82f939b9093ff3b189e63c467e9f8caf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

82f939b9093ff3b189e63c467e9f8caf_JaffaCakes118
Size

6.5MB
MD5

82f939b9093ff3b189e63c467e9f8caf
SHA1

4d2d7fb5913a95f6332acb73cb712815722fed7b
SHA256

e30adca8dd25a0c06bee1fffba35e0f74c94af3b7fd5245310a5edbfb4c54e67
SHA512

bed3d35cc6fb06ed24a6bfabe33e74c2046d1472c16a534788e8eff266c5d54d5c4dcf1dbea3057b97f5076ad775b454490a0e9f12aeb7b6a1c5f82e62fe4c2e
SSDEEP

24576:VHjMTdyaiQdWEGanyphlNV+WQJjGW/aEzWT7TQLb/nqBvccx7qZ5:VHXVQdWzanypVV+nJjGwzHqBpE5

Score

1^/10

Malware Config

Signatures

Files

82f939b9093ff3b189e63c467e9f8caf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8ed8cd12adf3401b0e7d82cd7f7b5161

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

02:a7:89:94:e8:04:2b:c5:0c:7a:33:3e:91:f7:4b:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/09/2007, 00:00

Not After

14/11/2010, 23:59

Subject

CN=C-NetMedia,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=C-NetMedia,L=Mobile,ST=Alabama,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b2:9e:65:b4:dc:29:e9:57:2d:11:43:a5:8d:b5:93:f6:4a:53:7d:eb
Signer

Actual PE Digest

b2:9e:65:b4:dc:29:e9:57:2d:11:43:a5:8d:b5:93:f6:4a:53:7d:eb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\Timothy\My Documents\WorkCode\AdwareAlert\trunk\release\AdwareAlert.pdb

Imports

tcl

Tcl_CreateCommand
Tcl_ProcCmd
Tcl_CreateInterp
Tcl_CloneInterp
Tcl_DeleteClone
Tcl_GetStringResult
Tcl_EvalEx
Tcl_ResetResult
Tcl_DeleteInterp
Tcl_SplitList
Tcl_FreeList
Tcl_SetResult

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

SearchPathA
CreateProcessA
WritePrivateProfileStringA
GetCurrentThread
LocalAlloc
lstrcmpA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThreadId
GlobalDeleteAtom
SetThreadPriority
SuspendThread
GlobalAddAtomA
GetCurrentProcessId
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
GetModuleFileNameW
GetThreadLocale
SetFilePointer
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
InterlockedIncrement
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetCurrentDirectoryA
GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
GetSystemTime
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
GetCommandLineA
GetStartupInfoA
ExitThread
GetSystemTimeAsFileTime
RaiseException
GetTimeFormatA
GetDateFormatA
SetCurrentDirectoryA
SetEnvironmentVariableA
SetStdHandle
GetFileType
ExitProcess
HeapSize
GetACP
IsValidCodePage
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetDriveTypeA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
lstrcatA
TerminateProcess
GetVersionExA
GetSystemInfo
GetFileTime
ExpandEnvironmentStringsA
CreateThread
SetConsoleScreenBufferSize
GetStdHandle
GetConsoleScreenBufferInfo
AllocConsole
FreeConsole
TlsFree
TlsAlloc
CreateNamedPipeA
DisconnectNamedPipe
FlushFileBuffers
WriteFile
HeapCreate
MoveFileA
ReadFile
HeapDestroy
LeaveCriticalSection
EnterCriticalSection
ConnectNamedPipe
HeapCompact
HeapAlloc
DeleteCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapFree
lstrcpyA
CreateFileA
GetFileSize
InterlockedDecrement
TerminateThread
TlsGetValue
TlsSetValue
lstrcpynA
FileTimeToLocalFileTime
FileTimeToSystemTime
SetLastError
Sleep
FindFirstFileA
GetFileAttributesA
FindNextFileA
FindClose
DeleteFileA
CreateDirectoryA
LoadLibraryA
FreeLibrary
GetModuleFileNameA
FormatMessageA
LocalFree
GetSystemDirectoryA
GetTempPathA
GetLocalTime
GetCurrentProcess
GetWindowsDirectoryA
CreateEventA
GlobalAlloc
ResumeThread
GlobalFree
MulDiv
GlobalUnlock
ResetEvent
GlobalLock
SetEvent
WaitForSingleObject
CloseHandle
GetModuleHandleA
GetProcAddress
FreeResource
GetEnvironmentVariableA
lstrlenA
CompareStringW
CompareStringA
GetVersion
GetLastError
MultiByteToWideChar
InterlockedExchange
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
WinExec
GetLogicalDriveStringsA
GetTickCount

