5a561dbd3cf8714cc30019245276b9d7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5a561dbd3cf8714cc30019245276b9d7_JaffaCakes118
Size

1.4MB
MD5

5a561dbd3cf8714cc30019245276b9d7
SHA1

3d5e14b119c48aff8b0b9b718c40c5e35838d52d
SHA256

393f371662ec027bfcb846fe5b5e3ddff6e79b2aa561edf2667f81d7fa429a69
SHA512

31aea188b0de1623fbbe6d77f7fa051d51c673af062e3d638fc4d94ffed31ab454c2a79e19ad4269995ace8bdfdaf261fd5cf6b97f84bef6e1e4518d483666d6
SSDEEP

24576:A6f0sys12Niuws9NYOUppTSt/iE2Pqj1hWJt7kgqSM:Pf0nNiwi2Bi6kFBM

Score

1^/10

Malware Config

Signatures

Files

5a561dbd3cf8714cc30019245276b9d7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

04b561af578b6114c1a40722ebf56a78

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:00:8b:66:a6:15:9b:6f:9a:cd:86:3e:8d:43:bd:7f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/04/2009, 00:00

Not After

03/04/2010, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,L=bei jing,ST=china,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

95:d0:ea:f6:bc:0a:74:5b:a7:12:0d:43:91:7c:6c:76:d6:16:a1:49
Signer

Actual PE Digest

95:d0:ea:f6:bc:0a:74:5b:a7:12:0d:43:91:7c:6c:76:d6:16:a1:49

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord4601
ord4710
ord4744
ord4602
ord5010
ord4369
ord4846
ord4828
ord355
ord4224
ord5228
ord1173
ord5264
ord6375
ord1230
ord3442
ord3191
ord4155
ord941
ord2385
ord2644
ord1560
ord5579
ord268
ord1662
ord2078
ord2550
ord6266
ord6374
ord4118
ord4875
ord539
ord3568
ord5819
ord3659
ord3566
ord996
ord640
ord5781
ord1633
ord323
ord2854
ord415
ord613
ord289
ord715
ord5637
ord1859
ord2861
ord3614
ord816
ord5785
ord562
ord283
ord2746
ord1863
ord686
ord5603
ord2754
ord897
ord2400
ord1635
ord2445
ord1854
ord4215
ord2576
ord3649
ord2430
ord6138
ord2559
ord5784
ord5783
ord5871
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6017
ord6168
ord5869
ord5790
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord3591
ord2755
ord3915
ord472
ord6190
ord2855
ord3981
ord2914
ord3697
ord1083
ord501
ord807
ord2915
ord2004
ord4158
ord2112
ord554
ord1614
ord4197
ord5602
ord2745
ord696
ord1258
ord5638
ord4180
ord5624
ord2444
ord4018
ord909
ord1808
ord2538
ord3810
ord291
ord1109
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord5278
ord2641
ord1658
ord4430
ord1717
ord5252
ord4421
ord706
ord408
ord1857
ord5095
ord2093
ord5098
ord3346
ord976
ord4147
ord2374
ord5279
ord5250
ord2437
ord401
ord674
ord1850
ord2094
ord5469
ord407
ord645
ord1856
ord5248
ord366
ord1834
ord5801
ord4140
ord5480
ord3227
ord1134
ord1137
ord2144
ord1851
ord3348
ord4616
ord1811
ord3097
ord6150
ord2523
ord4358
ord4052
ord5467
ord4116
ord2381
ord5077
ord1702
ord1706
ord5230
ord6365
ord5275
ord5244
ord2436
ord331
ord4231
ord6644
ord2706
ord3638
ord394
ord773
ord5436
ord6379
ord5446
ord6390
ord3716
ord795
ord4270
ord5438
ord3313
ord5180
ord354
ord755
ord470
ord2294
ord2397
