481a124d467963874e22a55f495123b6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

481a124d467963874e22a55f495123b6_JaffaCakes118
Size

859KB
MD5

481a124d467963874e22a55f495123b6
SHA1

1ac4903f8d0b6c762064ffa7c82d54edfd3eda9e
SHA256

567685b809d4f0abaa88e448d1bbba2bc204be7ebb71c0358a240cc1dd2b56b2
SHA512

4b2bd1eec12df57a7e7054bbe5766760feb039e5da3abcc7850612026fe4d07c6d9d7b98ac1307a58207d06e336dbb2f291271753e406e999628108ee124697b
SSDEEP

12288:ZXGlTLlhy96NV1enX1I7XHgZQKhJgeCmHDaQ1SgKWDUpy:Z6Tu69enXCLHgZpJEo1SKUY

Score

1^/10

Malware Config

Signatures

Files

481a124d467963874e22a55f495123b6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b9f87ee818321bcdc17318b697411c6d

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

dc:2b:0c:8d:2c:4e:bc:2a:b3:81:d0:b1:59:db:db:91:0c:b6:2d:da
Signer

Actual PE Digest

dc:2b:0c:8d:2c:4e:bc:2a:b3:81:d0:b1:59:db:db:91:0c:b6:2d:da

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

t:\wxp\x86\ship\0\msosync.pdb

Imports

msvcr90

wcsrchr
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_decode_pointer
_onexit
_lock
memcpy_s
_wcsicmp
wcscpy_s
free
_vsnprintf
_vscwprintf
_wcsnicmp
_CIsqrt
vswprintf_s
memmove
strncpy_s
_vsnwprintf_s
_snwprintf_s
wcsncat_s
_vsnprintf_s
bsearch
__dllonexit
_unlock
?terminate@@YAXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
wcstoul
wcsstr
wcschr
memcpy
_CxxThrowException
__CxxFrameHandler3
malloc
swprintf_s
wcsnlen
wcscat_s
memset
wcsncpy_s

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

secur32

GetUserNameExW

kernel32

InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
VirtualAlloc
HeapSetInformation
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
HeapUnlock
HeapLock
TlsSetValue
GetVersionExA
GetModuleHandleExW
RtlCaptureStackBackTrace
WaitForSingleObject
ReleaseMutex
GetLocalTime
WriteFile
EnterCriticalSection
LeaveCriticalSection
SetFileAttributesW
DeleteFileW
CopyFileW
ReadFile
SetEvent
GlobalFree
UnmapViewOfFile
OpenProcess
GlobalAlloc
WaitForMultipleObjects
CreateProcessA
MapViewOfFile
CreateFileMappingA
CreateMutexA
CreateEventA
DuplicateHandle
GetSystemDefaultLCID
GetSystemDefaultLangID
IsValidLocale
VirtualFree
TlsGetValue
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsFree
DeleteCriticalSection
CreateFileW
ExpandEnvironmentStringsW
GetProcessTimes
OpenMutexA
CreateSemaphoreA
GetShortPathNameA
GetModuleFileNameA
GetSystemDirectoryW
GetTimeZoneInformation
GetDiskFreeSpaceExW
IsWow64Process
GetUserDefaultLCID
GetSystemInfo
LocalFree
LocalAlloc
GetUserDefaultLangID
GetProcessHeap
IsDBCSLeadByte
LockResource
LoadResource
FindResourceA
GetStringTypeExW
SystemTimeToFileTime
GetSystemTime
WideCharToMultiByte
IsValidCodePage
CompareStringW
MultiByteToWideChar
GetTempPathW
GetShortPathNameW
GetLongPathNameW
CreateDirectoryW
GetFileType
LoadLibraryExW
GetCurrentThread
InitializeCriticalSection
GlobalMemoryStatus
ReleaseSemaphore
IsProcessorFeaturePresent
EnumUILanguagesW
EnumSystemLocalesW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
VirtualProtect
GetUserDefaultUILanguage
MulDiv
GetLocaleInfoW
GetNumberFormatW
GetTickCount
CreateEventW
SetUnhandledExceptionFilter
FreeLibrary
OutputDebugStringA
SetLastError
GetLastError
GetModuleFileNameW
CreateProcessW
CloseHandle
GetVersionExW
RaiseException
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetModuleHandleA
LoadLibraryA
EncodePointer
DecodePointer
WaitForSingleObjectEx
CreateFileMappingW
OpenFileMappingW
OpenThread

