825e55b05459dd4a6ed92293bf47b163_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

825e55b05459dd4a6ed92293bf47b163_JaffaCakes118
Size

228KB
MD5

825e55b05459dd4a6ed92293bf47b163
SHA1

bfc07af02eedb2335492f699cbb5a5eca1d2808a
SHA256

070982eb95e96e9ad3938650b8134ae58bf4d7035487cefebe7d3e8a5c2d57ea
SHA512

27c41d280e71972890403cefa1b9c122b5ce4c4c69d5c2bf5bf2c63eb428dea21dbb01996825a005cc1927c709cd3720898ba1939e367664f834cee48ed6f56b
SSDEEP

6144:W/26kJC3oghja3DpYGaYxKrNV0eS0HeMa74XqI:nC4gNobaYoN2eS0Gyb

Score

1^/10

Malware Config

Signatures

Files

825e55b05459dd4a6ed92293bf47b163_JaffaCakes118
.exe .vbs windows:5 windows x86 arch:x86 polyglot

0bb79b5c820db3a7f3b56a2dbe1bdbc4

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

02:bc:fc:21:a6:27:eb:b7:6d:0c:b2:c0:6d:fe:30:01:a1:5b:8b:ec
Signer

Actual PE Digest

02:bc:fc:21:a6:27:eb:b7:6d:0c:b2:c0:6d:fe:30:01:a1:5b:8b:ec

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

spuninst.pdb

Imports

comctl32

CreatePropertySheetPageW
PropertySheetW

user32

RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
MessageBoxW
wvsprintfW
GetWindowTextA
GetWindow
GetWindowThreadProcessId
FindWindowExA
CloseDesktop
EnumWindows
SetThreadDesktop
GetThreadDesktop
OpenDesktopA
CloseWindowStation
EnumDesktopsA
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationA
EnumWindowStationsA
LoadIconA
MessageBoxA
SetDlgItemTextA
DialogBoxParamA
SetWindowTextA
DialogBoxParamW
SendDlgItemMessageA
ShowWindow
SendMessageA
GetDlgItem
LoadStringW
LoadStringA
EndDialog
SetForegroundWindow
SendMessageW
PostMessageA
SetWindowTextW
SetWindowLongA
GetWindowLongA
GetParent
DestroyWindow
SetDlgItemTextW
KillTimer
IsDlgButtonChecked
SetTimer
CheckDlgButton
EnableWindow

ntdll

_chkstk
wcslen
wcscpy
_snwprintf
strtoul
NtClose
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationProcess
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlCharToInteger
LdrAccessResource
LdrFindResource_U
NtQuerySystemInformation
NtShutdownSystem
RtlUnicodeStringToAnsiString
_itoa
strncat
_strcmpi
strrchr
_stricmp
_snprintf
_vsnprintf
strstr
strncpy
strchr
RtlUnwind
sprintf
_strnicmp
NtQueryVirtualMemory

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoInitializeEx

updspapi

UpdSpStringTableInitialize
UpdSpStringTableInitializeEx
UpdSpStringTableAddString
UpdSpStringTableAddStringEx
UpdSpStringTableLookUpString
UpdSpStringTableLookUpStringEx
UpdSpGetLineCountA
UpdSpSetDynamicStringA
UpdSpGetTargetPathA
UpdSpStringTableDestroy
UpdSpPromptForDiskA
UpdSpSetDirectoryIdA
UpdSpGetSourceInfoA
UpdSpOpenFileQueue
UpdSpGetFieldCount
UpdSpInitDefaultQueueCallbackEx
UpdSpCloseInfFile
UpdSpStringTableEnum
UpdSpScanFileQueueA
UpdSpCopyErrorA
UpdSpFindNextMatchLineW
UpdSpGetMultiSzFieldW
UpdSpGetStringFieldW
UpdSpCommitFileQueueA
UpdSpDefaultQueueCallbackW
UpdSpDefaultQueueCallbackA
UpdSpInstallFromInfSectionA
UpdSpOpenAppendInfFileA
UpdSpDecompressOrCopyFileA
UpdSpGetLineTextW
UpdSpGetIntField
UpdSpGetBinaryField
UpdSpGetLineTextA
UpdSpOpenInfFileA
UpdSpFindFirstLineA
UpdSpGetStringFieldA
UpdSpFindNextLine
UpdSpGetTargetPathW
UpdSpInstallFilesFromInfSectionA
UpdSpFindFirstLineW
UpdSpGetLineByIndexA

msvcrt

memmove
isdigit
calloc
swprintf
wcscmp
toupper
strspn
atol
strpbrk
_close
_lseek
_read
_open
mbstowcs
getenv
_ultoa
_wtoi64
strcspn
strtok
wcstoul
exit
_itow
_c_exit
_exit
_XcptFilter
_cexit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_strdup
_vsnwprintf
_mbslwr
free
_wcsicmp
malloc

