5dc62c310a5422ff9110835c8bbc34c3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5dc62c310a5422ff9110835c8bbc34c3_JaffaCakes118
Size

2.2MB
MD5

5dc62c310a5422ff9110835c8bbc34c3
SHA1

0a5333f66c79446221350e36ea40ab55c1eccce5
SHA256

200b77485128d16c17c59966a861603ab551b64ecfe8417a67c2899a8b43cd96
SHA512

bcb7d77e695b1300d24c6d4ba4ea1b310dbfe9c287abedc8304ba34d75790f4ad44172a1b32e52c2f0f55f7925dad6e9bd58b62af347ec4eb2040e314617fb5e
SSDEEP

24576:hbRuMY8hyjq/iwVwMHSIlBm8DMHgxkwg74Jl1OEWbZ5Uwa2lLzZlUlSb2eDBGw/Z:hluBwCIFKgxkwg74JqbXUyc+1h/QE

Score

1^/10

Malware Config

Signatures

Files

5dc62c310a5422ff9110835c8bbc34c3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7f8bb30a63658b978a3f6985448d0d19

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:34:69:5f:3d:f1:20:6d:a6:57:9a:0d:b7:85:c2:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

08/08/2008, 00:00

Not After

07/10/2011, 23:59

Subject

CN=Doctor Web Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Doctor Web Ltd.,ST=Saint-Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b6:06:e1:47:98:52:41:c5:b8:cb:2c:a9:af:2a:94:b6:1d:c9:07:64
Signer

Actual PE Digest

b6:06:e1:47:98:52:41:c5:b8:cb:2c:a9:af:2a:94:b6:1d:c9:07:64

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\cvsroot\drwebgui\currentbuild\cureit\drweb32w.pdb

Imports

kernel32

CopyFileA
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
FreeResource
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetModuleFileNameW
GetThreadLocale
LockFile
UnlockFile
FileTimeToSystemTime
FileTimeToLocalFileTime
GetPrivateProfileIntA
CreateSemaphoreA
ReleaseSemaphore
ReleaseMutex
LocalFileTimeToFileTime
SystemTimeToFileTime
FindResourceExA
GetAtomNameA
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
RtlUnwind
HeapReAlloc
VirtualQuery
UnhandledExceptionFilter
GlobalSize
IsDebuggerPresent
RaiseException
GetTimeFormatA
GetDateFormatA
HeapSize
GetConsoleCP
GetConsoleMode
GetStartupInfoA
ExitProcess
CreateThread
SetStdHandle
GetACP
IsValidCodePage
FatalAppExitA
GetStdHandle
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetHandleCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetConsoleCtrlHandler
GetLocaleInfoW
SetEnvironmentVariableA
SetEnvironmentVariableW
FormatMessageA
MulDiv
CreateMutexW
GetCurrentDirectoryW
GlobalLock
GlobalUnlock
ReadFile
WriteProcessMemory
ReadProcessMemory
CreateFileMappingW
CreateFileMappingA
OpenProcess
FindNextFileW
FindNextFileA
FindFirstFileW
DeleteFileW
CreateFileW
VirtualQueryEx
GetSystemDirectoryW
GetCurrentThreadId
CreateToolhelp32Snapshot
OpenThread
Thread32First
TerminateThread
Thread32Next
HeapDestroy
HeapCreate
VirtualProtect
GetPriorityClass
lstrcpyA
SetPriorityClass
GetCurrentProcessId
GetThreadPriority
VirtualProtectEx
DosDateTimeToFileTime
FileTimeToDosDateTime
SetErrorMode
GetFullPathNameW
lstrcpynW
GetModuleHandleW
AreFileApisANSI
lstrcpynA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetFileAttributesW
InterlockedDecrement
LocalAlloc
LocalFree
IsBadReadPtr
lstrcmpA
GetProcessHeap
HeapAlloc
HeapFree
CreateProcessA
TerminateProcess
GetExitCodeProcess
GetCurrentThread
IsBadWritePtr
GetSystemInfo
GlobalAlloc
GlobalFree
GetSystemTimeAsFileTime
CompareFileTime
GetCommandLineA
GetFullPathNameA
FindFirstFileA
FindClose
VirtualAlloc
MoveFileA
GetFileType
CreateEventA
WaitForMultipleObjects
ExitThread
ResetEvent
GetComputerNameA
FreeLibrary
SetThreadPriority
SuspendThread
SetFileAttributesA
GetVolumeInformationA
SetCurrentDirectoryA
SearchPathA
ExpandEnvironmentStringsA
FlushFileBuffers
VirtualFree
InterlockedIncrement
SetFileTime
GetFileTime
GetModuleFileNameA
GetLogicalDrives
GetCurrentProcess
DuplicateHandle
CreateDirectoryA
GetTempFileNameA
MoveFileExA
GetShortPathNameA
GetWindowsDirectoryA
lstrcatA
GetFileSize
MapViewOfFile
UnmapViewOfFile
SetFilePointer
SetEndOfFile
WriteFile
GetTempPathA
GetCurrentDirectoryA
GetTickCount
GetDriveTypeA
GetFileAttributesExA
GetFileAttributesA
DeleteFileA
SetEvent
GetExitCodeThread
CallNamedPipeA
GetSystemDirectoryA
SetLastError
GetSystemPowerStatus
Sleep
LoadLibraryA
CreateFileA
DeviceIoControl
GetVersionExA
WaitForSingleObject
CreateMutexA
GetLocalTime
CloseHandle
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ResumeThread
GetModuleHandleA
FindResourceA
LoadResource
LockResource
SizeofResource
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
GetEnvironmentVariableA
lstrlenA
lstrcmpiW
lstrcmpiA
CompareStringW
CompareStringA
lstrlenW
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
SetUnhandledExceptionFilter
InterlockedExchange

