74dd34cd253dceb2382bce218b333dbb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

74dd34cd253dceb2382bce218b333dbb_JaffaCakes118
Size

464KB
MD5

74dd34cd253dceb2382bce218b333dbb
SHA1

849e91ed118db47c454ae72f6c814eee085a4c67
SHA256

11e4516d2dc834345779f1923e77b29153ff5f8a2323397a3e04c509342ca62c
SHA512

240eaed6a3c791f6496a3027b8a401d85d5f1c95e7c0f9bc439a6d8c4f024ccfb953c748e35534548ff38d5e2be45a6de0fd7a39554ad33947d5638b5f2b8588
SSDEEP

12288:4M6Jn1d9NQ3064PlTJ7L9QUn/lEl2iW6pXq:4M6J1dDQ30vJ7L3n04

Score

1^/10

Malware Config

Signatures

Files

74dd34cd253dceb2382bce218b333dbb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

50c0a4699493584e6fd1c146c36e6686

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:ea:b5:57:30:a7:55:a4:56:fe:6c:18:a4:79:1c:1a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/05/2009, 00:00

Not After

19/05/2011, 23:59

Subject

CN=Pinball Corporation.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Pinball Corporation.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a0:ff:c5:fe:cb:a1:0d:00:f3:1a:ce:f0:53:0d:00:ce:31:04:40:ba
Signer

Actual PE Digest

a0:ff:c5:fe:cb:a1:0d:00:f3:1a:ce:f0:53:0d:00:ce:31:04:40:ba

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Managed\BSAI\source\ICS_Release\Setup.pdb

Imports

kernel32

GetProcessHeap
HeapFree
ReadProcessMemory
SetFilePointer
GetModuleFileNameA
VirtualProtect
VirtualQuery
VirtualFree
VirtualAlloc
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
lstrcpyA
CreateEventA
CreateThread
CloseHandle
GetModuleHandleA
SetEvent
GetTickCount
WaitForSingleObject
WideCharToMultiByte
Sleep
FindResourceExA
FindResourceA
HeapAlloc
TerminateThread
ReadFile
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
SetStdHandle
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
CreateFileA
DeleteFileA
GetCurrentProcessId
OpenMutexA
CreateMutexA
GetLastError
GetCommandLineA
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
MultiByteToWideChar
LoadResource
LockResource
SizeofResource
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemInfo
GetStartupInfoA
ExitProcess
GetModuleHandleW
RtlUnwind
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapDestroy
LocalAlloc
SetErrorMode
GetDriveTypeA
GetComputerNameA
GetProcessTimes
DosDateTimeToFileTime
TerminateProcess
MoveFileExA
GetTempFileNameA
CreateProcessA
GetExitCodeProcess
CreateToolhelp32Snapshot
Module32First
GetVolumeInformationA
GetLocaleInfoA
GetComputerNameExA
CreateDirectoryA
OpenProcess
GetStdHandle
FreeConsole
AttachConsole
WriteConsoleA
Process32First
Process32Next
GetSystemDirectoryA
GetWindowsDirectoryA
GetTempPathA
GetVersionExA
GetShortPathNameA
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
lstrlenA
lstrlenW
FlushInstructionCache
lstrcmpA
SetLastError
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetLocalTime
GetSystemTime
HeapReAlloc
WaitForMultipleObjectsEx
ResumeThread
ReleaseMutex
WriteFile
FileTimeToSystemTime
GetVersion
GetFileSize
GetCurrentDirectoryA
OutputDebugStringA
GetExitCodeThread
FreeLibrary
GetProcAddress
LoadLibraryA
DeviceIoControl
LocalFree

