4770194eeead8be4f9a3c4261c37eb50_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4770194eeead8be4f9a3c4261c37eb50_JaffaCakes118
Size

300KB
MD5

4770194eeead8be4f9a3c4261c37eb50
SHA1

22531cc850a0dfb1acd5311b44d0945de192fa96
SHA256

1ade14ade750feb298c583a56dbc85ea8faa25f66a3f0599cd6f9adcaa743f18
SHA512

3ae9fa74037a8bf358d3867d7ffd9e2f6e734e410a9183d6a3407863a3097ae767db04d15a18b7379d322ef8a5c48a371e00b8e9896c6ae06e8010550d4ec8bc
SSDEEP

6144:yHe7pJKuJ6tJvj4Q/05BdAKL3lB70h2koBV+UdvrEFp7hK+SH:yGU4Q/05BCKLnt7BjvrEH76H

Score

1^/10

Malware Config

Signatures

Files

4770194eeead8be4f9a3c4261c37eb50_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9eb818e441a0a15e4c5a45d9264ce72a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18/12/2008, 00:00

Not After

18/12/2011, 23:59

Subject

CN=Hewlett-Packard Company,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Hewlett-Packard Company,O=Hewlett-Packard Company,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7c:8b:96:61:49:2d:03:47:ff:72:9f:99:d5:9a:1e:0c:16:57:38:b9
Signer

Actual PE Digest

7c:8b:96:61:49:2d:03:47:ff:72:9f:99:d5:9a:1e:0c:16:57:38:b9

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Prog\Deliverables\HPCASL\hpqwmiex\Release\hpqwmiEx.pdb

Imports

kernel32

GetConsoleCP
GetLocaleInfoA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetConsoleMode
HeapCreate
VirtualAlloc
VirtualFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
ExitProcess
HeapSize
HeapReAlloc
GetStartupInfoW
HeapFree
HeapAlloc
RtlUnwind
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CreateDirectoryW
GetLocalTime
GetModuleHandleA
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFlags
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryW
LoadLibraryA
lstrcmpW
GetVersionExA
lstrlenA
lstrcmpA
WideCharToMultiByte
GetCurrentProcessId
LockResource
TlsFree
GlobalFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalReAlloc
GlobalLock
TlsGetValue
SetLastError
OpenEventW
PulseEvent
InitializeCriticalSectionAndSpinCount
GetCommandLineW
SetEvent
GetCurrentThreadId
CreateTimerQueue
CreateTimerQueueTimer
GetVersionExW
CreateThread
Sleep
GetCurrentThread
GetCurrentProcess
DeleteTimerQueue
WaitForSingleObject
CreateEventW
LocalAlloc
LocalFree
ExpandEnvironmentStringsW
DeleteFileW
CreateFileW
CloseHandle
LoadLibraryExW
GetProcessHeap
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
EnterCriticalSection
GetStdHandle
LeaveCriticalSection

user32

WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
LoadIconW
CharNextW
TranslateMessage
DispatchMessageW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterWindowMessageW
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
SetWindowPos
GetMessageW
LoadStringW
PostThreadMessageW
CharUpperW
UnhookWindowsHookEx
MessageBoxW
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongW
GetParent
SendMessageW
GetWindowThreadProcessId
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
ValidateRect
PeekMessageW
GetKeyState
SetWindowTextW
ClientToScreen
DestroyMenu
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
PostQuitMessage
RegisterClassW
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowTextW
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
SetWindowsHookExW
CallNextHookEx

gdi32

Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
PtVisible
TextOutW
RectVisible
SetMapMode
GetDeviceCaps
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
DeleteObject
ExtTextOutW
RestoreDC
SaveDC

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
CreateWellKnownSid
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorDacl
ControlService
DeleteService
CreateServiceW
InitializeAcl
AddAccessAllowedAce
GetAclInformation
AddAce
GetAce
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
RegQueryValueExW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
SetServiceStatus
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetFolderPathW

ole32

CoResumeClassObjects
CoInitializeSecurity
CoCreateInstance
StringFromGUID2
CoUninitialize
CoRevokeClassObject
CoSuspendClassObjects
CoInitializeEx
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoFreeUnusedLibraries
CoSetProxyBlanket
CoRegisterClassObject

oleaut32

VarUI4FromStr
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysAllocString
VariantChangeType
VariantInit
RegisterTypeLi
UnRegisterTypeLi
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayDestroy
VariantClear
SysFreeString

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9eb818e441a0a15e4c5a45d9264ce72a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cfCertificate

Extended Key Usages

Key Usages

7c:8b:96:61:49:2d:03:47:ff:72:9f:99:d5:9a:1e:0c:16:57:38:b9Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

oleacc

Sections

.text Size: 151KB - Virtual size: 150KB

.rdata Size: 50KB - Virtual size: 50KB

.data Size: 10KB - Virtual size: 33KB

.rsrc Size: 6KB - Virtual size: 6KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

08:99:45:31:fd:f1:b2:eb:b8:c7:82:1b:f6:50:fd:cf
Certificate

7c:8b:96:61:49:2d:03:47:ff:72:9f:99:d5:9a:1e:0c:16:57:38:b9
Signer

.text
Size: 151KB - Virtual size: 150KB

.rdata
Size: 50KB - Virtual size: 50KB

.data
Size: 10KB - Virtual size: 33KB

.rsrc
Size: 6KB - Virtual size: 6KB