602491d3c831ff56b7ba4f43b5702987_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

602491d3c831ff56b7ba4f43b5702987_JaffaCakes118
Size

290KB
MD5

602491d3c831ff56b7ba4f43b5702987
SHA1

e8856ba9db43d6fe8aaf9afd532e0ddabad4b4a5
SHA256

f207dadb1381bc0f45540d97aee2e41c9ba974d272ebce5bb84214221493d798
SHA512

0d2ac7c07591e0868225f7a1b33e0a997be7cae6a874579ee8c6a5f8225bb18aaf835287f845a1f4df84c4cd1add24644b53d9e8cf57b1bea771a47249324481
SSDEEP

6144:1q6MtuwSJa5iwoZTvjgeUGMzr5Tb6mDymd7RWl+DKkmjtEgP/:/Q/owcLuGaFDy29mpP/

Score

1^/10

Malware Config

Signatures

Files

602491d3c831ff56b7ba4f43b5702987_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8e3d1f3f21f532e9e4de3dfdba38f05c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:b2:d3:c2:21:07:bc:a3:05:4c:66:a7:95:9f:1b:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/09/2009, 00:00

Not After

25/10/2012, 23:59

Subject

CN=Norman ASA,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarter,O=Norman ASA,L=Lysaker,ST=Oslo,C=NO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:7a:52:a6:04:04:aa:20:f7:3c:bd:d5:fe:b6:29:b6:fa:9d:19:81
Signer

Actual PE Digest

44:7a:52:a6:04:04:aa:20:f7:3c:bd:d5:fe:b6:29:b6:fa:9d:19:81

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

DoDragDrop
RegisterDragDrop
ReleaseStgMedium
OleInitialize
CoCreateInstance
CoCreateGuid
RevokeDragDrop

wininet

InternetOpenA
HttpQueryInfoA
InternetSetOptionA
InternetReadFile
InternetGetLastResponseInfoA
HttpOpenRequestA
HttpSendRequestA
InternetCombineUrlA
InternetQueryOptionA
InternetConnectA
InternetErrorDlg
InternetCloseHandle

comctl32

ImageList_DrawEx
ImageList_GetIconSize
ImageList_GetImageInfo

urlmon

FindMimeFromData

imm32

ImmAssociateContextEx
ImmGetCompositionStringW
ImmIsIME
ImmNotifyIME
ImmSetCandidateWindow
ImmAssociateContext
ImmReleaseContext
ImmGetContext

gdi32

BitBlt
StretchBlt
CreateSolidBrush
DPtoLP
RestoreDC
IntersectClipRect
GetLayout
GetDeviceCaps
GetWindowExtEx
AddFontMemResourceEx
StartPage
EnumFontFamiliesExW
CreateDIBSection
RectVisible
GetTextExtentPoint32A
GetFontLanguageInfo
GetCharacterPlacementW
DeleteDC
SetTextAlign
SetBkMode
SetMapMode
GetCurrentObject
SetViewportOrgEx
SetPixel
SetBrushOrgEx
CreateCompatibleBitmap
CreateRectRgnIndirect
EndDoc
StretchDIBits
GetTextAlign
GetObjectA
GetClipBox
GetWindowOrgEx
CreateBitmap
Rectangle
GdiFlush
EnumFontFamiliesExA
DeleteObject
RoundRect
CreateCompatibleDC
GetStockObject
EndPage
GetPixel
ExcludeClipRect
SaveDC
SetBkColor
TextOutA
CreateDIBPatternBrushPt
CreateHatchBrush
StartDocA
GetMapMode
GetDIBits
GetGlyphOutlineW
GetKerningPairsA
SetViewportExtEx
GetTextMetricsA
SetWindowOrgEx
LPtoDP
CreatePatternBrush
SetWindowExtEx
SetTextColor
GetViewportExtEx
CreatePen
GetTextExtentPoint32W
GetTextExtentExPointW
SetStretchBltMode
CreateFontA
SetLayout
TextOutW
PatBlt
CombineRgn
SelectObject

