4b8bfbf510e5a5f496cae1cf141f1250_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4b8bfbf510e5a5f496cae1cf141f1250_JaffaCakes118
Size

997KB
MD5

4b8bfbf510e5a5f496cae1cf141f1250
SHA1

98188fe963cbd037bc64028c1ad17b7d74fabd69
SHA256

a065ec07e09a4bc3cfcfdd2871af0a08bbe77f63b0eba60f6d291d3f80e9d14b
SHA512

170c1d5b180c550b4388a705123fc3ffd347b7d6a093d148bd447743a035063c3a36ade4b150ddb0804bebffbce0e72499bad2bfff6e85ad8617d7ee727bf2fc
SSDEEP

24576:VRYax2wUfOSTegsN2wXF6s2nZR+O2+u9A99Jf:VKduXF6s2nZMOxuejJ

Score

1^/10

Malware Config

Signatures

Files

4b8bfbf510e5a5f496cae1cf141f1250_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d47b77aba632226dd8272752aa640191

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:ee:2c:9d:ad:71:45:09:44:a1:13:71:a8:0c:00:69
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21-03-2008 00:00

Not After

23-04-2011 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ISWQL,O=Intel Corporation,L=Folsom,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c5:c2:99:ed:da:f9:98:d1:67:75:6a:7b:f8:01:94:e3:69:40:39:8b
Signer

Actual PE Digest

c5:c2:99:ed:da:f9:98:d1:67:75:6a:7b:f8:01:94:e3:69:40:39:8b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\temp\ugafstm4.j0a\installer\gfx\release\setup.pdb

Imports

kernel32

ReadFile
MultiByteToWideChar
GetFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
LoadLibraryW
GetPrivateProfileStringW
GetModuleHandleW
CreateMutexW
CreateThread
FindResourceW
LoadResource
SizeofResource
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetModuleFileNameA
WriteFile
GetLocalTime
GetCommandLineW
GetTickCount
SetFilePointer
EnumResourceLanguagesW
GetUserDefaultLangID
GetUserDefaultUILanguage
GetVersion
ConvertDefaultLocale
GetLocaleInfoW
GetVersionExW
GetCurrentProcess
GetSystemInfo
GetSystemWow64DirectoryW
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
GetExitCodeProcess
GetFileSize
SetEvent
ExitProcess
GetTempPathW
SetEndOfFile
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
LoadLibraryA
GetOEMCP
GetACP
HeapSize
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStartupInfoA
SetHandleCount
GetCurrentThreadId
TlsFree
GetFileType
GetStdHandle
HeapCreate
HeapDestroy
CreateFileW
GetCurrentDirectoryW
RemoveDirectoryW
MoveFileW
GetFileAttributesW
CompareFileTime
LocalFree
CopyFileW
CreateEventW
GetTempFileNameW
GetEnvironmentVariableW
GetSystemDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryExW
SetErrorMode
Sleep
SetFileAttributesW
MoveFileExW
DeleteFileW
TlsAlloc
CreateProcessW
SetLastError
VerifyVersionInfoW
VerSetConditionMask
GetWindowsDirectoryW
FindNextFileW
FindClose
FindFirstFileW
WaitForSingleObject
GetLastError
GetModuleFileNameW
TlsSetValue
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
HeapReAlloc
VirtualAlloc
VirtualFree
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
RtlUnwind
TlsGetValue
WideCharToMultiByte
CloseHandle
CreateFileA
RaiseException
GetStartupInfoW
GetProcessHeap
GetVersionExA
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetConsoleMode
GetConsoleCP
HeapFree
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
InterlockedCompareExchange
LocalAlloc

user32

SetWindowPos
GetDlgItem
SendMessageW
ShowWindow
EndDialog
GetClientRect
InflateRect
CreateWindowExW
MonitorFromWindow
GetMonitorInfoW
OffsetRect
GetWindowLongW
AdjustWindowRect
GetWindowRect
DrawTextW
LoadIconW
SetRectEmpty
SetDlgItemTextW
PostMessageW
EnableWindow
ReleaseDC
GetDC
SetFocus
SetTimer
SetWindowTextW
MessageBoxIndirectW
LoadImageW
ExitWindowsEx
EnumWindows
GetWindowThreadProcessId
GetWindowModuleFileNameW
LoadStringW
DialogBoxParamW
MessageBoxW
DialogBoxIndirectParamW
KillTimer
SendDlgItemMessageW
wsprintfW

gdi32

SetBkMode
SetTextColor
DeleteDC
GetTextExtentPoint32W
SelectObject
CreateCompatibleDC
DeleteObject
CreateFontW
GetStockObject

advapi32

RegQueryInfoKeyW
RegEnumValueW
RegCloseKey
GetNamedSecurityInfoW
SetNamedSecurityInfoW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
IsTextUnicode
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
DeleteService
ControlService
StartServiceW
CloseServiceHandle
ChangeServiceConfigW
ChangeServiceConfig2W
CreateServiceW
OpenServiceW
OpenSCManagerW
QueryServiceStatus
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW

shell32

SHGetFolderPathW
SHCreateDirectoryExA
SHCreateDirectoryExW

ole32

CoCreateInstance
CLSIDFromString
CoUninitialize
CoInitialize

cabinet

ord22
ord23
ord20
ord21

setupapi

SetupOpenInfFileW
SetupCloseInfFile
SetupFindFirstLineW
SetupGetLineTextW
SetupGetStringFieldW
SetupFindNextLine
SetupDiGetINFClassW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiSetClassInstallParamsW
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsW

shlwapi

PathAppendA
PathFindFileNameA
PathAddBackslashA
PathRemoveFileSpecA
PathFindFileNameW
PathFileExistsW
PathRenameExtensionW
PathRemoveBackslashW
PathIsRootW
PathIsRelativeW
PathStripToRootW
PathIsDirectoryW
PathAddBackslashW
PathCombineW
PathFindExtensionW
PathStripPathW
PathRemoveFileSpecW
SHDeleteKeyW
PathAppendW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetModuleFileNameExW
EnumProcessModules

Sections

.text
Size: 324KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 593KB - Virtual size: 593KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d47b77aba632226dd8272752aa640191

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

48:ee:2c:9d:ad:71:45:09:44:a1:13:71:a8:0c:00:69Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

c5:c2:99:ed:da:f9:98:d1:67:75:6a:7b:f8:01:94:e3:69:40:39:8bSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

cabinet

setupapi

shlwapi

version

psapi

Sections

.text Size: 324KB - Virtual size: 323KB

.rdata Size: 68KB - Virtual size: 66KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 593KB - Virtual size: 593KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

48:ee:2c:9d:ad:71:45:09:44:a1:13:71:a8:0c:00:69
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

c5:c2:99:ed:da:f9:98:d1:67:75:6a:7b:f8:01:94:e3:69:40:39:8b
Signer

.text
Size: 324KB - Virtual size: 323KB

.rdata
Size: 68KB - Virtual size: 66KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 593KB - Virtual size: 593KB