user32

SetCapture
CopyAcceleratorTableA
IsRectEmpty
InvalidateRgn
GetNextDlgGroupItem
RegisterClipboardFormatA
PostThreadMessageA
MessageBeep
CharNextA
SetWindowContextHelpId
MapDialogRect
DestroyMenu
InflateRect
GrayStringA
DrawTextExA
TabbedTextOutA
RegisterWindowMessageA
WinHelpA
IsChild
GetClassLongA
GetClassNameA
RemovePropA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
UpdateWindow
GetMenu
GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
GetScrollInfo
CallWindowProcA
OffsetRect
IntersectRect
GetWindowPlacement
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
EndDialog
SetFocus
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GetWindow
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
EnableMenuItem
CheckMenuItem
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
TrackMouseEvent
PeekMessageA
DispatchMessageA
TranslateMessage
GetSysColorBrush
CopyIcon
GetCaretPos
RedrawWindow
SetTimer
SystemParametersInfoA
SetWindowPos
GetWindowDC
ScreenToClient
ModifyMenuA
GetSystemMetrics
LoadIconA
IsIconic
DrawIcon
PtInRect
MessageBoxA
IsWindow
EqualRect
RegisterClassA
CharUpperA
LoadBitmapA
SendMessageA
GetWindowRect
CopyRect
PostMessageA
EnableWindow
SetRect
GetCursorPos
LoadMenuA
SetForegroundWindow
GetWindowLongA
GetSubMenu
SetWindowLongA
SetWindowRgn
GetClientRect
InvalidateRect
GetDC
HideCaret
ReleaseDC
GetParent
LoadImageA
KillTimer
LoadCursorA
FillRect
DestroyCursor
GetSysColor
SetCursor
SetClassLongA
DrawEdge
DrawFocusRect
ClientToScreen
ReleaseCapture
GetCapture
WindowFromPoint
FindWindowA
GetDesktopWindow
ExitWindowsEx
SetPropA
GetDlgCtrlID
DefWindowProcA
GetPropA
UnregisterClassA
RegisterClassExA
DrawTextA
GetWindowTextA
GetWindowTextLengthA
SendMessageCallbackA
CreateWindowExA
EndPaint
BeginPaint

gdi32

GetCurrentObject
GetCurrentPositionEx
ArcTo
ExtSelectClipRgn
CreatePen
StretchBlt
GetTextExtentPoint32A
GetMapMode
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
CreateCompatibleDC
CombineRgn
CreateBitmap
GetObjectA
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
MoveToEx
LineTo
SetMapMode
RestoreDC
SaveDC
CreateRectRgnIndirect
GetClipBox
GetDIBits
SetTextColor
SetBkColor
SetBkMode
CreateFontIndirectA
SelectClipRgn
ExtTextOutA
GetTextMetricsA
DeleteDC
SelectObject
GetDeviceCaps
Rectangle
ExtCreateRegion
CreateRectRgn
CreateSolidBrush
GetPixel
DeleteObject
GetStockObject
CreatePatternBrush
CreateCompatibleBitmap
BitBlt
ScaleWindowExtEx

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

comctl32

ord17
_TrackMouseEvent

shlwapi

PathFileExistsA
UrlUnescapeA
PathIsUNCA
PathStripToRootA
PathFindFileNameA
PathFindExtensionA
SHDeleteKeyA
PathIsDirectoryA

oledlg

ord8

ole32

CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
CoRegisterMessageFilter
OleUninitialize

oleaut32

OleLoadPicture
VariantClear
SysFreeString
SysAllocString
VariantChangeType
VariantInit
SysStringLen
SysAllocStringByteLen
SysAllocStringLen
OleCreateFontIndirect
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime

wininet

HttpOpenRequestA
InternetOpenUrlA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpQueryInfoA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetSetOptionExA
InternetQueryDataAvailable

zlib

inflate
inflateInit2_
inflateEnd

msimg32

GradientFill

Sections

.text
Size: 652KB - Virtual size: 651KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ed8cd12adf3401b0e7d82cd7f7b5161

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

02:a7:89:94:e8:04:2b:c5:0c:7a:33:3e:91:f7:4b:3dCertificate

Extended Key Usages

Key Usages

b2:9e:65:b4:dc:29:e9:57:2d:11:43:a5:8d:b5:93:f6:4a:53:7d:ebSigner

Headers

File Characteristics

PDB Paths

Imports

tcl

version

kernel32

user32

gdi32

comdlg32

winspool.drv

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

zlib

msimg32

Sections

.text Size: 652KB - Virtual size: 651KB

.rdata Size: 144KB - Virtual size: 143KB

.data Size: 20KB - Virtual size: 32KB

.rsrc Size: 5.7MB - Virtual size: 5.7MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

02:a7:89:94:e8:04:2b:c5:0c:7a:33:3e:91:f7:4b:3d
Certificate

b2:9e:65:b4:dc:29:e9:57:2d:11:43:a5:8d:b5:93:f6:4a:53:7d:eb
Signer

.text
Size: 652KB - Virtual size: 651KB

.rdata
Size: 144KB - Virtual size: 143KB

.data
Size: 20KB - Virtual size: 32KB

.rsrc
Size: 5.7MB - Virtual size: 5.7MB