winmm

timeSetEvent
timeGetTime
timeKillEvent
PlaySoundA
timeGetDevCaps

oleaut32

SysAllocStringLen

comdlg32

GetOpenFileNameW
PrintDlgA
GetSaveFileNameW

user32

CloseClipboard
GetActiveWindow
GetWindowTextW
MonitorFromWindow
LoadIconW
DispatchMessageA
GetParent
EndDeferWindowPos
PeekMessageA
GetClassInfoExW
MessageBeep
InflateRect
EnableWindow
DrawFrameControl
UnhookWindowsHookEx
GetMonitorInfoW
DrawIconEx
KillTimer
AnimateWindow
GetWindowPlacement
DeferWindowPos
RegisterWindowMessageW
SetWindowLongA
EnableMenuItem
GetIconInfo
EndPaint
GetSysColor
SendMessageA
LoadCursorFromFileA
DefWindowProcA
GetDC
CreateWindowExA
RegisterClassW
GetCapture
BeginDeferWindowPos
IsWindowVisible
DialogBoxIndirectParamW
CopyRect
LoadCursorW
ReleaseCapture
UnregisterClassW
CreateIconFromResourceEx
EndDialog
FlashWindow
GetKeyboardLayout
NotifyWinEvent
GetScrollInfo
ScrollWindowEx
WindowFromPoint
InvertRect
CountClipboardFormats
SetWindowTextW
GetClipboardSequenceNumber
EqualRect
RegisterClassExA
IsWindowEnabled
IsIconic
SetTimer
AdjustWindowRectEx
LoadCursorA
GetFocus
GetUpdateRect
BeginPaint
MoveWindow
GetDlgCtrlID
OpenClipboard
SetScrollInfo
FillRect
GetDialogBaseUnits
SetWindowsHookExW
ReleaseDC
SetWindowPos
SetCursor
IsWindow
GetSysColorBrush
PostQuitMessage
UpdateWindow
DestroyCaret
GetMenuState
PtInRect
IsWindowUnicode
GetWindowDC
MapWindowPoints
IsChild
CreateWindowExW
TranslateMessage
DestroyIcon
SendMessageW
SetActiveWindow
CreateDialogIndirectParamW
SetCapture
GetDesktopWindow
GetWindowThreadProcessId
PostMessageA
GetKeyState
UnregisterClassA
DefWindowProcW
ShowWindow
GetClientRect
SystemParametersInfoA
RegisterClassExW
GetSystemMenu
RegisterClassA
GetWindow
GetCaretBlinkTime
DrawTextW
LoadStringW
GetGuiResources
CreateCaret
DestroyWindow
OffsetRect
DrawEdge
RegisterWindowMessageA
GetSystemMetrics
GetWindowLongA
IsClipboardFormatAvailable
CreateCursor
GetAsyncKeyState
SetFocus
GetDoubleClickTime
CallWindowProcW
GetClassLongA
SetForegroundWindow
GetMessageA
GetCursorPos
EnumClipboardFormats
EmptyClipboard
RegisterClipboardFormatW
DrawTextA
SetCaretPos
ScrollDC
SetWindowLongW
SendMessageTimeoutA
GetClipboardData
CallNextHookEx
SetClipboardData
InvalidateRect
GetWindowLongW
GetWindowRect
PostMessageW