user32

SetRectEmpty
BringWindowToTop
SetMenu
ShowOwnedPopups
SetCursor
GetMessageA
TranslateMessage
ValidateRect
WindowFromPoint
DestroyMenu
GetMenuItemInfoA
InflateRect
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
MapVirtualKeyA
GetKeyNameTextA
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
PostQuitMessage
ScrollWindowEx
MoveWindow
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
CheckMenuItem
SendDlgItemMessageA
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
GetKeyState
SetScrollRange
InsertMenuItemA
GetScrollPos
GetWindowContextHelpId
EnableWindow
FindWindowExA
SendMessageA
SetForegroundWindow
IsWindowVisible
GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
EqualRect
DeferWindowPos
CopyRect
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
CallWindowProcA
IntersectRect
SystemParametersInfoA
GetWindow
GetMenuState
GetMenuStringA
GetMenuItemID
InsertMenuA
GetSubMenu
SetPropA
GetCapture
GetActiveWindow
SetWindowPos
GetPropA
RemovePropA
IsWindowEnabled
GetWindowPlacement
SetDlgItemTextA
RegisterClassA
CreateWindowExA
SetWindowLongA
BeginPaint
GetSysColorBrush
FillRect
DrawTextA
EndPaint
GetParent
DefWindowProcA
LoadCursorA
ScreenToClient
GetMenu
ShowScrollBar
SetFocus
SetClassLongA
GetFocus
SetActiveWindow
InvalidateRect
DrawMenuBar
RegisterWindowMessageA
SetWindowTextA
KillTimer
SetTimer
MapDialogRect
LoadAcceleratorsA
ReleaseCapture
LoadMenuA
ReuseDDElParam
UnpackDDElParam
MsgWaitForMultipleObjects
SetCapture
WaitMessage
GetDialogBaseUnits
DeleteMenu
UnregisterClassA
DestroyIcon
GetAsyncKeyState
GetCursorPos
OffsetRect
IsRectEmpty
GetSystemMenu
SetParent
UnionRect
GetDCEx
LockWindowUpdate
GetScrollRange
CharLowerA
CharLowerW
CharUpperA
CharUpperW
ShowWindow
GetDlgItem
LoadIconA
MessageBoxA
GetWindowRect
GetClientRect
LoadImageA
GetSystemMetrics
LoadBitmapA
UpdateWindow
ReleaseDC
GetDC
GetSysColor
CreateMenu
CreatePopupMenu
AppendMenuA
SetRect
PtInRect
SetWindowPlacement
OemToCharA
GetWindowLongA
CharToOemA
wsprintfA
GetWindowDC
TranslateAcceleratorA
IsWindow
ExitWindowsEx
FindWindowA
IsZoomed
IsIconic
PostMessageA
CheckMenuRadioItem
RemoveMenu
ModifyMenuA
GetMenuItemCount
EnableMenuItem
SetScrollPos

