMessageA
ScreenToClient
KillTimer
SetTimer
LoadMenuA
GetSubMenu
DestroyMenu
BeginPaint
GetWindowTextLengthW
EnableMenuItem
CheckMenuItem
InvalidateRect
MapVirtualKeyA
GetKeyState
GetForegroundWindow
WaitForInputIdle
MessageBoxA
DialogBoxParamW
DialogBoxParamA
GetClientRect
LoadStringA
RedrawWindow
DialogBoxIndirectParamW
DialogBoxIndirectParamA
PostMessageA
SetWindowLongA
GetParent
GetWindowRect
GetDesktopWindow
SetWindowPos
LoadIconA
GetDlgItem
SendMessageA
SetWindowTextA
SetFocus
GetMenuItemCount
GetMenuItemInfoA
SystemParametersInfoA
InsertMenuItemW
GetSystemMetrics
GetClipboardFormatNameA
RegisterClipboardFormatA
DdeInitializeA
DdeCreateStringHandleA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
RegisterClassA
GetMenuStringW
GetMenuStringA
GetCursorPos
PostQuitMessage
DdeConnect
DdeClientTransaction
DdeDisconnect
DdeFreeStringHandle
DdeUninitialize
SendInput
GetKeyboardLayout
FillRect
GetDC
ReleaseDC
ClientToScreen
GetMonitorInfoA
OffsetRect
SetRect
MonitorFromWindow
GetDoubleClickTime
EndPaint
GetDlgItemTextW
EndDialog

gdi32

GetPixel
GetObjectA
CreateDIBSection
DeleteObject
GetDIBits
CreateCompatibleBitmap
GetDeviceCaps
BitBlt
SelectObject
RealizePalette
SelectPalette
ExtTextOutA
SetBkColor
CreateSolidBrush
StretchBlt
SetStretchBltMode
GetStretchBltMode
GetICMProfileA
CreateDCA
GetStockObject
CreateFontIndirectA
GetTextMetricsA
EnumFontFamiliesA
MoveToEx
DeleteDC
IntersectClipRect
SelectClipRgn
ExtTextOutW
SetTextColor
GetClipRgn
CreateRectRgn
GetTextAlign
GetBkMode
GetTextColor
GetBkColor
CreateFontIndirectW
SetWorldTransform
SetGraphicsMode
GetWorldTransform
SetTextCharacterExtra
CreatePen
DPtoLP
GetTextExtentPoint32W
GetCurrentObject
GetTextExtentPoint32A
CreatePalette
GetSystemPaletteEntries
GetClipBox
LPtoDP
StartDocA
EndDoc
StrokePath
ExtCreatePen
FillPath
StretchDIBits
CreateCompatibleDC
GdiFlush
RestoreDC
SelectClipPath
PolyBezierTo
LineTo
SetTextAlign
EndPath
BeginPath
SaveDC
SetPolyFillMode
EndPage
GetFontData
SetBkMode
EnumFontFamiliesExW
StartPage

comdlg32

CommDlgExtendedError
GetOpenFileNameA
PrintDlgA
GetOpenFileNameW
GetSaveFileNameW
GetSaveFileNameA

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

shell32

DragQueryFileA
DragAcceptFiles
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHAppBarMessage
DragQueryFileW

ole32

CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoInitialize
CreateBindCtx
ReleaseStgMedium
CoUninitialize
OleUninitialize
OleIsCurrentClipboard
OleGetClipboard
OleSetClipboard
OleInitialize
OleFlushClipboard

mscms

DeleteColorTransform
OpenColorProfileA
CloseColorProfile
CreateColorTransformW
TranslateBitmapBits

ws2_32

inet_ntoa
WSACreateEvent
WSAEventSelect
WSAEnumNetworkEvents
ntohl
select
gethostname
WSAAddressToStringA
sendto
WSACleanup
recvfrom
ioctlsocket
connect
setsockopt
WSASetLastError
getservbyport
gethostbyaddr
htons
getservbyname
htonl
closesocket
gethostbyname
inet_addr
getsockname
ntohs
bind
send
recv
WSAStartup
WSASocketA
socket
WSAAsyncSelect
WSAIoctl
WSAGetLastError
WSACloseEvent

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 499KB - Virtual size: 499KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 105KB - Virtual size: 960KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90d0b35def79cef97e2cedb148195461

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

76:57:f9:cb:ca:c1:ea:95:04:83:8e:3e:d9:35:5d:2dCertificate

Extended Key Usages

Key Usages

c7:c0:09:27:0f:7f:e9:3a:5d:f3:73:ab:9a:ab:ec:92:3d:66:b5:ddSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

crypt32

urlmon

version

winmm

oleaut32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

mscms

ws2_32

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 499KB - Virtual size: 499KB

.data Size: 105KB - Virtual size: 960KB

.rodata Size: 1KB - Virtual size: 1KB

.rsrc Size: 358KB - Virtual size: 357KB

.reloc Size: 96KB - Virtual size: 96KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

76:57:f9:cb:ca:c1:ea:95:04:83:8e:3e:d9:35:5d:2d
Certificate

c7:c0:09:27:0f:7f:e9:3a:5d:f3:73:ab:9a:ab:ec:92:3d:66:b5:dd
Signer

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 499KB - Virtual size: 499KB

.data
Size: 105KB - Virtual size: 960KB

.rodata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 358KB - Virtual size: 357KB

.reloc
Size: 96KB - Virtual size: 96KB