68a6d34a49cd9132f01055fe82c5bfef_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

68a6d34a49cd9132f01055fe82c5bfef_JaffaCakes118
Size

225KB
MD5

68a6d34a49cd9132f01055fe82c5bfef
SHA1

7fd4a84950b187513ca7a87fed2995dec8ded47e
SHA256

5b3e735c057b9256daaa2d024eb3eeabf84fea127aad2d33e8c9c75928850734
SHA512

227368f7b6091fedc78f7d95e5180c41566ba852904b6e934dc0743dcb8b75137652b4363fd41dde2e40f2f55acd72d69223e0b006ceda4fd85cf906227f4400
SSDEEP

6144:+/26kJC3oghja3DpYGaYxKrNV0eSCHeMuSHCf:PC4gNobaYoN2eSCkhf

Score

1^/10

Malware Config

Signatures

Files

68a6d34a49cd9132f01055fe82c5bfef_JaffaCakes118
.exe .vbs windows:5 windows x86 arch:x86 polyglot

0bb79b5c820db3a7f3b56a2dbe1bdbc4

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-09-2006 01:53

Not After

16-09-2011 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16-09-2006 01:55

Not After

16-09-2011 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04-04-2006 17:44

Not After

26-04-2012 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-04-2006 19:43

Not After

04-10-2007 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ca:3a:27:85:d1:91:3b:a2:f7:99:53:ee:b7:41:73:80:0c:48:c3:db
Signer

Actual PE Digest

ca:3a:27:85:d1:91:3b:a2:f7:99:53:ee:b7:41:73:80:0c:48:c3:db

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

spuninst.pdb

Imports

comctl32

CreatePropertySheetPageW
PropertySheetW

user32

RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
MessageBoxW
wvsprintfW
GetWindowTextA
GetWindow
GetWindowThreadProcessId
FindWindowExA
CloseDesktop
EnumWindows
SetThreadDesktop
GetThreadDesktop
OpenDesktopA
CloseWindowStation
EnumDesktopsA
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationA
EnumWindowStationsA
LoadIconA
MessageBoxA
SetDlgItemTextA
DialogBoxParamA
SetWindowTextA
DialogBoxParamW
SendDlgItemMessageA
ShowWindow
SendMessageA
GetDlgItem
LoadStringW
LoadStringA
EndDialog
SetForegroundWindow
SendMessageW
PostMessageA
SetWindowTextW
SetWindowLongA
GetWindowLongA
GetParent
DestroyWindow
SetDlgItemTextW
KillTimer
IsDlgButtonChecked
SetTimer
CheckDlgButton
EnableWindow

ntdll

_chkstk
wcslen
wcscpy
_snwprintf
strtoul
NtClose
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationProcess
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlCharToInteger
LdrAccessResource
LdrFindResource_U
NtQuerySystemInformation
NtShutdownSystem
RtlUnicodeStringToAnsiString
_itoa
strncat
_strcmpi
strrchr
_stricmp
_snprintf
_vsnprintf
strstr
strncpy
strchr
RtlUnwind
sprintf
_strnicmp
NtQueryVirtualMemory

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoInitializeEx

updspapi

UpdSpStringTableInitialize
UpdSpStringTableInitializeEx
UpdSpStringTableAddString
UpdSpStringTableAddStringEx
UpdSpStringTableLookUpString
UpdSpStringTableLookUpStringEx
UpdSpGetLineCountA
UpdSpSetDynamicStringA
UpdSpGetTargetPathA
UpdSpStringTableDestroy
UpdSpPromptForDiskA
UpdSpSetDirectoryIdA
UpdSpGetSourceInfoA
UpdSpOpenFileQueue
UpdSpGetFieldCount
UpdSpInitDefaultQueueCallbackEx
UpdSpCloseInfFile
UpdSpStringTableEnum
UpdSpScanFileQueueA
UpdSpCopyErrorA
UpdSpFindNextMatchLineW
UpdSpGetMultiSzFieldW
UpdSpGetStringFieldW
UpdSpCommitFileQueueA
UpdSpDefaultQueueCallbackW
UpdSpDefaultQueueCallbackA
UpdSpInstallFromInfSectionA
UpdSpOpenAppendInfFileA
UpdSpDecompressOrCopyFileA
UpdSpGetLineTextW
UpdSpGetIntField
UpdSpGetBinaryField
UpdSpGetLineTextA
UpdSpOpenInfFileA
UpdSpFindFirstLineA
UpdSpGetStringFieldA
UpdSpFindNextLine
UpdSpGetTargetPathW
UpdSpInstallFilesFromInfSectionA
UpdSpFindFirstLineW
UpdSpGetLineByIndexA

