6a052b5b80f5b1f7a1792d4963eea892_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6a052b5b80f5b1f7a1792d4963eea892_JaffaCakes118
Size

728KB
MD5

6a052b5b80f5b1f7a1792d4963eea892
SHA1

74d78bdf4234f145a6875069a6891975f1600527
SHA256

d19ef849e241b63bc71493a008e7878d6c899cc83b145670af21ed5ccca0d86b
SHA512

91002d58ffbca8ef6eaf40a16992bcf30750beeb6813d4a36c8924eef061dae29a5e88c1f6df12170f4fa50969f531d34ef87f9ca8219e744affce9dbb70f258
SSDEEP

12288:5fnI8w6yvdg0lyMeOkwJ1Dbhykk+pxPiNF:ZI8w6b0liLwJ1hykr3i

Score

1^/10

Malware Config

Signatures

Files

6a052b5b80f5b1f7a1792d4963eea892_JaffaCakes118
.exe windows:4 windows x86 arch:x86

43b8de709806e550dea489e05a59e54e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:ea:b5:57:30:a7:55:a4:56:fe:6c:18:a4:79:1c:1a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19-05-2009 00:00

Not After

19-05-2011 23:59

Subject

CN=Pinball Corporation.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Pinball Corporation.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

92:72:12:b3:13:36:99:1d:a5:af:a7:04:c0:29:54:6f:b9:ed:36:c2
Signer

Actual PE Digest

92:72:12:b3:13:36:99:1d:a5:af:a7:04:c0:29:54:6f:b9:ed:36:c2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\101215_153018_build_StPauliGirl\Client_Build_StPauliGirl_10.0.630.0\compile\source_sa\bin\ClickPotatoLite_Release\ClickPotatoLiteSA.pdb

Imports

comctl32

ord17

kernel32

GlobalLock
GlobalAlloc
lstrlenW
MulDiv
GlobalDeleteAtom
GlobalGetAtomNameA
CreateProcessA
SetFileAttributesA
DeleteFileA
GetTempPathA
GetTempFileNameA
InterlockedExchange
GetVersion
CompareStringA
CompareStringW
OpenMutexA
ReleaseMutex
UnmapViewOfFile
OutputDebugStringA
GetCurrentProcessId
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
GetVersionExA
GetComputerNameExA
GetSystemDirectoryA
GetOEMCP
GetACP
GetThreadLocale
GetUserDefaultLangID
GetSystemDefaultLangID
DosDateTimeToFileTime
LocalAlloc
RemoveDirectoryA
GetFileAttributesA
GetPrivateProfileStringA
OpenFile
SetFilePointer
GetComputerNameA
GetDriveTypeA
GetVolumeInformationA
SetErrorMode
GetProcessHeap
HeapFree
HeapAlloc
WaitForMultipleObjects
OpenEventA
GlobalAddAtomA
CopyFileA
FreeResource
IsBadReadPtr
FileTimeToSystemTime
ResumeThread
SetThreadPriority
GetCurrentThread
FormatMessageA
GlobalFree
GlobalHandle
CompareFileTime
SystemTimeToFileTime
WritePrivateProfileStringA
GetTimeZoneInformation
GlobalUnlock
RaiseException
GetSystemTime
SetEnvironmentVariableA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetDateFormatA
GetTimeFormatA
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
GetStringTypeW
GetStringTypeA
ExitProcess
HeapCreate
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualProtect
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
GetLocaleInfoA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
WideCharToMultiByte
FlushInstructionCache
GetCurrentProcess
GetModuleHandleA
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
SetEvent
SetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
GetShortPathNameA
MultiByteToWideChar
ResetEvent
Sleep
WriteFile
CreateFileA
GetFileSize
ReadFile
CreateDirectoryA
LocalFree
CreateThread
TerminateThread
CreateEventA
lstrlenA
lstrcpyA
lstrcpynA
lstrcmpA
LoadLibraryExA
CreateMutexA
GetLastError
CloseHandle
OpenProcess
GetTickCount
WaitForSingleObject
GetSystemTimeAsFileTime
GetModuleFileNameA

