67d41fb678eb5cd8ef0b6951ed9820ff_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

67d41fb678eb5cd8ef0b6951ed9820ff_JaffaCakes118
Size

554KB
MD5

67d41fb678eb5cd8ef0b6951ed9820ff
SHA1

30b2513073c0b55cb79112bd71520ab5fe1ea5bb
SHA256

ec732cbcb7a76d27865788a8be5ac1c364f0a4cebb56ff567e1d7650e3ca1244
SHA512

00777e2cd45483a51b36acdd6c75e03993b4b4bb0c44d97b64c14bdba85030e1ca62112486d392e4f38a3cced13ce572ed4df182482f9cd3434a7a4e9078b344
SSDEEP

12288:XJsLK966duC+ELR4c2XWEX1T1fof2JcI7IZz:eeduC+EN4Y2zTlcx

Score

1^/10

Malware Config

Signatures

Files

67d41fb678eb5cd8ef0b6951ed9820ff_JaffaCakes118
.exe windows:5 windows x86 arch:x86

777b73e3e4413ca2f5455a3cf7783842

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:60:fc:32:bd:52:1d:77:f2:11:c1:33:6a:a9:8b:9e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/06/2010, 00:00

Not After

01/06/2013, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Secure Application Development,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

s:\IDM_projects\IDMGrHlp2\Release\IDMGrHlp.pdb

Imports

wininet

InternetCombineUrlA

kernel32

GetFileAttributesA
GetFileSizeEx
GetFileTime
GetTickCount
HeapFree
RtlUnwind
RaiseException
GetCommandLineA
GetStartupInfoA
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
Sleep
HeapSize
HeapCreate
VirtualFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
LCMapStringA
LCMapStringW
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
FileTimeToLocalFileTime
SetErrorMode
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetOEMCP
GetCPInfo
GlobalFlags
WritePrivateProfileStringA
FileTimeToSystemTime
GetThreadLocale
InterlockedIncrement
GetModuleHandleW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
LoadLibraryA
GetProcessHeap
lstrcmpW
GetVersionExA
GetModuleFileNameW
FreeResource
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryExA
CompareStringA
InterlockedExchange
FreeLibrary
GetProcAddress
lstrcmpA
FormatMessageA
LocalFree
MulDiv
lstrlenA
SetLastError
InterlockedDecrement
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetModuleHandleA
CreateThread
SleepEx
GetCurrentThreadId
ExitProcess
CreateFileW
GetFileSize
WriteFile
SetFilePointer
GlobalAlloc
GlobalLock
ReadFile
GlobalUnlock
CloseHandle
GetLastError
GlobalFree
MultiByteToWideChar
lstrlenW
IsValidCodePage

user32

RegisterClipboardFormatA
CharNextA
CharUpperA
ReleaseCapture
SetCapture
DestroyMenu
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
GetWindowThreadProcessId
SetCursor
GetCursorPos
ValidateRect
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
InvalidateRgn
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetForegroundWindow
GetLastActivePopup
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
UpdateWindow
MessageBoxA
GetClassInfoExA
GetClassInfoA
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
InvalidateRect
SetRect
GetDlgCtrlID
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
GetActiveWindow
SetActiveWindow
MessageBeep
EnableMenuItem
GetNextDlgGroupItem
IsRectEmpty
ModifyMenuA
CopyAcceleratorTableA
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
KillTimer
SetTimer
IsWindow
GetDesktopWindow
UnregisterClassA
LoadCursorA
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
PostQuitMessage
SetWindowsHookExA
GetClassNameA
GetWindowTextA
PostMessageA
CallNextHookEx
GetSystemMetrics
LoadIconA
EnableWindow
GetClientRect
IsIconic
SendMessageA
DrawIcon
PostThreadMessageA
UnhookWindowsHookEx

gdi32

DeleteDC
SelectObject
ExtSelectClipRgn
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
Escape
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetDeviceCaps
GetStockObject
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
SetViewportOrgEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shlwapi

PathIsUNCA
PathStripToRootA
PathFindExtensionA
PathFindFileNameA

oledlg

ord8

ole32

CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoRevokeClassObject
OleInitialize
CoCreateInstance
OleUninitialize
CreateBindCtx
CoInitialize
CoUninitialize
CoTaskMemFree
OleIsCurrentClipboard
OleFlushClipboard
CreateStreamOnHGlobal
CoRegisterMessageFilter

oleaut32

VariantInit
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantChangeType
VariantClear
SysStringLen
SysFreeString
SysAllocStringLen
VarBstrCmp
SysAllocString
SysAllocStringByteLen
SysStringByteLen

urlmon

CoInternetGetSession
CreateURLMoniker

Sections

.text
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

777b73e3e4413ca2f5455a3cf7783842

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

46:60:fc:32:bd:52:1d:77:f2:11:c1:33:6a:a9:8b:9eCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shlwapi

oledlg

ole32

oleaut32

urlmon

Sections

.text Size: 248KB - Virtual size: 248KB

.rdata Size: 61KB - Virtual size: 61KB

.data Size: 11KB - Virtual size: 26KB

.rsrc Size: 31KB - Virtual size: 31KB

.reloc Size: 36KB - Virtual size: 36KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

46:60:fc:32:bd:52:1d:77:f2:11:c1:33:6a:a9:8b:9e
Certificate

.text
Size: 248KB - Virtual size: 248KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 11KB - Virtual size: 26KB

.rsrc
Size: 31KB - Virtual size: 31KB

.reloc
Size: 36KB - Virtual size: 36KB