618348d640f1ad6d659572cd6676c9b6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

618348d640f1ad6d659572cd6676c9b6_JaffaCakes118
Size

581KB
MD5

618348d640f1ad6d659572cd6676c9b6
SHA1

407196dab1655be8715e40f21102124be87573cc
SHA256

be40855d7637ffec5dcec31bfa674073b490ade047f6be66b4150be41bc1888b
SHA512

6a3c739c69cadcd18ede2ead66076821c7bbf2ad3871b361d54e55cd9a75b774e49dbff8a25352e04b592007dd97d94af168f94366a08c315cfcfe85f8340ec9
SSDEEP

6144:hnFuaHLXlujoITmoGGx/jJQxwtGTBJpwnbqU0ZerJg3x2xjcFT6SkfmR+:hnFuaHpujRllS1Y6Zeryh2V9fmR+

Score

1^/10

Malware Config

Signatures

Files

618348d640f1ad6d659572cd6676c9b6_JaffaCakes118
.exe windows:6 windows x86 arch:x86

4345327f2ce0f273206d14c2c6039a28

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:8e:49:11:ea:41:4d:e5:37:bc:ee:2a:aa:b7:4f:c7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/02/2009, 00:00

Not After

20/04/2012, 23:59

Subject

CN=Broadcom Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Enterprise Computing,O=Broadcom Corporation,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:38:5f:cc:ec:2e:69:24:e2:72:20:db:9d:1f:f3:d9:d7:8a:0a:2d
Signer

Actual PE Digest

6a:38:5f:cc:ec:2e:69:24:e2:72:20:db:9d:1f:f3:d9:d7:8a:0a:2d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

v:\BTW\btw1.2\temp\BTWDINS\btwdins.pdb

Imports

ws2_32

getsockname
closesocket
WSACleanup
WSAStartup
socket
bind
WSALookupServiceNextW
WSAGetLastError
WSALookupServiceBeginW
WSAAddressToStringW
WSASetServiceW
sendto
WSALookupServiceEnd
ntohl

setupapi

SetupDiDestroyDeviceInfoList
SetupDiSetClassInstallParamsW
CM_Get_DevNode_Status
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
CM_Locate_DevNodeW
SetupDiOpenDevRegKey
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInterfaceDetailW
CM_Get_Parent
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceRegistryPropertyA
CM_Get_Device_IDW
SetupDiSetClassInstallParamsA
CM_Get_Device_IDA
SetupDiCallClassInstaller

kernel32

OutputDebugStringW
OpenProcess
Process32NextW
lstrcmpiW
Process32FirstW
CreateToolhelp32Snapshot
GetLocalTime
LoadLibraryA
CreateProcessW
GetSystemDirectoryW
InterlockedDecrement
SetEvent
GetCurrentThreadId
GetTickCount
lstrlenA
GetCurrentThread
InterlockedIncrement
DisconnectNamedPipe
WriteFile
ReadFile
ConnectNamedPipe
WaitForMultipleObjects
ResetEvent
LocalFree
CreateNamedPipeW
CreateEventW
CreateThread
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetCommandLineW
lstrcmpW
lstrcpyW
LockResource
RaiseException
MulDiv
GetWindowsDirectoryW
GetModuleHandleA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
ExitThread
RtlUnwind
HeapReAlloc
GetTimeZoneInformation
GetSystemTimeAsFileTime
ExitProcess
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
FatalAppExitA
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
HeapSize
SetConsoleCtrlHandler
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
GetModuleFileNameW
IsValidCodePage
GetLocaleInfoW
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetThreadLocale
lstrlenW
LoadLibraryW
FreeLibrary
CallNamedPipeA
MultiByteToWideChar
GetModuleHandleW
GetProcAddress
GetCurrentProcess
OutputDebugStringA
SetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersionExW
CreateFileA
WideCharToMultiByte
Sleep
InterlockedExchange
WaitForSingleObject
TerminateThread
CreateFileW
SetThreadPriority
CloseHandle
DeviceIoControl
GetLastError
FindResourceExW
IsValidLocale

user32

SetWindowPos
CreateDialogParamW
wsprintfW
UnregisterClassA
IsWindowVisible
EnumChildWindows
SetClassLongW
IsWindow
CallWindowProcW
GetDlgItem
CheckDlgButton
CheckRadioButton
PostMessageW
GetParent
GetClassNameW
GetWindowTextW
FindWindowExW
GetWindowLongW
GetMessageW
ShowWindow
CreateWindowExW
GetForegroundWindow
DestroyWindow
GetDesktopWindow
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationW
OpenDesktopW
PostThreadMessageW
LoadStringW
wvsprintfW
SetThreadDesktop
SetProcessWindowStation
CloseDesktop
CloseWindowStation
UnregisterDeviceNotification
RegisterDeviceNotificationW
MessageBoxW
CharNextW
PeekMessageW
DefWindowProcW
SetDlgItemTextW
PostQuitMessage
KillTimer
SetTimer
BringWindowToTop
SetActiveWindow
SetFocus
GetSystemMetrics
GetWindowRect
mouse_event
GetWindowThreadProcessId
IsWindowEnabled
EnableWindow
FindWindowW
SendMessageW
UpdateWindow
DispatchMessageW
EnumWindows

advapi32

RegDeleteKeyW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
CryptAcquireContextW
CryptReleaseContext
CryptSetProvParam
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteKeyA
RegEnumValueA
RegCreateKeyExA
RegDeleteKeyExA
RegDeleteValueA
RegNotifyChangeKeyValue
RegEnumKeyW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
GetUserNameW
OpenThreadToken
ImpersonateLoggedOnUser
RegOpenCurrentUser
StartServiceW
QueryServiceStatus
RegOpenKeyExA
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSid
GetLengthSid
CopySid
OpenProcessToken
LookupPrivilegeValueW
CryptExportKey
CryptGenKey
CryptGetUserKey
CryptDecrypt
CryptImportKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegQueryValueExA
RegSetValueExA
RegEnumValueW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
ChangeServiceConfig2W
CreateServiceW
DeleteService
ControlService
DeregisterEventSource
ReportEventW
RegisterEventSourceW
SetServiceStatus
RevertToSelf
AdjustTokenPrivileges
CryptDestroyKey
CryptEncrypt

ole32

CoInitializeSecurity
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoRegisterClassObject
CoRevokeClassObject
StringFromGUID2

oleaut32

SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr

Sections

.text
Size: 372KB - Virtual size: 370KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4345327f2ce0f273206d14c2c6039a28

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

3a:8e:49:11:ea:41:4d:e5:37:bc:ee:2a:aa:b7:4f:c7Certificate

Extended Key Usages

Key Usages

6a:38:5f:cc:ec:2e:69:24:e2:72:20:db:9d:1f:f3:d9:d7:8a:0a:2dSigner

Headers

File Characteristics

PDB Paths

Imports

ws2_32

setupapi

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 372KB - Virtual size: 370KB

.rdata Size: 156KB - Virtual size: 152KB

.data Size: 12KB - Virtual size: 140KB

.rsrc Size: 32KB - Virtual size: 29KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

3a:8e:49:11:ea:41:4d:e5:37:bc:ee:2a:aa:b7:4f:c7
Certificate

6a:38:5f:cc:ec:2e:69:24:e2:72:20:db:9d:1f:f3:d9:d7:8a:0a:2d
Signer

.text
Size: 372KB - Virtual size: 370KB

.rdata
Size: 156KB - Virtual size: 152KB

.data
Size: 12KB - Virtual size: 140KB

.rsrc
Size: 32KB - Virtual size: 29KB