advapi32

InitiateSystemShutdownA
RegQueryValueExA
RegOpenKeyExA
OpenServiceW
EnumServicesStatusExA
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyA
RegCloseKey
AbortSystemShutdownA
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
GetFileSecurityA
LockServiceDatabase
QueryServiceConfigA
ChangeServiceConfigA
UnlockServiceDatabase
GetNamedSecurityInfoA
SetNamedSecurityInfoA
FreeSid
AdjustTokenPrivileges
RegisterEventSourceA
ReportEventA
DeregisterEventSource
OpenProcessToken
AllocateAndInitializeSid
GetTokenInformation
GetLengthSid
RegQueryValueExW
EnumDependentServicesA
OpenSCManagerA
StartServiceA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
GetServiceDisplayNameA
ControlService
SetFileSecurityA
RegCreateKeyExA
RegRestoreKeyA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA

kernel32

DelayLoadFailureHook
CopyFileA
GetStartupInfoA
CreateProcessW
DeleteFileW
MapViewOfFile
DuplicateHandle
GetSystemDefaultLangID
GetModuleFileNameW
ReleaseMutex
CopyFileW
GetWindowsDirectoryW
GetTempFileNameW
lstrlenW
VirtualFree
GetVersionExW
ExpandEnvironmentStringsW
SearchPathW
lstrcpyW
lstrcpynW
GetDriveTypeW
GetLocalTime
SearchPathA
CompareStringA
OpenEventA
GetTempFileNameA
CreateFileW
SetEndOfFile
InterlockedIncrement
OpenProcess
CreateRemoteThread
VirtualAllocEx
WriteProcessMemory
CreateEventA
CreateEventW
lstrcmpiA
QueryDosDeviceA
DefineDosDeviceA
lstrcmpA
LoadLibraryW
lstrcmpiW
CreateDirectoryA
FormatMessageW
GetFileSize
LocalFree
LocalAlloc
CreateFileMappingA
MapViewOfFileEx
FindResourceA
LoadResource
UnmapViewOfFile
ReadFile
ExpandEnvironmentStringsA
FindFirstFileA
FindNextFileA
FindClose
DeviceIoControl
GetSystemDirectoryA
GetDiskFreeSpaceA
CreateProcessA
GetExitCodeProcess
FlushFileBuffers
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
FreeLibrary
GetVersionExA
GetSystemInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentVariableA
CreateMutexA
SetUnhandledExceptionFilter
FormatMessageA
lstrcpynA
lstrcpyA
SetEvent
WaitForSingleObject
GetModuleHandleA
CreateThread
GetCurrentProcess
GetWindowsDirectoryA
SetCurrentDirectoryA
LoadLibraryA
Sleep
VirtualAlloc
DeleteFileA
WideCharToMultiByte
SetFileAttributesA
MultiByteToWideChar
GetProcAddress
SetFilePointer
CreateFileA
WriteFile
CloseHandle
RemoveDirectoryA
MoveFileExA
lstrlenA
GetFullPathNameA
ExitProcess
SetLastError
GetModuleFileNameA
SetEnvironmentVariableA
GetFileAttributesA
MoveFileA
GetLastError

gdi32

GetObjectA
CreateFontIndirectA

shell32

SHChangeNotify
SHGetSpecialFolderPathA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

psapi

GetModuleFileNameExA

rpcrt4

UuidFromStringA

imagehlp

EnumerateLoadedModules64

shlwapi

PathGetArgsA
PathUnquoteSpacesA

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

XOR
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0bb79b5c820db3a7f3b56a2dbe1bdbc4

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

61:49:7c:ed:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate

Extended Key Usages

Key Usages

61:46:9e:cb:00:04:00:00:00:65Certificate

Extended Key Usages

Key Usages

02:bc:fc:21:a6:27:eb:b7:6d:0c:b2:c0:6d:fe:30:01:a1:5b:8b:ecSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

user32

ntdll

ole32

updspapi

msvcrt

advapi32

kernel32

gdi32

shell32

version

psapi

rpcrt4

imagehlp

shlwapi

Sections

.text Size: 169KB - Virtual size: 169KB

.data Size: 2KB - Virtual size: 398KB

.rsrc Size: 44KB - Virtual size: 43KB

XOR Size: 2KB - Virtual size: 2KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:49:7c:ed:00:00:00:00:00:05
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

02:bc:fc:21:a6:27:eb:b7:6d:0c:b2:c0:6d:fe:30:01:a1:5b:8b:ec
Signer

.text
Size: 169KB - Virtual size: 169KB

.data
Size: 2KB - Virtual size: 398KB

.rsrc
Size: 44KB - Virtual size: 43KB

XOR
Size: 2KB - Virtual size: 2KB