advapi32

GetLengthSid
RegQueryValueExW
RegOpenKeyExW
RegOpenCurrentUser
RegSetValueExW
RegCreateKeyExW
RegQueryValueExA
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsA
TraceEvent
RegQueryInfoKeyA
RegDeleteValueA
RegEnumValueA
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExA
AddAccessAllowedAce
AddAccessDeniedAce
InitializeAcl
AllocateAndInitializeSid
CopySid
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegisterEventSourceW
ReportEventW
DeregisterEventSource
ConvertSidToStringSidA
CreateWellKnownSid
IsValidSid
EqualSid
CheckTokenMembership
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHGetFileInfoW
SHAppBarMessage
Shell_NotifyIconW
SHGetDesktopFolder

user32

BeginPaint
EndPaint
SetActiveWindow
FillRect
DrawIconEx
CreateIconIndirect
SetWindowPos
GetDlgItem
GetDC
DrawTextExW
ReleaseDC
GetIconInfo
MsgWaitForMultipleObjectsEx
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
ShowWindow
UpdateWindow
LoadIconW
EnumDisplayMonitors
GetKeyboardLayout
GetKeyboardLayoutList
SystemParametersInfoA
GetMenuCheckMarkDimensions
GetMonitorInfoA
GetWindowRect
GetWindowLongW
SetWindowLongW
FindWindowW
LoadImageW
RegisterWindowMessageW
MessageBoxW
SetForegroundWindow
AllowSetForegroundWindow
SetTimer
GetCursorInfo
GetSysColor
UnregisterClassW
RegisterClassExW
PeekMessageW
CreateWindowExW
GetSystemMetrics
SystemParametersInfoW
GetMonitorInfoW
MonitorFromRect
LoadCursorW
SendMessageW
DefWindowProcW
KillTimer
GetDoubleClickTime
DestroyIcon
CreatePopupMenu
AppendMenuW
SetMenuDefaultItem
GetCursorPos
TrackPopupMenuEx
DestroyMenu
DestroyWindow
PostQuitMessage

gdi32

CreateDCA
CreateFontW
CreateSolidBrush
CreateDIBSection
CreateCompatibleDC
CreateBitmap
SelectObject
DeleteObject
GetStockObject
DeleteDC
CreateDCW
GetDeviceCaps

shlwapi

StrRetToBufW

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysAllocString
SysFreeString

rpcrt4

UuidCreate

uxtheme

DrawThemeBackground
CloseThemeData
OpenThemeData
GetThemeColor

Exports

Exports

_GetAllocCounters@0

Sections

.text
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 200KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9f87ee818321bcdc17318b697411c6d

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

dc:2b:0c:8d:2c:4e:bc:2a:b3:81:d0:b1:59:db:db:91:0c:b6:2d:daSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr90

version

secur32

kernel32

advapi32

shell32

user32

gdi32

shlwapi

ole32

oleaut32

rpcrt4

uxtheme

Exports

Exports

Sections

.text Size: 380KB - Virtual size: 380KB

.data Size: 200KB - Virtual size: 239KB

.rsrc Size: 100KB - Virtual size: 100KB

.reloc Size: 13KB - Virtual size: 12KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

dc:2b:0c:8d:2c:4e:bc:2a:b3:81:d0:b1:59:db:db:91:0c:b6:2d:da
Signer

.text
Size: 380KB - Virtual size: 380KB

.data
Size: 200KB - Virtual size: 239KB

.rsrc
Size: 100KB - Virtual size: 100KB

.reloc
Size: 13KB - Virtual size: 12KB