user32

GetWindowLongA
ReleaseDC
SetRect
GetDC
SystemParametersInfoA
GetWindowRect
DefWindowProcA
SetWindowLongA
FindWindowExA
SendMessageA
PostMessageA
RedrawWindow
ReleaseCapture
SetWindowPos
GetCursorPos
SetCursor
PtInRect
ScreenToClient
GetFocus
GetParent
EnumWindows
GetWindowThreadProcessId
GetClassNameA
GetClientRect
GetWindowTextA
CreateDialogParamA
GetDesktopWindow
SetDlgItemTextA
UnregisterClassA
PostThreadMessageA
IsWindow
GetClassInfoExA
RegisterClassExA
BeginPaint
FillRect
DrawTextA
EndPaint
SetCapture
MessageBoxA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
LoadCursorA
RegisterClassA
CreateWindowExA
ShowWindow
UpdateWindow
GetSystemMenu
EnableMenuItem
GetSysColorBrush
FrameRect
MoveWindow
GetSysColor
LoadImageA
GetSystemMetrics
CharNextA
ClientToScreen
InvalidateRect
InvalidateRgn
IsChild
GetDlgItem
CallWindowProcA
DestroyAcceleratorTable
SetFocus
GetWindow
CreateAcceleratorTableA
SetWindowTextA
GetWindowTextLengthA
RegisterWindowMessageA
AttachThreadInput
GetForegroundWindow
FindWindowA
InflateRect
SetTimer
KillTimer
BringWindowToTop
SetForegroundWindow

gdi32

CreateSolidBrush
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateFontIndirectA
SetBkMode
SetTextColor
PatBlt
BitBlt
DeleteObject
DeleteDC
GetObjectA
GetStockObject

advapi32

RegQueryValueExA
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA
CryptHashData
CryptVerifySignatureA
CryptImportKey
CryptCreateHash
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegSetValueExA
OpenProcessToken
DuplicateTokenEx
ConvertSidToStringSidA
LookupAccountNameA

ole32

CLSIDFromString
CoCreateGuid
CoSetProxyBlanket
CoInitializeSecurity
CoInitialize
CLSIDFromProgID
CoGetClassObject
CoTaskMemAlloc
StringFromGUID2
OleInitialize
OleUninitialize
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
OleLockRunning
CoCreateInstance

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
VariantInit
SysStringLen
OleLoadPicture
SysAllocStringLen
SysFreeString

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

PathRemoveArgsA
UrlEscapeA
PathAddExtensionA
PathAppendA
PathQuoteSpacesA
PathFileExistsA
PathCombineA
PathStripPathA
PathRemoveExtensionA
PathFindExtensionA
PathUnquoteSpacesA
PathStripToRootA

ws2_32

WSACreateEvent
WSARecv
closesocket
WSASocketA
WSAEventSelect
WSASetEvent
WSACleanup
freeaddrinfo
getaddrinfo
WSASetLastError
WSACloseEvent
WSAEnumNetworkEvents
WSAGetLastError
WSAResetEvent
WSAStartup
WSASend
WSAGetOverlappedResult
WSAConnect

Sections

.text
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.crepe
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50c0a4699493584e6fd1c146c36e6686

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

4f:ea:b5:57:30:a7:55:a4:56:fe:6c:18:a4:79:1c:1aCertificate

Extended Key Usages

Key Usages

a0:ff:c5:fe:cb:a1:0d:00:f3:1a:ce:f0:53:0d:00:ce:31:04:40:baSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

version

shlwapi

ws2_32

Sections

.text Size: 289KB - Virtual size: 289KB

.crepe Size: 5KB - Virtual size: 5KB

.rdata Size: 68KB - Virtual size: 68KB

.data Size: 26KB - Virtual size: 36KB

.rsrc Size: 69KB - Virtual size: 68KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

4f:ea:b5:57:30:a7:55:a4:56:fe:6c:18:a4:79:1c:1a
Certificate

a0:ff:c5:fe:cb:a1:0d:00:f3:1a:ce:f0:53:0d:00:ce:31:04:40:ba
Signer

.text
Size: 289KB - Virtual size: 289KB

.crepe
Size: 5KB - Virtual size: 5KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 26KB - Virtual size: 36KB

.rsrc
Size: 69KB - Virtual size: 68KB