gdi32

SetTextJustification
GetBkColor
CreateFontA
GetCharWidthA
DPtoLP
GetMapMode
CombineRgn
SetRectRgn
EnumFontFamiliesExA
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
CreatePatternBrush
CreateDIBPatternBrushPt
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
RectVisible
PtVisible
StartDocA
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
GetPixel
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
PatBlt
CreateRectRgnIndirect
SetBkColor
GetClipBox
GetDCOrgEx
CreateDCA
CopyMetaFileA
GetDeviceCaps
SetPixel
GetCurrentObject
DeleteObject
GetStockObject
GetTextExtentPoint32A
GetTextMetricsA
SetTextColor
SetBkMode
TextOutA
CreateFontIndirectA
GetObjectA
DeleteDC
StretchDIBits
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
BitBlt
SetTextCharacterExtra

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameA
RegQueryValueExW
RegQueryValueW
RegQueryValueA
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyW
RegEnumKeyA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegSetValueExW
RegSetValueW
RegSetValueA
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyExW
RegCreateKeyW
RegCreateKeyA
RegFlushKey
OpenSCManagerA
EnumServicesStatusA
OpenServiceA
QueryServiceConfigA
CloseServiceHandle
RegEnumKeyExA
RegLoadKeyA
RegUnLoadKeyA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
RegCreateKeyExA
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
LookupAccountNameA
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegDeleteKeyA

shell32

SHGetDesktopFolder
SHGetFileInfoA
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteExA
DragQueryFileA
DragFinish
ExtractIconA
ShellExecuteA
SHGetSpecialFolderLocation
SHGetMalloc

comctl32

ord17
_TrackMouseEvent

shlwapi

PathFileExistsA
PathFindExtensionA
PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
StrStrIA
PathIsUNCA

ole32

StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
CoTreatAsClass
SetConvertStg
CoInitializeEx
CoTaskMemFree
CoCreateInstance
CreateBindCtx
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CoUninitialize
CoDisconnectObject
StringFromGUID2
CLSIDFromString
WriteFmtUserTypeStg

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
SysFreeString
VarBstrFromDate
SysAllocString
VariantInit
VariantClear
VariantChangeType
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SysReAllocStringLen
VarDateFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarCyFromStr
GetErrorInfo
SetErrorInfo
CreateErrorInfo

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 816KB - Virtual size: 813KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f8bb30a63658b978a3f6985448d0d19

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

0d:34:69:5f:3d:f1:20:6d:a6:57:9a:0d:b7:85:c2:5fCertificate

Extended Key Usages

Key Usages

b6:06:e1:47:98:52:41:c5:b8:cb:2c:a9:af:2a:94:b6:1d:c9:07:64Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

version

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 200KB - Virtual size: 199KB

.data Size: 68KB - Virtual size: 114KB

.rsrc Size: 816KB - Virtual size: 813KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

0d:34:69:5f:3d:f1:20:6d:a6:57:9a:0d:b7:85:c2:5f
Certificate

b6:06:e1:47:98:52:41:c5:b8:cb:2c:a9:af:2a:94:b6:1d:c9:07:64
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 200KB - Virtual size: 199KB

.data
Size: 68KB - Virtual size: 114KB

.rsrc
Size: 816KB - Virtual size: 813KB