696fe88f2f87ce540055dd6003e0961b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

696fe88f2f87ce540055dd6003e0961b_JaffaCakes118
Size

1.3MB
MD5

696fe88f2f87ce540055dd6003e0961b
SHA1

d30e326727942643fdc0f2774e708a5de960d08d
SHA256

576a49ca452131fb0fdf8c135f6ab347bada4c7b19d64c0cbdca7286ad6227e6
SHA512

b9ddf6c9224d405363b7559ac5fafd96d1b18fc8c108255b582c8c9c3f7d039727c6d4be28c9686ac7bad6c57ada6857cc2270a396139d0196f668d61382245c
SSDEEP

24576:29JvMAXHhCeMbRJ6b2obT2gNpaLeRdBzdQa1hweMWymmSqvh1DF:oac2obT2Pi/91hhepJhr

Score

1^/10

Malware Config

Signatures

Files

696fe88f2f87ce540055dd6003e0961b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

81ffdc5917f997ad445aaac38395287a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:f4:ae:46:f2:76:ce:96:cc:56:ad:23:77:a7:63:44
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

03/05/2011, 00:00

Not After

02/05/2014, 23:59

Subject

CN=EA Digital Illusions CE AB,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=EA Digital Illusions CE AB,L=Stockholm,ST=Stockholms Lan,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ea:99:af:2b:dc:f0:9c:ed:ab:25:d7:de:23:e9:74:d5:b6:00:9a:d3
Signer

Actual PE Digest

ea:99:af:2b:dc:f0:9c:ed:ab:25:d7:de:23:e9:74:d5:b6:00:9a:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\monkey\Heroes.MainBranch.Updater\BFH_MainBranch\Code\Tools\Updater\Updater\Release\BFHUpdater.pdb

Imports

wininet

InternetOpenA
InternetCrackUrlA
InternetSetCookieA
InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
HttpAddRequestHeadersA
InternetSetOptionA
HttpSendRequestA
InternetConnectA
HttpOpenRequestA

gdiplus

GdipDeleteGraphics
GdipDeletePrivateFontCollection
GdipNewPrivateFontCollection
GdipCreateFromHDC
GdipCloneBrush
GdipDeleteFont
GdipCreateFont
GdipDeleteBrush
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipDeleteFontFamily
GdipCreateBitmapFromStream
GdipGetFontCollectionFamilyCount
GdipGetImageWidth
GdipPrivateAddMemoryFont
GdipDrawString
GdipCreateSolidFill
GdipSetTextRenderingHint
GdipCloneImage
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipFree
GdipAlloc
GdiplusStartup
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDisposeImage
GdipGetImageHeight

kernel32

HeapCreate
HeapDestroy
SetLastError
ExitProcess
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
CreateMutexA
WaitForSingleObject
ReleaseMutex
CloseHandle
WideCharToMultiByte
lstrlenW
InterlockedExchange
lstrlenA
GetLastError
MultiByteToWideChar
FindResourceA
SizeofResource
LockResource
LoadResource
CreateFileA
SetFilePointerEx
GetFileSizeEx
ReadFile
WriteFile
GetModuleFileNameA
GetTickCount
CopyFileExA
CreateEventA
CreateThread
SetEvent
WaitForMultipleObjects
DeleteFileA
SetFilePointer
GetLocalTime
GetTempPathA
TerminateThread
CreateWaitableTimerA
SetWaitableTimer
RemoveDirectoryA
VirtualFree
FindClose
FindNextFileA
FindFirstFileA
MoveFileA
GetCurrentProcess
GetVersionExA
GetDiskFreeSpaceExA
GlobalFree
GlobalAlloc
GetModuleHandleA
Sleep
GetCommandLineA
CreateProcessA
GetTempFileNameA
TerminateProcess
LocalAlloc
GetExitCodeProcess
LocalFree
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GlobalLock
GlobalUnlock
ResetEvent
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
HeapReAlloc
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
HeapAlloc
InitializeCriticalSection
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
VirtualAlloc
GetProcAddress
GetSystemTimeAsFileTime
GetProcessHeap
GetStartupInfoA
RtlUnwind
RaiseException
HeapSize
GetStdHandle
SetHandleCount
GetFileType
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileW
SetEndOfFile
MoveFileExA

user32

SetLayeredWindowAttributes
CreateWindowExW
RegisterClassExW
LoadIconA
CreateIconFromResource
GetWindowRect
SetCursor
PtInRect
ReleaseCapture
EndDialog
EndPaint
DrawEdge
SetWindowRgn
SetWindowTextA
GetDlgItem
SetWindowTextW
DefWindowProcW
PostThreadMessageA
GetMessageA
GetSystemMetrics
SetWindowPos
PostQuitMessage
DispatchMessageA
SetCapture
InvalidateRect
DialogBoxParamW
GetWindowLongA
SetWindowLongA
UnregisterClassA
DestroyWindow
UpdateWindow
MoveWindow
DefWindowProcA
GetDlgCtrlID
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetClassNameA
EnumChildWindows
BeginPaint
ShowWindow
GetClientRect
CreateWindowExA
RegisterClassExA
LoadCursorA
ReleaseDC
GetDC
GetTopWindow
SendMessageA
MessageBoxW
MessageBoxA
GetWindow

gdi32

SelectClipRgn
CreateRectRgn
CreateRoundRectRgn
CreateDCA
GetTextFaceA
SelectObject
DeleteDC
CreateFontIndirectA
EnumFontFamiliesExA
DeleteObject
GetObjectA

advapi32

RegOpenKeyExA
CreateWellKnownSid
BuildExplicitAccessWithNameA
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
SetNamedSecurityInfoA
SetEntriesInAclA
RegDeleteKeyA
RegDeleteValueA
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
GetUserNameA

shell32

SHGetFolderPathA
ShellExecuteA
SHFileOperationA
ShellExecuteExA
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderLocation
SHParseDisplayName
SHCreateDirectoryExA

ole32

OleInitialize
OleUninitialize
OleCreate
OleSetContainedObject
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance

oleaut32

SysAllocString
VariantClear

shlwapi

SHGetValueA
PathFileExistsA
PathIsRelativeA

Sections

.text
Size: 440KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 768KB - Virtual size: 766KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81ffdc5917f997ad445aaac38395287a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

18:f4:ae:46:f2:76:ce:96:cc:56:ad:23:77:a7:63:44Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

ea:99:af:2b:dc:f0:9c:ed:ab:25:d7:de:23:e9:74:d5:b6:00:9a:d3Signer

Headers

File Characteristics

PDB Paths

Imports

wininet

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 440KB - Virtual size: 439KB

.rdata Size: 84KB - Virtual size: 82KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 768KB - Virtual size: 766KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

18:f4:ae:46:f2:76:ce:96:cc:56:ad:23:77:a7:63:44
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ea:99:af:2b:dc:f0:9c:ed:ab:25:d7:de:23:e9:74:d5:b6:00:9a:d3
Signer

.text
Size: 440KB - Virtual size: 439KB

.rdata
Size: 84KB - Virtual size: 82KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 768KB - Virtual size: 766KB