69fe9177faadfc0d69047f99d7980ba2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

69fe9177faadfc0d69047f99d7980ba2_JaffaCakes118
Size

1.0MB
MD5

69fe9177faadfc0d69047f99d7980ba2
SHA1

35fb7643e41153d9c0b25ac8f12998b565cef94b
SHA256

1f240cf1ca2b9bea7d7f01d7f99c544c8939c35bee01e2cfb00c78e8c59f16f2
SHA512

8d8f7cabda99520d001a642dab46b521b6ae59cafaae5e9029b97b85fa5e8583d706ef0ebdbd0f68218eeaba9cf9636e1790f8fb51d43b3ec022a401db0ab8e5
SSDEEP

24576:IhaHsTJXvHaVBqO5K+nHZPxpD0GWlPcKjecIBpAIk:Isi6BqOHHZPxpD0GWlPcKSNk

Score

1^/10

Malware Config

Signatures

Files

69fe9177faadfc0d69047f99d7980ba2_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

4da3061439e51b6d74802b24c75df2df

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ed:74:2c:c3:2a:24:6b:35:34:9e:bb:ce:8e:7d:4a:e6:e6:a1:2c:54
Signer

Actual PE Digest

ed:74:2c:c3:2a:24:6b:35:34:9e:bb:ce:8e:7d:4a:e6:e6:a1:2c:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
FormatMessageW
GetTickCount
MoveFileW
GetSystemInfo
FlushInstructionCache
GetCurrentProcess
Module32NextW
Module32FirstW
GetCurrentProcessId
GetModuleFileNameA
DeviceIoControl
CreateFileA
GetVolumeInformationA
GlobalFree
GlobalAlloc
IsBadStringPtrW
DisableThreadLibraryCalls
TlsAlloc
TlsFree
Sleep
GlobalAddAtomW
GlobalDeleteAtom
CreateMutexW
OpenMutexW
lstrcpynW
TerminateThread
CreateThread
SetEvent
DeleteFileW
WaitForSingleObject
CreateEventW
lstrlenW
WideCharToMultiByte
CloseHandle
LoadLibraryA
ReadFile
LoadLibraryW
OutputDebugStringA
GetVersion
ResumeThread
GetProcAddress
GetModuleHandleW
IsBadCodePtr
MoveFileExW
lstrcmpW
VirtualProtect
GlobalLock
GlobalSize
GlobalUnlock
LoadLibraryExW
ReadProcessMemory
GetUserDefaultLangID
FindResourceW
LoadResource
LockResource
SizeofResource
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
GetWindowsDirectoryA
GetShortPathNameA
WritePrivateProfileStructW
GetPrivateProfileStructW
GetLongPathNameW
LocalAlloc
WriteFile
GetFileTime
CreateProcessW
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
GetPrivateProfileStringW
GetPrivateProfileIntW
CreateFileW
GetFileAttributesW
GetFileSize
UnmapViewOfFile
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
FreeLibrary
GetACP
WritePrivateProfileStringW
lstrcmpiW
GetShortPathNameW
TlsGetValue
TlsSetValue
FindFirstFileW
FindNextFileW
FindClose
lstrcpynA
ResetEvent
MultiByteToWideChar
GetVersionExW
InterlockedIncrement
IsBadReadPtr
lstrcmpA
lstrcmpiA
lstrlenA
InterlockedDecrement
InterlockedCompareExchange
OpenEventW
InterlockedExchange
GetSystemDirectoryW
GetModuleFileNameW
GetModuleHandleA
GetLastError
SetLastError
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CopyFileW
InitializeCriticalSection