ord713
ord6137
ord414
ord5777
ord2574
ord4629
ord3688
ord6597
ord4128
ord4292
ord2372
ord6688
ord3296
ord3281
ord3084
ord3288
ord6003
ord3282
ord4120
ord3292
ord3291
ord3995
ord3909
ord6004
ord3792
ord5431
ord1676
ord1666
ord2620
ord5976
ord2633
ord4117
ord6210
ord6192
ord4293
ord5944
ord3083
ord3866
ord3869
ord3868
ord6194
ord4281
ord4278
ord3132
ord3791
ord5715
ord6088
ord3519
ord4027
ord6091
ord4030
ord2541
ord2425
ord3574
ord426
ord726
ord3785
ord2813
ord920
ord833
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord3733
ord561
ord815
ord4041
ord2137
ord2136
ord6221
ord5227
ord5243
ord2124
ord4595
ord6113
ord1202
ord1131
ord824
ord1197
ord4199
ord826
ord2717
ord5296
ord6149
ord798
ord1989
ord5461
ord5188
ord533
ord6665
ord551
ord3332
ord3806
ord1155
ord2822
ord1941
ord4029
ord3000
ord1594
ord3170
ord3172
ord3494
ord6921
ord4688
ord466
ord3991
ord3993
ord2092
ord5930
ord5210
ord929
ord937
ord3404
ord935
ord939
ord801
ord6874
ord6139
ord541
ord668
ord3173
ord4053
ord2773
ord2762
ord356
ord547
ord2070
ord2081
ord2072
ord2108
ord2105
ord2106
ord2100
ord2086
ord6608
ord2115
ord4042
ord4294
ord3393
ord3728
ord4396
ord3365
ord810
ord693
ord4266
ord2085
ord3747
ord556
ord809
ord1088
ord2114
ord2567
ord4390
ord3569
ord609
ord4238
ord956
ord6238
ord2572
ord4394
ord3625
ord682
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord616
ord6316
ord4474
ord3605
ord656
ord6919
ord6920
ord6354
ord6153
ord3285
ord3711
ord790
ord3714
ord793
ord3693
ord765
ord3626
ord683
ord6735
ord6511
ord2631
ord5491
ord729
ord2496
ord1699
ord430
ord3211
ord5778
ord4037
ord3703
ord781
ord5681
ord3269
ord439
ord736
ord4517
ord4078
ord1937
ord4522
ord4536
ord4538
ord4519
ord4524
ord5647
ord3122
ord3611
ord350
ord5641
ord1824
ord3121
ord349
ord550
ord1825
ord2912
ord2795
ord958
ord6308
ord4172
ord6006
ord5769
ord2593
ord3175
ord3178
ord3171
ord3502
ord5061
ord1826
ord1568
ord1570
ord5706
ord6278
ord6279
ord536
ord3753
ord6758
ord3403
ord3222
ord3049
ord3420
ord3875
ord5929
ord3805
ord933
ord6910
ord6605
ord6504
ord6733
ord2634
ord6330
ord4272
ord4050
ord3312
ord5856
ord2776
ord5852
ord3298
ord1771

msvcrt

wcstod
_ftol
_itoa
wcscmp
_wcsicmp
__CxxFrameHandler
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_controlfp
sprintf
_wtoi
_except_handler3
printf
isalnum
wcschr
localtime
time
isalpha
iswdigit
_purecall
_wremove
fclose
fread
ftell
fseek
_wfopen
fwrite
wcscpy
wcsncpy
wcslen
wcsncmp
wcstol
strerror
_errno
_wcsnicmp
swprintf
wcsstr
memmove
wcscat
_beginthreadex
free
malloc
wcsrchr
_wcsupr
_beginthread
_waccess
fflush
srand
exit
_wtol
swscanf
rand
iswalnum
_snprintf
atof
toupper
_wsplitpath
fgets
fgetws
isspace
strncmp
strchr
tolower
fprintf
fopen
fputc
sscanf
fputs
_wchdir
_wgetcwd
wcscoll
_CxxThrowException
calloc
memcpy
memset
_exit
_XcptFilter
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__dllonexit

