70265ae0a11ea67a4717b513e9587483_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

70265ae0a11ea67a4717b513e9587483_JaffaCakes118
Size

1.6MB
MD5

70265ae0a11ea67a4717b513e9587483
SHA1

ddb5a0c63905c1c5415f7529ee4bbf7045b26a1d
SHA256

be803b018eac8f161c181d36f2f3760d875145bdd003c676c1e9d34c5210bf77
SHA512

ac1fbe3e5a7769aebe7657ecb8871fc8a08bf1db45359ddd58afb8ea047dbad6791d12b67e423803414a9c0a789b0c797c433c5cf7f0e16fce199e21b9687151
SSDEEP

49152:o78tEqyG6JvWgoK/Q+EIucqVM1y0D0qaQZr:o78aqyGKITIy+00D0q5p

Score

1^/10

Malware Config

Signatures

Files

70265ae0a11ea67a4717b513e9587483_JaffaCakes118
.exe windows:6 windows x86 arch:x86

c8b27beabafb1fed81fa67577dfa5677

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

67:c5:f1:45:53:19:2e:4a:bf:84:35:9c:d7:e6:b1:b6
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

25/06/2009, 00:00

Not After

17/09/2011, 23:59

Subject

CN=RealVNC Ltd,OU=SOFTWARE,O=RealVNC Ltd,L=Cambridge,ST=Cambridgeshire,C=UK

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:16:b5:4b:e4:0a:e3:ba:3d:74:bc:04:27:94:2f:ff:b0:7f:97:24
Signer

Actual PE Digest

5e:16:b5:4b:e4:0a:e3:ba:3d:74:bc:04:27:94:2f:ff:b0:7f:97:24

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\home\hudson\slave-root\workspace\e4.6.x\label\win\src\release\win32\winvnc4.pdb

Imports

ws2_32

listen
socket
bind
closesocket
WSAEnumNetworkEvents
WSAIoctl
WSAEventSelect
htonl
inet_ntoa
accept
WSAConnect
gethostbyname
gethostname
__WSAFDIsSet
select
getpeername
getsockname
WSAStartup
getsockopt
ioctlsocket
getservbyname
gethostbyaddr
getservbyport
ntohs
WSASetLastError
inet_addr
ntohl
recv
send
setsockopt
htons
WSAGetLastError

comctl32

InitCommonControlsEx

kernel32

DeleteFileA
GetOverlappedResult
CancelIo
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
OpenEventW
FindResourceW
LoadResource
LockResource
SizeofResource
GetComputerNameW
WaitForMultipleObjects
WaitForSingleObjectEx
WaitForSingleObject
SetErrorMode
GetCurrentProcessId
GetModuleHandleW
Sleep
ResetEvent
SetEvent
CreateEventW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OpenProcess
GetCurrentThreadId
GetCurrentProcess
GetLastError
LocalAlloc
GetCurrentThread
DuplicateHandle
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryW
FormatMessageW
ResumeThread
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
CreateThread
GetThreadTimes
TerminateThread
GetSystemTimeAsFileTime
WideCharToMultiByte
OutputDebugStringW
GetCommandLineW
GetFileAttributesW
DeleteFileW
MoveFileW
CreateDirectoryW
GetVersion
GetFileType
GetStdHandle
GetTickCount
QueryPerformanceCounter
GlobalMemoryStatus
GetVersionExW
SetHandleInformation
LoadLibraryA
GetSystemDirectoryA
GetTempFileNameW
GetTempPathW
GetFileInformationByHandle
CreateFileW
ExitProcess
SetProcessShutdownParameters
CreateProcessW
TerminateProcess
GetExitCodeProcess
CreatePipe
GetModuleFileNameW
ExpandEnvironmentStringsW
FreeConsole
GetProfileStringW
FindClose
FindFirstFileA
GetFileAttributesA
SetLastError
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapFree
GetModuleHandleA
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
GetModuleFileNameA
SetEndOfFile
HeapReAlloc
GetTimeFormatA
GetDateFormatA
WriteFile
InterlockedIncrement
InterlockedDecrement
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStartupInfoA
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
ReadFile
LCMapStringA
LCMapStringW
LocalFree
GetConsoleMode
FlushFileBuffers
SetFilePointer
SetStdHandle
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetEnvironmentVariableA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CloseHandle
GetConsoleCP

