83bf6a2ee3977b5cc03eca9177089027_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

83bf6a2ee3977b5cc03eca9177089027_JaffaCakes118
Size

5.2MB
MD5

83bf6a2ee3977b5cc03eca9177089027
SHA1

4dcea4cf8e084293a4bad3945a52f64ca8b6b32d
SHA256

4672cda09b959e1d4069df622944794e2a85ff4bbcf9aa70819f307635ccd393
SHA512

ce88638d194e25261a9ae211118ead800f8e0cef59bb8128993cd152f452e223d8d57026a871aa1814ffce7db659116d23b29c7ca37376ffa8fc2890d8296a30
SSDEEP

98304:c68CQnk4tPx4xM7bvITbTVXeiTsjCzZGGh+r7HK4KiIKqcYjcAC6dU:dQnbPx4xM7kTbTV3scZGA+3K4KiLqLYh

Score

1^/10

Malware Config

Signatures

Files

83bf6a2ee3977b5cc03eca9177089027_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a6b32bf5b9774a5a3be9ed8b60892d85

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:1b:1d:e3:fd:f7:d6:81:24:13:6d:14:83:c1:6b:21
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/07/2007, 00:00

Not After

02/07/2009, 23:59

Subject

CN=W3i\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=W3i\, LLC,L=Sartell,ST=Minnesota,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d2:41:36:d9:ee:26:81:f8:63:e4:6f:43:3b:c7:57:ab:ee:74:0e:43
Signer

Actual PE Digest

d2:41:36:d9:ee:26:81:f8:63:e4:6f:43:3b:c7:57:ab:ee:74:0e:43

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\TFS\Installer\MAIN\Installer.FreezeWrap.Application\release\FreezeWrapWin.pdb

Imports

crypt32

CertVerifyCertificateChainPolicy
CertCloseStore
CertNameToStrA
CertFreeCertificateContext
CertCreateCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateChain
CryptDecodeObject

iphlpapi

GetAdaptersInfo

kernel32

GetCurrentProcessId
SetThreadPriority
SetEvent
SuspendThread
CreateEventA
RaiseException
GlobalFlags
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
EnumResourceLanguagesA
GetThreadLocale
FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
GetVolumeInformationA
SetErrorMode
ExitProcess
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
GetCommandLineA
GetStartupInfoA
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ExitThread
HeapSize
IsValidCodePage
LCMapStringA
LCMapStringW
GetStdHandle
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
SetEnvironmentVariableA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LoadLibraryW
AreFileApisANSI
LockFileEx
EnumResourceNamesA
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
GetPrivateProfileSectionA
GetLongPathNameA
GetLocaleInfoA
lstrcmpA
InterlockedDecrement
GlobalAlloc
MulDiv
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
SetLastError
lstrcmpW
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
CreateThread
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
IsBadReadPtr
FindNextFileW
FindFirstFileW
DosDateTimeToFileTime
LocalFileTimeToFileTime
FileTimeToDosDateTime
GetCurrentThread
CompareFileTime
CreateFileW
GetTickCount
SetFileAttributesW
SetFileTime
CreateDirectoryW
GetFileAttributesW
DeleteFileW
CopyFileW
MoveFileA
MoveFileW
GetModuleFileNameW
GetTempPathW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetFullPathNameW
GetOEMCP
GetACP
OpenEventA
GetPrivateProfileStringA
ResumeThread
GlobalMemoryStatus
GetSystemInfo
SetFilePointer
WriteFile
ReadFile
GetFileSize
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentProcess
GetModuleHandleA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
FileTimeToLocalFileTime
GetFileTime
CreateFileA
GetTimeZoneInformation
FileTimeToSystemTime
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
WaitForSingleObject
CreateProcessA
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryA
Module32Next
Module32First
GetExitCodeProcess
TerminateProcess
SetFileAttributesA
RemoveDirectoryA
DeleteFileA
GetTempFileNameA
GetSystemTime
CreateDirectoryA
FindClose
FindNextFileA
FindFirstFileA
GetShortPathNameA
GetTempPathA
GetFullPathNameA
GetModuleFileNameA
GetFileAttributesA
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
LocalFree
FormatMessageA
lstrlenW
InterlockedExchange
ResetEvent
MultiByteToWideChar
CompareStringA
GetVersion
CompareStringW
lstrlenA
CreateMutexA
ReleaseMutex
WritePrivateProfileStringA
GetPrivateProfileIntA
CopyFileA
SystemTimeToFileTime
GetLocalTime
Sleep
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetLastError
SetEndOfFile
ConvertDefaultLocale
GetCPInfo