kernel32

CreateFileW
OutputDebugStringW
SetFilePointer
VirtualQuery
GetVersionExW
CreateProcessW
CloseHandle
CreateDirectoryW
GetExitCodeThread
lstrcpyW
ResumeThread
GetModuleFileNameW
WideCharToMultiByte
MultiByteToWideChar
GetDriveTypeW
SetVolumeLabelW
GetDiskFreeSpaceW
GetStartupInfoW
WriteFile
lstrlenW
GetSystemInfo
GetFileTime
GetFileSize
FileTimeToDosDateTime
FileTimeToLocalFileTime
GlobalMemoryStatus
GetSystemTimeAsFileTime
IsBadCodePtr
IsBadReadPtr
GetProcAddress
GetModuleHandleW
DeviceIoControl
SetPriorityClass
GetCurrentProcess
CompareStringW
OpenProcess
GetFileAttributesW
lstrcpynW
LockResource
LoadResource
FindResourceW
GetVersion
LocalFree
FormatMessageW
GetLastError
MulDiv
GetTickCount
SetLastError
GetCurrentThreadId
LoadLibraryW
FreeLibrary
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetSystemDirectoryW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CopyFileW
CreateEventW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
ResetEvent
SetEvent
Sleep
LoadLibraryExW
lstrcpyA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetProcessTimes
Process32NextW
TerminateProcess
GetCurrentProcessId
Process32FirstW
CreateToolhelp32Snapshot
CreateSemaphoreW
GetCommandLineW
GetTempPathW
GetPrivateProfileStringW
LocalFileTimeToFileTime
SystemTimeToFileTime
lstrcmpW
GetProcessHeap
HeapFree
HeapAlloc
GlobalMemoryStatusEx
HeapReAlloc
GetACP
GetTimeZoneInformation
GetPrivateProfileIntW
GetPrivateProfileStructW
WritePrivateProfileStringW
lstrlenA
WaitForSingleObject
SetFileAttributesW
VirtualProtect
FlushInstructionCache

user32

SetScrollPos
SetScrollRange
ShowScrollBar
GetPropA
SendMessageA
SetWindowLongA
GetWindowLongA
OemToCharBuffA
CharToOemBuffA
MapWindowPoints
SetCursorPos
UpdateWindow
GetActiveWindow
SetCursor
InvalidateRect
GetDC
CallNextHookEx
GetClassNameW
GetWindowLongW
CallWindowProcW
GetPropW
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowLongW
IntersectRect
DeleteMenu
IsRectEmpty
ClientToScreen
RedrawWindow
GetMenuState
LoadMenuW
GetDesktopWindow
GetMenuStringW
InsertMenuW
ModifyMenuW
GetMenuDefaultItem
GrayStringW
DrawTextW
TabbedTextOutW
DrawEdge
SetRect
DrawFocusRect
DrawStateW
InflateRect
GetClientRect
GetMenuItemCount
GetSubMenu
GetMenuItemID
WindowFromDC
CopyRect
GetMenuInfo
DestroyIcon
GetIconInfo
FillRect
GetMenuItemRect
GetMenuItemInfoW
OffsetRect
SetScrollInfo
SetMenuInfo
GetSysColor
GetWindowDC
CloseClipboard
SetClipboardData
EmptyClipboard
ReleaseDC
LoadBitmapW
RemovePropW
PostQuitMessage
EnableMenuItem
CheckMenuItem
SetParent
SetMenuDefaultItem
GetMessagePos
IsZoomed
IsIconic
GetScrollInfo
EnableScrollBar
RegisterClipboardFormatW
GetCapture
GetWindowRgn
GetDlgCtrlID
TrackMouseEvent
SetCapture
ReleaseCapture
SetForegroundWindow
GetSystemMetrics
SetWindowPos
IsWindowEnabled
IsWindow
SetFocus
MessageBoxW
wvsprintfW
wsprintfW
UnregisterHotKey
RegisterHotKey
GetKeyState
LoadCursorW
DefWindowProcW
SetTimer
SetWindowRgn
SystemParametersInfoW
GetWindowRect
ScreenToClient
GetCursorPos
SetRectEmpty
EqualRect
PeekMessageW
UnionRect
LoadStringW
WindowFromPoint
FindWindowExW
SetPropW
keybd_event
LoadIconW
ShowWindow
GetFocus
IsChild
MenuItemFromPoint
GetMenu
DestroyMenu
GetSystemMenu
LoadImageW
RegisterWindowMessageW
GetParent
EnableWindow
PostMessageW
IsWindowVisible
SendMessageW
PtInRect
GetScrollRange
IsMenu
GetScrollPos
OpenClipboard
SetActiveWindow
TranslateMessage
GetMessageW
KillTimer
GetForegroundWindow
GetWindowThreadProcessId
DispatchMessageW
LoadAcceleratorsW
TranslateAcceleratorW
GetWindow