user32

LoadMenuW
EnableWindow
SetForegroundWindow
InsertMenuItemW
TrackPopupMenu
IsMenu
CallWindowProcW
FrameRect
SetWindowRgn
GetWindowRgn
SetRect
CreatePopupMenu
SetCursor
IsChild
GetSubMenu
ClientToScreen
EndPaint
BeginPaint
CheckRadioButton
IsWindowEnabled
ReleaseCapture
RegisterClassExW
MoveWindow
SetScrollPos
GetScrollInfo
GetFocus
ShowScrollBar
SetScrollInfo
IsWindowUnicode
GetWindowLongA
GetClassInfoExW
DestroyMenu
EndMenu
GetWindowDC
GetSysColor
GetClassLongW
SetClassLongW
SendDlgItemMessageW
SetFocus
PeekMessageW
LoadBitmapW
DrawIconEx
LoadIconW
DrawFocusRect
IsWindowVisible
InvalidateRect
IsWindow
GetDlgItem
SetWindowPos
GetWindowLongW
GetClientRect
ScreenToClient
GetWindowRect
LockWindowUpdate
GetMenuState
GetWindowTextLengthW
GetKeyState
EnumChildWindows
TrackPopupMenuEx
FindWindowW
GetForegroundWindow
SendMessageTimeoutW
DrawEdge
PostThreadMessageW
keybd_event
SetWindowLongA
DeleteMenu
InsertMenuW
SetMenuItemInfoW
DestroyIcon
SetCapture
GetMessageW
TranslateMessage
DispatchMessageW
DialogBoxParamW
FindWindowExW
SendMessageW
SetPropW
GetSystemMetrics
RemovePropW
SetWindowLongW
MapWindowPoints
ShowCursor
mouse_event
PtInRect
IsDlgButtonChecked
UnhookWindowsHookEx
PostMessageW
GetPropW
GetParent
DrawFrameControl
GetDlgCtrlID
SetRectEmpty
LoadImageW
EndDialog
CheckDlgButton
RegisterClassW
GetMenuItemInfoW
UpdateWindow
KillTimer
SetTimer
FillRect
GetWindowTextW
InflateRect
GetDC
DrawTextW
ReleaseDC
WindowFromPoint
GetClassNameA
EnumWindows
GetMenuItemCount
GetMenuItemRect
OffsetRect
CopyRect
GetCursorPos
MenuItemFromPoint
GetMenuItemID
SetWindowTextW
GetClassInfoW
DefWindowProcW
LoadCursorW
GetSysColorBrush
SystemParametersInfoW
UnregisterHotKey
RegisterHotKey
GetWindow
CreateDialogParamW
IsRectEmpty
GetMenuStringW
SetMenuInfo
GetMenuInfo
RemoveMenu
RegisterWindowMessageA
GetComboBoxInfo
LoadStringW
MessageBoxW
RegisterWindowMessageW
CreateWindowExW
GetWindowThreadProcessId
CallNextHookEx
GetClassNameW
SetWindowsHookExW
DestroyWindow
ShowWindow

gdi32

GetCurrentObject
PatBlt
FillRgn
CreatePolygonRgn
SetBkColor
SetTextColor
SetPixel
CreateFontIndirectW
DeleteObject
SelectObject
SetBkMode
DeleteDC
GetTextExtentPoint32W
GetStockObject
FrameRgn
CombineRgn
CreateRoundRectRgn
GetPixel
CreateRectRgn
CreateRectRgnIndirect
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectW
LineTo
MoveToEx
CreatePen
CreateSolidBrush
RoundRect
StretchBlt
GetTextExtentPointW

advapi32

SetTokenInformation
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegCloseKey
OpenProcessToken
GetLengthSid
CreateProcessAsUserW
DuplicateTokenEx
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
RegEnumKeyExW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW
ExtractIconExW

ole32

CoTaskMemFree
StringFromIID
OleInitialize
OleUninitialize
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
OleRun
CLSIDFromString
StringFromGUID2
CoInitialize
CoCreateGuid
RegisterDragDrop
RevokeDragDrop
ReleaseStgMedium

oleaut32

SysStringLen
SysAllocStringLen
SafeArrayAccessData
SafeArrayUnaccessData
SysFreeString
SysAllocString
VariantInit
VariantClear
DispInvoke
SafeArrayCreateVector
RegisterTypeLi
LoadTypeLi
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
LoadRegTypeLi
DispGetIDsOfNames