user32

CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
DefWindowProcA
CallWindowProcA
SetWindowPos
IntersectRect
GetWindowPlacement
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
DrawIcon
SetDlgItemTextA
InflateRect
DrawEdge
ChildWindowFromPoint
GetCursorPos
SetWindowsHookExA
ValidateRect
TranslateMessage
GetMessageA
IsChild
ShowScrollBar
PtInRect
GetWindow
SetCursor
LoadImageA
MapDialogRect
ClientToScreen
LoadCursorA
WaitForInputIdle
DialogBoxParamA
SetWindowLongA
EndDialog
GetSysColorBrush
GetSysColor
GetDlgCtrlID
GetWindowLongA
OffsetRect
SetCapture
ReleaseCapture
GetCapture
SetClassLongA
GetParent
EnumDisplaySettingsA
GetSystemMetrics
GetWindowRect
InvalidateRect
ScreenToClient
SystemParametersInfoA
IsWindowEnabled
EnumWindows
EnumChildWindows
GetClassNameA
GetWindowThreadProcessId
wsprintfA
CharUpperA
PostMessageA
IsWindowVisible
SetForegroundWindow
GetClientRect
LoadIconA
MessageBoxA
IsDialogMessageA
MoveWindow
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
DestroyWindow
SendDlgItemMessageA
WinHelpA
RegisterWindowMessageA
GetDC
ReleaseDC
PostQuitMessage
SetMenuItemBitmaps
IsIconic
ShowOwnedPopups
GetAsyncKeyState
EnableWindow
SendMessageA
SetTimer
UpdateWindow
KillTimer
RedrawWindow
IsWindow
CreateDialogParamA
SetWindowTextA
ShowWindow
GetDlgItem
FillRect
TabbedTextOutA
DrawTextA
DrawTextExA
PostThreadMessageA
MessageBeep
GetNextDlgGroupItem
RegisterClipboardFormatA
SetWindowContextHelpId
CharNextA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
BringWindowToTop
SetMenu
TranslateAcceleratorA
InvalidateRgn
SetRect
CopyAcceleratorTableA
UnregisterClassA
DestroyMenu
GetMenuItemInfoA
SetWindowRgn
IsRectEmpty
FindWindowA
WindowFromPoint
EndPaint
BeginPaint
GetWindowDC
CopyRect
GrayStringA

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
GetMapMode
CreateEllipticRgn
LPtoDP
Ellipse
GetTextExtentPoint32A
GetRgnBox
GetBkColor
GetTextColor
GetPixel
GetWindowExtEx
GetViewportExtEx
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap
CreateRectRgnIndirect
SetTextColor
GetClipBox
CreateCompatibleBitmap
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
DeleteObject
GetStockObject
CreateSolidBrush
CreateFontIndirectA
GetObjectA
SetBkColor

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

OpenProcessToken
GetTokenInformation
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegEnumKeyExA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegOpenKeyA
GetUserNameA
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
DuplicateTokenEx
GetLengthSid
CreateProcessAsUserA
SetTokenInformation

shell32

DragQueryFileA
DragFinish
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetSpecialFolderPathA
ShellExecuteExA
Shell_NotifyIconA

comctl32

InitCommonControlsEx

shlwapi

PathStripToRootA
PathFindFileNameA
PathCombineA
PathFindExtensionA
PathRenameExtensionA
PathStripPathA
PathRemoveFileSpecA
UrlEscapeA
PathIsUNCA

oledlg

ord8

ole32

CLSIDFromString
CoGetClassObject
StringFromGUID2
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromProgID
CoFreeUnusedLibraries
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoCreateInstance
OleUninitialize
CoInitializeSecurity
OleInitialize
CoCreateGuid
StgOpenStorageOnILockBytes

oleaut32

SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
DispCallFunc
VariantCopy
SysAllocStringByteLen
VariantChangeType
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayCreateVector
SysStringLen
VariantClear
VariantInit
SysAllocStringLen
SysFreeString
SafeArrayDestroy
OleCreateFontIndirect

ws2_32

inet_addr
htons
gethostbyname
connect
ioctlsocket
select
socket
closesocket
shutdown
send
recv
WSAStartup
WSAGetLastError

wininet

HttpOpenRequestA
InternetConnectA
InternetSetStatusCallback
HttpAddRequestHeadersA
InternetCloseHandle
InternetCanonicalizeUrlA
InternetCrackUrlA
HttpSendRequestA
HttpQueryInfoA
InternetReadFileExA
InternetOpenA
InternetCombineUrlA
InternetSetCookieA
InternetGetCookieA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

urlmon

URLDownloadToFileA
IsValidURL

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 668KB - Virtual size: 665KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 356KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6b32bf5b9774a5a3be9ed8b60892d85

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

39:1b:1d:e3:fd:f7:d6:81:24:13:6d:14:83:c1:6b:21Certificate

Extended Key Usages

Key Usages

d2:41:36:d9:ee:26:81:f8:63:e4:6f:43:3b:c7:57:ab:ee:74:0e:43Signer

Headers

File Characteristics

PDB Paths

Imports

crypt32

iphlpapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

wininet

version

urlmon

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 668KB - Virtual size: 665KB

.data Size: 356KB - Virtual size: 384KB

.rsrc Size: 2.3MB - Virtual size: 2.3MB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

39:1b:1d:e3:fd:f7:d6:81:24:13:6d:14:83:c1:6b:21
Certificate

d2:41:36:d9:ee:26:81:f8:63:e4:6f:43:3b:c7:57:ab:ee:74:0e:43
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 668KB - Virtual size: 665KB

.data
Size: 356KB - Virtual size: 384KB

.rsrc
Size: 2.3MB - Virtual size: 2.3MB