gdi32

CreateBitmap
CreatePolygonRgn
SetStretchBltMode
SetBkColor
SetTextColor
GetCurrentObject
GetObjectType
MoveToEx
LineTo
GetTextColor
CombineRgn
CreatePenIndirect
GetWindowExtEx
GetViewportExtEx
LPtoDP
GetMapMode
DPtoLP
GetBkColor
StretchBlt
SelectObject
DeleteDC
SelectClipRgn
CreateRectRgnIndirect
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
UnrealizeObject
SetBrushOrgEx
CreatePen
Rectangle
BitBlt
GetTextExtentPoint32W
RoundRect
DeleteObject
GetObjectW
GetPixel
SetPixel
GetNearestColor
CreateFontIndirectW
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
CreatePatternBrush
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgn

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

GetUserNameW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumValueW
RegOpenKeyW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey

shell32

SHGetFolderPathW
DragQueryFileW
DragFinish
SHChangeNotify
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW

comctl32

ImageList_Replace
ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_Add
ImageList_GetIcon
ImageList_GetImageCount
ImageList_Draw
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_AddMasked

ole32

CoUninitialize
CoGetMalloc
CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
ProgIDFromCLSID
CLSIDFromString

olepro32

ord251

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Xlen@std@@YAXXZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

ws2_32

recvfrom
setsockopt
socket
WSAStartup
inet_ntoa
WSAGetLastError
connect
send
recv
htons
gethostbyname
inet_addr
sendto
closesocket
WSACleanup

psapi

EmptyWorkingSet
GetModuleFileNameExW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

InternetQueryOptionW
CreateUrlCacheEntryW
InternetSetCookieW
CommitUrlCacheEntryW
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
InternetCloseHandle
InternetOpenA
InternetGetConnectedState
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW

iphlpapi

GetAdaptersInfo
GetIpForwardTable

winmm

waveOutGetNumDevs

shlwapi

PathFileExistsW
PathIsDirectoryW

msimg32

TransparentBlt
AlphaBlend

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 860KB - Virtual size: 856KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�b�
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

04b561af578b6114c1a40722ebf56a78

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

3d:00:8b:66:a6:15:9b:6f:9a:cd:86:3e:8d:43:bd:7fCertificate

Extended Key Usages

Key Usages

95:d0:ea:f6:bc:0a:74:5b:a7:12:0d:43:91:7c:6c:76:d6:16:a1:49Signer

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

msvcp60

ws2_32

psapi

version

wininet

iphlpapi

winmm

shlwapi

msimg32

Exports

Exports

Sections

.text Size: 860KB - Virtual size: 856KB

.rdata Size: 132KB - Virtual size: 129KB

.data Size: 52KB - Virtual size: 329KB

.rsrc Size: 168KB - Virtual size: 164KB

�b� Size: 236KB - Virtual size: 236KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

3d:00:8b:66:a6:15:9b:6f:9a:cd:86:3e:8d:43:bd:7f
Certificate

95:d0:ea:f6:bc:0a:74:5b:a7:12:0d:43:91:7c:6c:76:d6:16:a1:49
Signer

.text
Size: 860KB - Virtual size: 856KB

.rdata
Size: 132KB - Virtual size: 129KB

.data
Size: 52KB - Virtual size: 329KB

.rsrc
Size: 168KB - Virtual size: 164KB

�b�
Size: 236KB - Virtual size: 236KB