678a52cc3c8ff5de68650ca429ccb39e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

678a52cc3c8ff5de68650ca429ccb39e_JaffaCakes118
Size

1.1MB
MD5

678a52cc3c8ff5de68650ca429ccb39e
SHA1

e89d08e561c31673dec87a56b856ff78df845f79
SHA256

c4f1d59feb1a131b6fd99fb352ebd8f039a33524703bc5ecb68b1521f5b32097
SHA512

bcae75c38a1538b3c2fce083be1b8b77931a05b18197415b7331732d70b85793f75dac4b4a31d714f66f59dcf7a224a477fda505c7fb0d60fd3f8677d06cefe2
SSDEEP

12288:fwgGnaCm20PYXMTetgJJA5t1H2+fGt+yRGhFg3TW0n/T+QNWmgF:fGgJJA5t1W+fe6

Score

1^/10

Malware Config

Signatures

Files

678a52cc3c8ff5de68650ca429ccb39e_JaffaCakes118
.exe windows:4 windows x64 arch:x64

d3a996c491d0d5d810439f7014be463a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2c:80:89:2e:01:15:b0:b7:7a:a3:59:4b:9a:73:39:53
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

21/07/2010, 00:00

Not After

11/06/2013, 23:59

Subject

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RTCN,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

46:74:02:38:af:0e:98:bf:dd:b5:24:2f:b7:9a:54:81:82:58:bc:82
Signer

Actual PE Digest

46:74:02:38:af:0e:98:bf:dd:b5:24:2f:b7:9a:54:81:82:58:bc:82

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Users\Chunyung\Documents\Visual Studio 2005\Projects\RtHDVBgProc - New\_ma4_release\x64\RAVBg64.pdb

Imports

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

propsys

PropVariantToUInt32
PropVariantCompareEx
PropVariantToString

setupapi

SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW

kernel32

UnlockFile
SetEndOfFile
GetFileSize
FindClose
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
SetErrorMode
GetTickCount
FileTimeToLocalFileTime
GetFileAttributesW
GetFileTime
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
VirtualProtect
VirtualAlloc
VirtualQuery
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
HeapReAlloc
ExitThread
ExitProcess
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
LockFile
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RtlVirtualUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFlags
FileTimeToSystemTime
GetThreadLocale
TlsFree
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
TlsGetValue
lstrlenA
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
SuspendThread
SetThreadPriority
GetCurrentProcessId
GetModuleFileNameW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetModuleHandleW
GetVersionExA
GetModuleHandleA
SetLastError
FormatMessageW
MulDiv
MultiByteToWideChar
LocalFree
LocalAlloc
Sleep
GetSystemDirectoryW
CreateMutexW
GetExitCodeThread
ResumeThread
GetCurrentProcess
DuplicateHandle
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryW
FindResourceExW
GetSystemInfo
GetUserDefaultUILanguage
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
WaitForSingleObject
SetEvent
CreateThread
CreateEventW
lstrlenW
GetSystemDirectoryA
DeviceIoControl
GetCurrentThreadId
WideCharToMultiByte
CloseHandle
CreateFileW
GetLastError
SizeofResource
LoadResource
FindResourceW
LockResource
FreeEnvironmentStringsA

user32

IsRectEmpty
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
CharUpperW
RegisterClipboardFormatW
PostThreadMessageW
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMessageW
TranslateMessage
GetActiveWindow
GetCursorPos
ValidateRect
MoveWindow
SetWindowTextW
IsDialogMessageW
IsWindowEnabled
RegisterWindowMessageW
SendDlgItemMessageA
SendDlgItemMessageW
UnregisterClassA
IsChild
GetCapture
GetClassNameW
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
GetFocus
IsWindow
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
CopyAcceleratorTableW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
IsWindowVisible
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
OffsetRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
TabbedTextOutW
GetDC
ReleaseDC
IntersectRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
LoadIconW
RegisterDeviceNotificationW
ChangeWindowMessageFilter
CallNextHookEx
KillTimer
SetTimer
UnregisterDeviceNotification
FindWindowExW
SetWindowPos
EnableWindow
DrawFocusRect
InflateRect
SetRect
CharNextW
ReleaseCapture
SetCapture
CopyRect
RedrawWindow
UnregisterClassW
DestroyMenu
GetWindowLongPtrW
LoadCursorW
GetSysColorBrush
DrawTextW
SendMessageW
GetDesktopWindow
GetWindow
GetParent
GetWindowRect
PostMessageW
EnumThreadWindows
UnhookWindowsHookEx
InvalidateRect
SetWindowsHookExW
SetForegroundWindow
GetForegroundWindow
GetWindowThreadProcessId
UpdateWindow
ShowWindow
GetWindowLongW
SystemParametersInfoW
GetSysColor
GetClientRect
SetCursor
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetMenu
WinHelpW

gdi32

PtVisible
RectVisible
TextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetBkColor
GetTextColor
GetRgnBox
GetClipBox
SetMapMode
GetViewportExtEx
GetWindowExtEx
GetStockObject
CreateCompatibleBitmap
DeleteObject
CreateDIBSection
GetObjectW
SetDIBColorTable
GetMapMode
SelectObject
BitBlt
CreateCompatibleDC
CreateFontW
DeleteDC
SetTextColor
SetBkMode
RestoreDC
SaveDC
CreateBitmap
CreateRectRgnIndirect
SetBkColor
ExtTextOutW
GetDeviceCaps

msimg32

AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegOpenKeyW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegNotifyChangeKeyValue
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW

shell32

SHGetKnownFolderPath

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

PropVariantCopy
CoFreeUnusedLibrariesEx
CreateStreamOnHGlobal
StringFromGUID2
FreePropVariantArray
PropVariantClear
CoTaskMemFree
CLSIDFromString
CoCreateInstance
CoUninitialize
CoInitializeEx
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysStringLen

gdiplus

GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipDisposeImage
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipGetImagePalette
GdiplusShutdown
GdipFree
GdiplusStartup
GdipCloneImage
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipDrawImageI
GdipCreateBitmapFromStream
GdipAlloc
GdipCreateBitmapFromScan0

Sections

.text
Size: 509KB - Virtual size: 509KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��
Size: 399KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3a996c491d0d5d810439f7014be463a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

2c:80:89:2e:01:15:b0:b7:7a:a3:59:4b:9a:73:39:53Certificate

Extended Key Usages

Key Usages

46:74:02:38:af:0e:98:bf:dd:b5:24:2f:b7:9a:54:81:82:58:bc:82Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wtsapi32

propsys

setupapi

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

Sections

.text Size: 509KB - Virtual size: 509KB

.rdata Size: 157KB - Virtual size: 157KB

.data Size: 23KB - Virtual size: 48KB

.pdata Size: 34KB - Virtual size: 33KB

�� Size: 399KB - Virtual size: 399KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

2c:80:89:2e:01:15:b0:b7:7a:a3:59:4b:9a:73:39:53
Certificate

46:74:02:38:af:0e:98:bf:dd:b5:24:2f:b7:9a:54:81:82:58:bc:82
Signer

.text
Size: 509KB - Virtual size: 509KB

.rdata
Size: 157KB - Virtual size: 157KB

.data
Size: 23KB - Virtual size: 48KB

.pdata
Size: 34KB - Virtual size: 33KB

��
Size: 399KB - Virtual size: 399KB