46f53d088fece35aa306c0dbdc2aad33_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

46f53d088fece35aa306c0dbdc2aad33_JaffaCakes118
Size

202KB
MD5

46f53d088fece35aa306c0dbdc2aad33
SHA1

e5eb0cad44ffa64745db3c15dfaa15fea9a394c7
SHA256

e1ab4e4fc517390db905feb436ecd43df97bc5c8856e66d2d07606c0b3d53ce6
SHA512

8a4cbdb4aa843d3ff2434a8ffdb79e1dbfe6e98c194fadf6c0d1f24653bdbc3f63badca7da42de2a6c7cd4363d100a2a8fbd149073d9d6fa7cc708e9e4fae210
SSDEEP

3072:c8ipfGRsBS0+lYAbFXH1goGZAaRJHPZJ9JZ6T/vqElD7p8qcbKwZ5o4f:4uRsR+pFtGzdPZ3JKZlHWqXwg+

Score

1^/10

Malware Config

Signatures

Files

46f53d088fece35aa306c0dbdc2aad33_JaffaCakes118
.exe windows:3 windows x86 arch:x86

b56adfec59a30b6fb2694786b2562c37

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/02/2009, 00:00

Not After

11/02/2012, 23:59

Subject

CN=Avira GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development 2009,O=Avira GmbH,L=Tettnang,ST=Baden-Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResumeThread
WriteProfileSectionA
QueryInformationJobObject
CreateProcessW
InterlockedFlushSList
Toolhelp32ReadProcessMemory
SetProcessWorkingSetSize
IsBadStringPtrA
GetCurrentThreadId
GetBinaryTypeA
SetConsoleDisplayMode
CreateDirectoryW
LZSeek
GlobalFlags
GetVolumeNameForVolumeMountPointA
SetProcessAffinityMask
SetProcessShutdownParameters
DisconnectNamedPipe
ResetWriteWatch
RemoveLocalAlternateComputerNameW
CreateProcessA
LZCloseFile
GetTempFileNameW
InterlockedPopEntrySList
GetConsoleProcessList
SetThreadPriorityBoost
GetPriorityClass
GetExitCodeThread
GetProfileStringW
DosPathToSessionPathW
CommConfigDialogA
IsValidLanguageGroup
CreateToolhelp32Snapshot
CreateHardLinkA
CallNamedPipeA
SystemTimeToTzSpecificLocalTime
LZDone
ZombifyActCtx
RemoveVectoredExceptionHandler
GetProcAddress
GetProcessWorkingSetSize
GetBinaryType
VerLanguageNameW
AssignProcessToJobObject
VirtualFreeEx
SetTimeZoneInformation
WriteProfileStringA
HeapFree
GetVolumePathNamesForVolumeNameW
ReadConsoleInputA
LocalSize
Thread32Next
GetSystemDefaultLangID
HeapLock
GetConsoleScreenBufferInfo
RegisterWaitForInputIdle
NlsGetCacheUpdateCount
CreateDirectoryA
GenerateConsoleCtrlEvent
BindIoCompletionCallback
TerminateJobObject
SetSystemTimeAdjustment
SetConsoleMenuClose
SetThreadAffinityMask
GetDefaultCommConfigW
GetFileSizeEx
GetPrivateProfileStringW
FindActCtxSectionGuid

user32

ShowWindowAsync
DisableProcessWindowsGhosting
SetSystemCursor
wsprintfW
DispatchMessageA
NotifyWinEvent
CloseWindow
BroadcastSystemMessageA
SetMenuInfo
SetWindowPos
GetWindowRgnBox
MessageBoxIndirectA
MB_GetString
LoadKeyboardLayoutA
GetActiveWindow
CloseDesktop
RegisterSystemThread
RegisterClipboardFormatW
CharPrevExA
ChangeMenuW
CharToOemBuffW
EnumDesktopWindows
SetSysColorsTemp
DdeAddData
TrackPopupMenu
CreateMenu
IsClipboardFormatAvailable
RealGetWindowClassW
IntersectRect
IsDialogMessageW
EndDialog
AppendMenuA
SwitchToThisWindow
ReuseDDElParam
MapVirtualKeyW
ClientThreadSetup
DialogBoxIndirectParamA
SendDlgItemMessageW
LoadMenuA
SetMenuItemInfoW
DestroyCursor
LockWorkStation
BroadcastSystemMessageW
AllowForegroundActivation
GetClassInfoExW
GetInputDesktop
EnumWindowStationsA
GetShellWindow