user32

EnumThreadWindows
CheckMenuItem
EnableMenuItem
DeleteMenu
InsertMenuA
IsWindowEnabled
CreateDialogIndirectParamA
SetActiveWindow
CharLowerBuffA
EnumWindows
SendMessageTimeoutA
UnregisterClassA
DrawAnimatedRects
GetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
EnableWindow
LoadMenuA
GetSubMenu
DestroyMenu
ModifyMenuA
SetMenuItemInfoA
TrackPopupMenu
FindWindowExA
SystemParametersInfoA
SetRect
EndDialog
DrawIcon
IsIconic
DialogBoxParamA
IsWindowVisible
DefWindowProcA
GetPropA
PostMessageA
IsWindow
GetClassInfoExA
LoadCursorA
DestroyWindow
PostThreadMessageA
RegisterClassExA
CreateWindowExA
GetThreadDesktop
DestroyIcon
LoadImageA
SetWindowPos
LoadBitmapA
PtInRect
CopyRect
LoadIconA
GetCursorPos
SetWindowRgn
PeekMessageA
MsgWaitForMultipleObjects
AdjustWindowRectEx
GetMenu
SetDlgItemTextA
PostQuitMessage
CreateAcceleratorTableA
GetDesktopWindow
GetFocus
SetFocus
DestroyAcceleratorTable
RemovePropA
SetWindowLongA
SetPropA
GetAncestor
SetForegroundWindow
GetSystemMetrics
GetWindowRect
FindWindowA
BeginPaint
EndPaint
CallWindowProcA
FillRect
ReleaseCapture
GetClassNameA
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
MoveWindow
CharNextA
GetSysColor
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
SendMessageA
SetWindowContextHelpId
GetWindow
SendDlgItemMessageA
MapDialogRect
KillTimer
SetTimer
GetWindowLongA
MessageBoxA
RegisterClassA
GetMessageA
TranslateMessage
DispatchMessageA
ShowWindow

gdi32

SelectClipRgn
StretchBlt
GetPixel
DeleteDC
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetTextExtentPoint32A
GetDeviceCaps
CreateSolidBrush
GetObjectA
GetStockObject
CreateRectRgn
GetRgnBox
PtInRegion
CombineRgn
ExtCreateRegion
BitBlt
GetRegionData

advapi32

RegCreateKeyExA
CryptAcquireContextA
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptDeriveKey
CryptDestroyKey
CryptDecrypt
CryptHashData
RegDeleteKeyA
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegEnumKeyExA
RegQueryInfoKeyA
ConvertStringSecurityDescriptorToSecurityDescriptorA
ConvertSidToStringSidA
LookupAccountNameA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegSetValueExA

shell32

Shell_NotifyIconA
SHAppBarMessage
ShellExecuteExA
ShellExecuteA

ole32

IIDFromString
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemAlloc

oleaut32

SysStringLen
SysAllocStringLen
SysAllocString
SysStringByteLen
VariantInit
SystemTimeToVariantTime
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VariantCopy
VariantChangeType
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayUnlock
SafeArrayLock
SafeArrayCreate
SysAllocStringByteLen
VariantTimeToSystemTime
SysFreeString

shlwapi

StrToIntA
PathFileExistsA

rpcrt4

UuidCreate

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 574KB - Virtual size: 573KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43b8de709806e550dea489e05a59e54e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

4f:ea:b5:57:30:a7:55:a4:56:fe:6c:18:a4:79:1c:1aCertificate

Extended Key Usages

Key Usages

92:72:12:b3:13:36:99:1d:a5:af:a7:04:c0:29:54:6f:b9:ed:36:c2Signer

Headers

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

rpcrt4

version

Sections

.text Size: 574KB - Virtual size: 573KB

.data Size: 29KB - Virtual size: 41KB

.rsrc Size: 115KB - Virtual size: 115KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

4f:ea:b5:57:30:a7:55:a4:56:fe:6c:18:a4:79:1c:1a
Certificate

92:72:12:b3:13:36:99:1d:a5:af:a7:04:c0:29:54:6f:b9:ed:36:c2
Signer

.text
Size: 574KB - Virtual size: 573KB

.data
Size: 29KB - Virtual size: 41KB

.rsrc
Size: 115KB - Virtual size: 115KB