61fdf00ce56c607a80411b2cd1de31cc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

61fdf00ce56c607a80411b2cd1de31cc_JaffaCakes118
Size

1.0MB
MD5

61fdf00ce56c607a80411b2cd1de31cc
SHA1

ed1d3469eb4d8c848c1bfad1db691f7088b28f66
SHA256

4b49c70ff2eb4e87798de8ca34f3af137b6c1e8d28bb2bb385ad023a1f336868
SHA512

9cf6de04ec59e66a9b1113ea5cbdb68f82b10355d816b3d6e1c7c1fdc00621d87e9a7a8b32b26edcc82fd2d10c17e7f11f535bb9a469fad6883d9f1fc86cb3ef
SSDEEP

12288:4cXDAISwdrcuGHL4pX1RCEHV3fzblEOGSEzUvzblE4wEQRUSEcfv44IdmIK0X5wO:NXSwNcFHL0FUEHV3f+OP+ac34

Score

1^/10

Malware Config

Signatures

Files

61fdf00ce56c607a80411b2cd1de31cc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

72bfdb79a26f2b6bde146317c87aee3b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:ee:2c:9d:ad:71:45:09:44:a1:13:71:a8:0c:00:69
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/03/2008, 00:00

Not After

23/04/2011, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ISWQL,O=Intel Corporation,L=Folsom,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:21:97:b0:f9:0f:5a:81:9e:7f:16:bf:d0:a0:b1:bf:59:98:4f:21
Signer

Actual PE Digest

f1:21:97:b0:f9:0f:5a:81:9e:7f:16:bf:d0:a0:b1:bf:59:98:4f:21

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\ccviews\autobuild1_br-0811-0046_14.37_snapshot\workingdirectory1\hdmiinstaller\1.1.19\installer\hdmi\release\Setup.pdb

Imports

setupapi

SetupGetLineTextW
SetupFindNextLine
SetupCloseInfFile
SetupFindFirstLineW
SetupOpenInfFileW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiGetINFClassW
SetupDiGetDeviceRegistryPropertyW
SetupCopyOEMInfW
SetupGetStringFieldW

shlwapi

PathRemoveArgsW
PathStripPathW
SHDeleteKeyW
PathAddBackslashW
PathIsDirectoryEmptyW
PathFileExistsW
PathIsRootW
PathRemoveFileSpecW
PathAppendW
PathFindFileNameW

kernel32

SizeofResource
FindResourceW
SetEvent
CreateEventW
CreateThread
VerifyVersionInfoW
VerSetConditionMask
FindNextFileW
FindClose
FindFirstFileW
GetLocalTime
GetCurrentProcess
GetProcAddress
GetModuleHandleW
GetSystemInfo
GetVersionExW
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
FreeLibrary
LoadLibraryW
GetSystemDirectoryW
GetFileAttributesW
WriteFile
CreateFileA
GetModuleFileNameA
GetTempPathA
GetModuleFileNameW
GetWindowsDirectoryW
RemoveDirectoryW
MoveFileExW
DeleteFileW
SetFileAttributesW
Sleep
CopyFileW
LoadResource
CreateProcessW
GetLocaleInfoW
OutputDebugStringW
SetFilePointer
GetExitCodeProcess
ConvertDefaultLocale
GetSystemDefaultLangID
EnumResourceLanguagesW
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetOEMCP
GetACP
HeapSize
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
LockResource
MultiByteToWideChar
CreateFileW
GetFileSize
ReadFile
WaitForSingleObject
CloseHandle
SetLastError
SetHandleCount
GetLastError
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
ExitProcess
GetStartupInfoW
GetProcessHeap
GetVersionExA
GetModuleHandleA
HeapAlloc
HeapFree
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
RaiseException
LocalAlloc
InterlockedExchange
LoadLibraryA

user32

MapDialogRect
LoadImageW
DialogBoxParamW
LoadIconW
SendDlgItemMessageW
EnableWindow
SetDlgItemTextW
SetWindowTextW
SetFocus
SetWindowPos
GetDlgItem
SendMessageW
ShowWindow
SetTimer
PostMessageW
ReleaseDC
GetDC
ExitWindowsEx
GetWindowThreadProcessId
GetWindowModuleFileNameW
EnumWindows
MessageBoxW
LoadStringW
wsprintfW
EndDialog
KillTimer

gdi32

GetTextExtentPoint32W
SetTextColor
SetBkMode
GetStockObject
GetObjectW
CreateFontIndirectW
DeleteObject
CreateFontW
SelectObject

advapi32

IsTextUnicode
RegDeleteValueW
RegEnumValueW
RegQueryValueExW
CreateServiceW
ChangeServiceConfigW
ChangeServiceConfig2W
StartServiceW
QueryServiceStatus
QueryServiceConfigW
ControlService
DeleteService
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

SHCreateDirectoryExW
ShellExecuteW
ShellExecuteA
SHGetFolderPathW

ole32

OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExW
GetModuleBaseNameW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 324KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 607KB - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mrmeqxy
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

72bfdb79a26f2b6bde146317c87aee3b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

48:ee:2c:9d:ad:71:45:09:44:a1:13:71:a8:0c:00:69Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

f1:21:97:b0:f9:0f:5a:81:9e:7f:16:bf:d0:a0:b1:bf:59:98:4f:21Signer

Headers

File Characteristics

PDB Paths

Imports

setupapi

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

psapi

version

Sections

.text Size: 324KB - Virtual size: 323KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 607KB - Virtual size: 607KB

mrmeqxy Size: 32KB - Virtual size: 32KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

48:ee:2c:9d:ad:71:45:09:44:a1:13:71:a8:0c:00:69
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

f1:21:97:b0:f9:0f:5a:81:9e:7f:16:bf:d0:a0:b1:bf:59:98:4f:21
Signer

.text
Size: 324KB - Virtual size: 323KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 607KB - Virtual size: 607KB

mrmeqxy
Size: 32KB - Virtual size: 32KB