advapi32

SetEntriesInAclW
SetPrivateObjectSecurityEx
GetSecurityDescriptorControl
CredDeleteA
GetTrusteeNameA
SystemFunction040
GetMultipleTrusteeA
InitializeSecurityDescriptor
ClearEventLogA
LsaOpenAccount
GetTrusteeFormA
CommandLineFromMsiDescriptor
CryptDestroyKey
CreateWellKnownSid
LsaOpenTrustedDomain
GetManagedApplications
SystemFunction011
LsaStorePrivateData
AddAccessDeniedObjectAce
LsaEnumerateAccounts
QueryAllTracesW
CryptCreateHash
RegOpenKeyExA
GetManagedApplicationCategories
A_SHAUpdate
ControlService
RegOpenKeyA

shell32

SHPathPrepareForWriteW
SHQueryRecycleBinW
DllGetClassObject
StrChrIA
SHGetIconOverlayIndexA
ExtractAssociatedIconA
SHGetFolderPathAndSubDirW
ExtractAssociatedIconW
SHHelpShortcuts_RunDLLW
SHCreateLocalServerRunDll
ShellExecuteExA

shlwapi

PathIsRelativeA
PathMakePrettyA

comctl32

ImageList_DrawIndirect
CreateToolbarEx
FlatSB_SetScrollRange
CreateUpDownControl

oleaut32

VarR4FromI4
VarI2FromBool
CreateErrorInfo
VarCyFromDec
VarBstrFromUI4
OleCreateFontIndirect

wininet

InternetAttemptConnect
FindNextUrlCacheEntryExA
DeleteUrlCacheGroup
GetUrlCacheGroupAttributeW
SetUrlCacheConfigInfoA
InternetSetPerSiteCookieDecisionA
GopherCreateLocatorA
InternetSetOptionW
InternetSetDialState
InternetSetOptionExW
FtpRenameFileW
GetUrlCacheHeaderData
InternetAutodialHangup
FtpFindFirstFileW
InternetEnumPerSiteCookieDecisionW

urlmon

CoInternetGetSession
URLDownloadToFileW
RevokeFormatEnumerator
CDLGetLongPathNameA
FaultInIEFeature
ObtainUserAgentString
URLOpenStreamW
IsLoggingEnabledW
CreateFormatEnumerator

winspool.drv

AddMonitorW
DeletePortW
GetPrinterW
StartPagePrinter
StartDocPrinterA
DeletePrinterDriverExW

wsock32

GetNameByTypeA
GetAddressByNameA
__WSAFDIsSet
WSAAsyncGetProtoByName
send
htons
socket
TransmitFile
listen
ntohs
WSARecvEx

crypt32

CertSetEnhancedKeyUsage
CertFreeCRLContext
CertSerializeCTLStoreElement
I_CertUpdateStore
CertAddCTLContextToStore
CryptSetAsyncParam
CryptBinaryToStringA
PFXImportCertStore
CryptFindCertificateKeyProvInfo
I_CryptDetachTls
CryptImportPublicKeyInfoEx
CertCreateCertificateChainEngine

d3dim

D3DFree
D3DRealloc
PaletteUpdateNotify

crtdll

_strcmpi
_CItan
_write
_ftol
wcspbrk
puts
pow
strpbrk

loadperf

UpdatePerfNameFilesA
UnloadPerfCounterTextStringsW

mfcsubs

?SetAt@CMapStringToPtr@@QAEXPBGPAX@Z
?GetHashTableSize@CMapStringToPtr@@QBEIXZ
?TrimRight@CString@@QAEXXZ
??1CObject@@UAE@XZ
?GetCount@CMapStringToPtr@@QBEHXZ
?SetAt@CString@@QAEXHG@Z
?GetAssocAt@CMapStringToPtr@@IBEPAUCAssoc@1@PBGAAI@Z
?Format@CString@@QAAXIZZ
??9@YG_NPBGABVCString@@@Z

Sections

.ncNKt
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eNtD
Size: 145KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SJw
Size: 3KB - Virtual size: 36KB

IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vpBBmc
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b56adfec59a30b6fb2694786b2562c37

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

comctl32

oleaut32

wininet

urlmon

winspool.drv

wsock32

crypt32

d3dim

crtdll

loadperf

mfcsubs

Sections

.ncNKt Size: 18KB - Virtual size: 18KB

.rdata Size: 8KB - Virtual size: 7KB

.eNtD Size: 145KB - Virtual size: 256KB

.SJw Size: 3KB - Virtual size: 36KB

.data Size: 7KB - Virtual size: 8KB

.vpBBmc Size: 3KB - Virtual size: 5KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 2KB - Virtual size: 24KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:e8:09:36:1d:af:be:7b:d7:2e:0e:5b:b7:65:95:52
Certificate

.ncNKt
Size: 18KB - Virtual size: 18KB

.rdata
Size: 8KB - Virtual size: 7KB

.eNtD
Size: 145KB - Virtual size: 256KB

.SJw
Size: 3KB - Virtual size: 36KB

.data
Size: 7KB - Virtual size: 8KB

.vpBBmc
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 2KB - Virtual size: 24KB