46a1aae35c0ab5cefe371f0b1cabfb8f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

46a1aae35c0ab5cefe371f0b1cabfb8f_JaffaCakes118
Size

49KB
MD5

46a1aae35c0ab5cefe371f0b1cabfb8f
SHA1

cd69f684120793cd353386c61f9607283347ef47
SHA256

9773df52f58d2b6590d355a5e65187d458c22084254e964f14655f28a8845d38
SHA512

eecd01b9f33377c0fdddd66762e5b5e5b3c4c866188884ec606608dc72153fb172476fa180181ad3474253fc7fc71659c3cfeddc1474e61c0695a50ba8b6a64b
SSDEEP

768:+eTnV2qAu4Jiql6GP9gCkUOp9vc+BMLB:+eTV2qaJdl6GlggOp9vckM

Score

1^/10

Malware Config

Signatures

Files

46a1aae35c0ab5cefe371f0b1cabfb8f_JaffaCakes118
.exe windows:6 windows x86 arch:x86

573b564c90fca9674e3259c15988277d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:e3:d7:0b:86:ed:54:d0:b2:2c:34:50:b9:60:98:4e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

31/01/2011, 00:00

Not After

16/02/2012, 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RD,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

46:1a:2b:50:06:a9:cd:63:f9:71:60:69:85:1d:b9:e5:2b:44:23:93
Signer

Actual PE Digest

46:1a:2b:50:06:a9:cd:63:f9:71:60:69:85:1d:b9:e5:2b:44:23:93

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\WFBSH_Agent_SP3\output\debug_symbol\release\svcGenericHost.pdb

Imports

kernel32

SetEvent
WaitForSingleObject
CreateMutexW
ResetEvent
CreateEventW
CreateProcessW
GetCurrentProcessId
GetModuleFileNameW
InterlockedDecrement
SetCurrentDirectoryW
InterlockedIncrement
GetStartupInfoW
GetLastError
GetExitCodeProcess
CloseHandle
ReleaseMutex
SetEnvironmentVariableW
GetPrivateProfileIntW
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

advapi32

OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW

shell32

ShellExecuteExW

utilcommon

?GetLastError@CSystemException@OS@@SAHXZ
??0CSystemException@OS@@QAE@ABV01@@Z
??0CException@OS@@QAE@ABV01@@Z
?IsOOBEDone@OS@@YAHXZ
?GetRegistryValue@OS@@YAJPAUHKEY__@@PB_W1KAAK@Z
??_Fx_wstring@OS@@QAEXXZ
??4x_wstring@OS@@QAEABV01@PA_W@Z
??0CException@OS@@QAE@HPB_WH@Z
?GetErrorCode@CException@OS@@UBEHXZ
?GetErrorMsg@CException@OS@@UBE?AVx_wstring@2@XZ
?GetErrorMsgEx@CException@OS@@UBE?AVx_wstring@2@XZ
??1CSystemException@OS@@UAE@XZ
?CompareNoCase@x_wstring@OS@@QBEHPB_W@Z
?GetRegistryValue@OS@@YAJPAUHKEY__@@PB_W11PA_WAAI@Z
??1CServiceManager@@UAE@XZ
?Install@CServiceManager@@QAEXPB_W000KKH0@Z
??4x_wstring@OS@@QAEABV01@ABV01@@Z
?getAppFullPathName@NS_FileUtils@@YA?AVx_wstring@OS@@PAUHINSTANCE__@@@Z
??0CServiceManager@@QAE@PB_W0@Z
??0CSystemException@OS@@QAE@HPB_WH@Z
?concatPath@NS_StringUtils@@YA?AVx_wstring@OS@@PB_W0@Z
??1x_wstring@OS@@QAE@XZ
?isFileExist@NS_FileUtils@@YA_NPB_W@Z
?I2W@@YA?AVx_wstring@OS@@H@Z
??1CException@OS@@UAE@XZ
??0x_wstring@OS@@QAE@PB_W@Z
??4x_wstring@OS@@QAEABV01@PB_W@Z
??Yx_wstring@OS@@QAEAAV01@ABV01@@Z
??Yx_wstring@OS@@QAEAAV01@PB_W@Z
?empty@x_wstring@OS@@QBE_NXZ
?Remove@CServiceManager@@QAEHHPAK@Z
?c_str@x_wstring@OS@@QBEPB_WXZ
?Format@x_wstring@OS@@QAAXPB_WZZ
?SetRegistryValue@OS@@YAJPAUHKEY__@@PB_W1K@Z
?getAppPath@NS_FileUtils@@YA?AVx_wstring@OS@@PAUHINSTANCE__@@@Z
??Bx_wstring@OS@@QBEPB_WXZ

utildebug

?dprintfW@@YAXHPB_WH00ZZ

utildllmgr

??1CProcess@OS@@UAE@XZ
?Wait@CProcess@OS@@QAEXH@Z
?SpawnProcess@CProcess@OS@@QAEXPB_W0H0@Z
??0CProcess@OS@@QAE@XZ

msvcp80

?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AAV21@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z

msvcr80

memset
_invoke_watson
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__winitenv
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
wprintf_s
??2@YAPAXI@Z
wcscat_s
??3@YAXPAX@Z
_wcsnicmp
_wtoi
__CxxFrameHandler3
_controlfp_s
_CxxThrowException

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

573b564c90fca9674e3259c15988277d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

24:e3:d7:0b:86:ed:54:d0:b2:2c:34:50:b9:60:98:4eCertificate

Extended Key Usages

Key Usages

46:1a:2b:50:06:a9:cd:63:f9:71:60:69:85:1d:b9:e5:2b:44:23:93Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

utilcommon

utildebug

utildllmgr

msvcp80

msvcr80

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 61KB

.rsrc Size: 4KB - Virtual size: 3KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

24:e3:d7:0b:86:ed:54:d0:b2:2c:34:50:b9:60:98:4e
Certificate

46:1a:2b:50:06:a9:cd:63:f9:71:60:69:85:1d:b9:e5:2b:44:23:93
Signer

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 61KB

.rsrc
Size: 4KB - Virtual size: 3KB