msvcrt

memmove
isdigit
calloc
swprintf
wcscmp
toupper
strspn
atol
strpbrk
_close
_lseek
_read
_open
mbstowcs
getenv
_ultoa
_wtoi64
strcspn
strtok
wcstoul
exit
_itow
_c_exit
_exit
_XcptFilter
_cexit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_strdup
_vsnwprintf
_mbslwr
free
_wcsicmp
malloc

advapi32

InitiateSystemShutdownA
RegQueryValueExA
RegOpenKeyExA
OpenServiceW
EnumServicesStatusExA
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyA
RegCloseKey
AbortSystemShutdownA
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
GetFileSecurityA
LockServiceDatabase
QueryServiceConfigA
ChangeServiceConfigA
UnlockServiceDatabase
GetNamedSecurityInfoA
SetNamedSecurityInfoA
FreeSid
AdjustTokenPrivileges
RegisterEventSourceA
ReportEventA
DeregisterEventSource
OpenProcessToken
AllocateAndInitializeSid
GetTokenInformation
GetLengthSid
RegQueryValueExW
EnumDependentServicesA
OpenSCManagerA
StartServiceA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
GetServiceDisplayNameA
ControlService
SetFileSecurityA
RegCreateKeyExA
RegRestoreKeyA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA

kernel32

DelayLoadFailureHook
CopyFileA
GetStartupInfoA
CreateProcessW
DeleteFileW
MapViewOfFile
DuplicateHandle
GetSystemDefaultLangID
GetModuleFileNameW
ReleaseMutex
CopyFileW
GetWindowsDirectoryW
GetTempFileNameW
lstrlenW
VirtualFree
GetVersionExW
ExpandEnvironmentStringsW
SearchPathW
lstrcpyW
lstrcpynW
GetDriveTypeW
GetLocalTime
SearchPathA
CompareStringA
OpenEventA
GetTempFileNameA
CreateFileW
SetEndOfFile
InterlockedIncrement
OpenProcess
CreateRemoteThread
VirtualAllocEx
WriteProcessMemory
CreateEventA
CreateEventW
lstrcmpiA
QueryDosDeviceA
DefineDosDeviceA
lstrcmpA
LoadLibraryW
lstrcmpiW
CreateDirectoryA
FormatMessageW
GetFileSize
LocalFree
LocalAlloc
CreateFileMappingA
MapViewOfFileEx
FindResourceA
LoadResource
UnmapViewOfFile
ReadFile
ExpandEnvironmentStringsA
FindFirstFileA
FindNextFileA
FindClose
DeviceIoControl
GetSystemDirectoryA
GetDiskFreeSpaceA
CreateProcessA
GetExitCodeProcess
FlushFileBuffers
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
FreeLibrary
GetVersionExA
GetSystemInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentVariableA
CreateMutexA
SetUnhandledExceptionFilter
FormatMessageA
lstrcpynA
lstrcpyA
SetEvent
WaitForSingleObject
GetModuleHandleA
CreateThread
GetCurrentProcess
GetWindowsDirectoryA
SetCurrentDirectoryA
LoadLibraryA
Sleep
VirtualAlloc
DeleteFileA
WideCharToMultiByte
SetFileAttributesA
MultiByteToWideChar
GetProcAddress
SetFilePointer
CreateFileA
WriteFile
CloseHandle
RemoveDirectoryA
MoveFileExA
lstrlenA
GetFullPathNameA
ExitProcess
SetLastError
GetModuleFileNameA
SetEnvironmentVariableA
GetFileAttributesA
MoveFileA
GetLastError

gdi32

GetObjectA
CreateFontIndirectA

shell32

SHChangeNotify
SHGetSpecialFolderPathA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

psapi

GetModuleFileNameExA

rpcrt4

UuidFromStringA

imagehlp

EnumerateLoadedModules64

shlwapi

PathGetArgsA
PathUnquoteSpacesA

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0bb79b5c820db3a7f3b56a2dbe1bdbc4

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

61:49:7c:ed:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate

Extended Key Usages

Key Usages

61:46:9e:cb:00:04:00:00:00:65Certificate

Extended Key Usages

Key Usages

ca:3a:27:85:d1:91:3b:a2:f7:99:53:ee:b7:41:73:80:0c:48:c3:dbSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

user32

ntdll

ole32

updspapi

msvcrt

advapi32

kernel32

gdi32

shell32

version

psapi

rpcrt4

imagehlp

shlwapi

Sections

.text Size: 169KB - Virtual size: 169KB

.data Size: 2KB - Virtual size: 398KB

.rsrc Size: 44KB - Virtual size: 124KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:49:7c:ed:00:00:00:00:00:05
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

ca:3a:27:85:d1:91:3b:a2:f7:99:53:ee:b7:41:73:80:0c:48:c3:db
Signer

.text
Size: 169KB - Virtual size: 169KB

.data
Size: 2KB - Virtual size: 398KB

.rsrc
Size: 44KB - Virtual size: 124KB