msvcp60

??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?find_first_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?_Freeze@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBGI@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

comctl32

ImageList_Create
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Draw

shlwapi

StrStrIA
StrCpyNW
StrStrW
PathParseIconLocationW
StrRStrIW
PathIsDirectoryW
StrChrW
StrCmpW
StrStrA
StrChrA
SHGetValueW
PathIsUNCW
PathAppendA
PathRemoveBlanksW
PathRemoveBackslashW
PathStripToRootW
PathFindExtensionW
wnsprintfW
SHDeleteValueW
SHSetValueW
SHDeleteKeyW
StrStrIW
PathRemoveExtensionW
StrCmpIW
StrCmpNIW
PathRemoveFileSpecW
PathAddExtensionW
PathAppendW
PathFindFileNameW
PathFileExistsW
StrCmpNW
wnsprintfA

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW
IsValidURL

wininet

InternetGetCookieA
InternetCrackUrlA
InternetCrackUrlW
InternetSetCookieW
InternetSetCookieA
DeleteUrlCacheEntryW
InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
InternetOpenUrlW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
HttpAddRequestHeadersW

msvcrt

_wcsnicmp
calloc
_iob
exit
_strlwr
_strnicmp
_strcmpi
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
_CxxThrowException
_wcslwr
isspace
isalnum
isalpha
iswdigit
iswxdigit
bsearch
fputc
fprintf
wcsrchr
_lseek
_close
_write
_read
_open
malloc
tolower
ftell
fread
strrchr
fopen
rewind
fgets
strstr
fputs
fseek
strncmp
printf
abs
strchr
toupper
_itow
_snprintf
wcsncat
wcsncpy
wcscmp
wcsstr
wcscpy
srand
fgetc
wcschr
_wfopen
fwrite
fclose
_wtmpnam
wcstok
_wtoi
_wtol
strtok
atol
wcslen
_ftol
memcmp
strlen
atoi
rand
memcpy
strcmp
strncpy
_snwprintf
time
localtime
_purecall
free
memmove
realloc
_except_handler3
_wcsicmp
??2@YAPAXI@Z
memset
_EH_prolog
__CxxFrameHandler

msimg32

TransparentBlt
AlphaBlend

imm32

ImmSetCompositionWindow
ImmGetContext

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

htons
ntohl

psapi

EnumProcessModules

oleacc

AccessibleObjectFromPoint

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VistaRegisterPrscrnActiveX

Sections

.text
Size: 476KB - Virtual size: 473KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.toolbar
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.webslic
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 392KB - Virtual size: 389KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4da3061439e51b6d74802b24c75df2df

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

ed:74:2c:c3:2a:24:6b:35:34:9e:bb:ce:8e:7d:4a:e6:e6:a1:2c:54Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp60

comctl32

shlwapi

urlmon

wininet

msvcrt

msimg32

imm32

iphlpapi

version

ws2_32

psapi

oleacc

Exports

Exports

Sections

.text Size: 476KB - Virtual size: 473KB

.rdata Size: 56KB - Virtual size: 53KB

.data Size: 40KB - Virtual size: 63KB

.toolbar Size: 8KB - Virtual size: 5KB

.webslic Size: 4KB - Virtual size: 8B

.rsrc Size: 392KB - Virtual size: 389KB

.reloc Size: 44KB - Virtual size: 40KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

ed:74:2c:c3:2a:24:6b:35:34:9e:bb:ce:8e:7d:4a:e6:e6:a1:2c:54
Signer

.text
Size: 476KB - Virtual size: 473KB

.rdata
Size: 56KB - Virtual size: 53KB

.data
Size: 40KB - Virtual size: 63KB

.toolbar
Size: 8KB - Virtual size: 5KB

.webslic
Size: 4KB - Virtual size: 8B

.rsrc
Size: 392KB - Virtual size: 389KB

.reloc
Size: 44KB - Virtual size: 40KB