user32

EnumWindows
GetIconInfo
DrawIconEx
CopyImage
GetGUIThreadInfo
SystemParametersInfoW
GetKeyboardLayout
IsWindowUnicode
SendMessageTimeoutW
GetAsyncKeyState
GetKeyState
mouse_event
GetSystemMetrics
GetWindow
MsgWaitForMultipleObjects
PeekMessageW
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
MessageBoxW
ReleaseDC
GetDC
CloseDesktop
EnumDesktopWindows
OpenDesktopW
EnumDesktopsW
SetThreadDesktop
OpenInputDesktop
WaitForInputIdle
RegisterWindowMessageW
ScreenToClient
GetParent
UnregisterClassW
DestroyWindow
RegisterClassW
CreateWindowExW
AdjustWindowRect
SetRect
FillRect
GetTopWindow
ShowWindow
ToAsciiEx
ToUnicodeEx
VkKeyScanExA
VkKeyScanExW
GetKeyboardLayoutList
DefWindowProcW
EnableWindow
RegisterClassExW
CreateDialogParamW
LoadIconW
DialogBoxParamW
IsDialogMessageW
EndDialog
LoadBitmapW
GetWindowThreadProcessId
UnhookWindowsHookEx
SetWindowsHookExW
ChangeClipboardChain
SetClipboardViewer
GetClipboardOwner
DrawTextW
EndPaint
BeginPaint
CallWindowProcW
DrawFocusRect
GetFocus
GetNextDlgTabItem
GetClipboardData
MapVirtualKeyW
keybd_event
ExitWindowsEx
GetClassNameW
IsWindowVisible
IsRectEmpty
ClientToScreen
EnumDisplaySettingsA
SendMessageW
GetDlgItem
IsIconic
LoadImageW
GetForegroundWindow
SetWindowTextW
GetThreadDesktop
DispatchMessageW
TranslateMessage
SetTimer
GetMessageW
PostMessageW
TrackPopupMenu
GetCursorPos
DeleteMenu
GetMenuItemInfoW
GetMenuItemCount
CheckMenuItem
SetMenuItemInfoW
EnableMenuItem
SetMenuDefaultItem
GetSubMenu
LoadMenuW
PostQuitMessage
SetForegroundWindow
PostThreadMessageW
FindWindowW
DestroyIcon
KillTimer
SetWindowLongW
GetWindowLongW
SetCursor
LoadCursorW
GetMessagePos
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
DestroyMenu
InvalidateRect
SetWindowPos
GetWindowRect
GetClientRect
IsWindow
CallNextHookEx

gdi32

GetTextExtentPoint32W
CreateFontIndirectW
Rectangle
CreateBrushIndirect
GetDIBits
GetClipBox
SetBkColor
PlayEnhMetaFile
GetEnhMetaFileW
DeleteEnhMetaFile
CreateDCW
CreateCompatibleDC
SetTextColor
DeleteDC
GetStockObject
CreateDIBSection
SetDIBColorTable
CreateCompatibleBitmap
ExtEscape
GetObjectW
GdiFlush
GetBitmapBits
GetSystemPaletteEntries
BitBlt
SelectObject
GetCurrentObject
DeleteObject
GetDeviceCaps

advapi32

RegDeleteValueW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CloseServiceHandle
SetServiceStatus
SetTokenInformation
OpenProcessToken
EqualSid
GetSecurityInfo
MapGenericMask
AccessCheck
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
CreateServiceW
OpenSCManagerW
DeleteService
OpenServiceW
StartServiceW
ControlService
QueryServiceStatus
MakeSelfRelativeSD
InitializeSecurityDescriptor
MakeAbsoluteSD
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
LogonUserW
DeregisterEventSource
RevertToSelf
RegisterEventSourceW
ReportEventW
IsValidSecurityDescriptor
OpenThreadToken
ImpersonateLoggedOnUser
LookupAccountNameW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegSetValueExW
RegNotifyChangeKeyValue
GetSecurityDescriptorLength
RegDeleteKeyW
CreateProcessAsUserW
GetUserNameW
RegCloseKey
GetExplicitEntriesFromAclW
GetAclInformation
GetTokenInformation
AllocateAndInitializeSid
FreeSid
LookupAccountSidW
IsValidSid
GetLengthSid
CopySid

shell32

Shell_NotifyIconW
ShellExecuteW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

oleacc

LresultFromObject
AccessibleObjectFromWindow

winspool.drv

EnumJobsW
AddPrinterW
SetPrinterW
ClosePrinter
OpenPrinterW
GetPrinterW
DeletePrinter
EnumPrinterDriversW
DeviceCapabilitiesW
EnumPrintersW
EnumPortsW
EnumMonitorsW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
OleInitialize
OleUninitialize
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream

oleaut32

SysAllocStringLen
SysAllocString

Sections

.text
Size: 960KB - Virtual size: 959KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8b27beabafb1fed81fa67577dfa5677

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

67:c5:f1:45:53:19:2e:4a:bf:84:35:9c:d7:e6:b1:b6Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

5e:16:b5:4b:e4:0a:e3:ba:3d:74:bc:04:27:94:2f:ff:b0:7f:97:24Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

comctl32

kernel32

user32

gdi32

advapi32

shell32

version

oleacc

winspool.drv

ole32

oleaut32

Sections

.text Size: 960KB - Virtual size: 959KB

.rdata Size: 240KB - Virtual size: 237KB

.data Size: 32KB - Virtual size: 48KB

.rsrc Size: 344KB - Virtual size: 343KB

.reloc Size: 72KB - Virtual size: 71KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

67:c5:f1:45:53:19:2e:4a:bf:84:35:9c:d7:e6:b1:b6
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

5e:16:b5:4b:e4:0a:e3:ba:3d:74:bc:04:27:94:2f:ff:b0:7f:97:24
Signer

.text
Size: 960KB - Virtual size: 959KB

.rdata
Size: 240KB - Virtual size: 237KB

.data
Size: 32KB - Virtual size: 48KB

.rsrc
Size: 344KB - Virtual size: 343KB

.reloc
Size: 72KB - Virtual size: 71KB