oleacc

LresultFromObject
AccessibleObjectFromWindow

kernel32

GlobalFree
CreateFileMappingA
GetTimeZoneInformation
WaitForSingleObject
IsProcessorFeaturePresent
GetComputerNameA
GetTimeFormatW
FindResourceA
SystemTimeToFileTime
WriteFile
MapViewOfFile
SetLastError
GetSystemTimeAsFileTime
EnterCriticalSection
HeapSize
GetDateFormatW
SetEndOfFile
HeapReAlloc
GlobalUnlock
FileTimeToSystemTime
OutputDebugStringW
SetStdHandle
RaiseException
CloseHandle
GetCurrentThreadId
AllocConsole
HeapAlloc
VirtualFree
HeapFree
GetFileSize
SetHandleInformation
ExitThread
CreateEventA
TlsAlloc
CreateFileW
GetStdHandle
LoadLibraryExW
HeapDestroy
GlobalSize
CreateMutexA
FlushFileBuffers
FindClose
GetModuleHandleW
GetNumberFormatW
LeaveCriticalSection
DisableThreadLibraryCalls
FlushInstructionCache
VirtualAlloc
GetThreadLocale
TlsSetValue
lstrlenW
GetTempFileNameA
CreateThread
LocalAlloc
UnhandledExceptionFilter
DeleteCriticalSection
SizeofResource
CompareStringW
TlsGetValue
WideCharToMultiByte
MulDiv
SetUnhandledExceptionFilter
GetSystemTime
TlsFree
GetTempPathA
FreeLibrary
LockResource
WaitForMultipleObjects
FormatMessageA
FlushViewOfFile
LoadResource
GlobalAlloc
FindResourceExW
UnmapViewOfFile
ProcessIdToSessionId
CreatePipe
ReadFile
GetUserDefaultLCID
GetLocalTime
FindFirstFileW
lstrlenA
GetProcessHeap
CreateFileA
SetThreadLocale
IsDebuggerPresent
FindNextFileW
FindResourceW
GetCurrencyFormatW
SetFilePointer
GlobalLock
VirtualAllocEx

certcli

CAOIDCreateNew
CAGetCAFlags
CASetCASecurity
CAUpdateCertType
CASetCertTypeExtension
CAOIDSetProperty
CAGetCertTypeProperty
CAFreeCertTypeExtensions
CASetCAFlags
CASetCertTypeFlagsEx
CACloseCertType
CACertTypeGetSecurity
CAOIDGetProperty

feclient

FeClientInitialize

Sections

.text
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ryNLjVW
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kTaLJVW
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tXHuJVW
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.RsnpHyk
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zAtGa
Size: 512B - Virtual size: 482B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qbuya
Size: 512B - Virtual size: 425B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.NSXPa
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Gneva
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kwzFRyk
Size: 512B - Virtual size: 475B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e3d1f3f21f532e9e4de3dfdba38f05c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

5c:b2:d3:c2:21:07:bc:a3:05:4c:66:a7:95:9f:1b:5fCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

44:7a:52:a6:04:04:aa:20:f7:3c:bd:d5:fe:b6:29:b6:fa:9d:19:81Signer

Headers

DLL Characteristics

File Characteristics

Imports

ole32

wininet

comctl32

urlmon

imm32

gdi32

winmm

oleaut32

comdlg32

user32

oleacc

kernel32

certcli

feclient

Sections

.text Size: 224KB - Virtual size: 223KB

.ryNLjVW Size: 4KB - Virtual size: 3KB

.kTaLJVW Size: 1KB - Virtual size: 1KB

.tXHuJVW Size: 4KB - Virtual size: 4KB

.RsnpHyk Size: 5KB - Virtual size: 4KB

.rdata Size: 10KB - Virtual size: 16KB

.zAtGa Size: 512B - Virtual size: 482B

.qbuya Size: 512B - Virtual size: 425B

.NSXPa Size: 3KB - Virtual size: 2KB

.Gneva Size: 3KB - Virtual size: 3KB

.data Size: 7KB - Virtual size: 102KB

.rsrc Size: 18KB - Virtual size: 18KB

.kwzFRyk Size: 512B - Virtual size: 475B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

5c:b2:d3:c2:21:07:bc:a3:05:4c:66:a7:95:9f:1b:5f
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

44:7a:52:a6:04:04:aa:20:f7:3c:bd:d5:fe:b6:29:b6:fa:9d:19:81
Signer

.text
Size: 224KB - Virtual size: 223KB

.ryNLjVW
Size: 4KB - Virtual size: 3KB

.kTaLJVW
Size: 1KB - Virtual size: 1KB

.tXHuJVW
Size: 4KB - Virtual size: 4KB

.RsnpHyk
Size: 5KB - Virtual size: 4KB

.rdata
Size: 10KB - Virtual size: 16KB

.zAtGa
Size: 512B - Virtual size: 482B

.qbuya
Size: 512B - Virtual size: 425B

.NSXPa
Size: 3KB - Virtual size: 2KB

.Gneva
Size: 3KB - Virtual size: 3KB

.data
Size: 7KB - Virtual size: 102KB

.rsrc
Size: 18KB - Virtual size: 18KB

.kwzFRyk
Size: 512B - Virtual size: 475B