87e2eed0fbe63baf5455ccc153139012_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

87e2eed0fbe63baf5455ccc153139012_JaffaCakes118
Size

6.1MB
MD5

87e2eed0fbe63baf5455ccc153139012
SHA1

efbdae6050182bc7d2a6ac32f8809a0977b4427e
SHA256

e5f0f1ed3967f21deda5116c4ebd0acbf4be260576763194a84a0b735e0e203f
SHA512

69c75b0f4605c73ddf2a6184a9374e12f3949ebfce21adacf2bf2b2bdb37d07ed82d6b7bb8b614a01b05f6c52dc8b1c678322a00ec41a274fed4e6a5d273eb61
SSDEEP

24576:M7uJdVQ+Tn7Al2v2n/VUt2i3Yn/aEzW1oyYB4dd9lXdzk:SuJM+r7Acv2nNar3YNzl4dd9lXd

Score

1^/10

Malware Config

Signatures

Files

87e2eed0fbe63baf5455ccc153139012_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6c4b41782372e562b92621e4e2170c8d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

02:a7:89:94:e8:04:2b:c5:0c:7a:33:3e:91:f7:4b:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/09/2007, 00:00

Not After

14/11/2010, 23:59

Subject

CN=C-NetMedia,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=C-NetMedia,L=Mobile,ST=Alabama,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b8:2f:7a:cb:52:ef:b6:39:85:b7:4d:f5:43:42:ef:19:74:46:ce:c0
Signer

Actual PE Digest

b8:2f:7a:cb:52:ef:b6:39:85:b7:4d:f5:43:42:ef:19:74:46:ce:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\Timothy\My Documents\WorkCode\SpywareBot\trunk\release\SpywareBot.pdb

Imports

tcl

Tcl_DeleteInterp
Tcl_ProcCmd
Tcl_ResetResult
Tcl_GetStringResult
Tcl_DeleteClone
Tcl_CloneInterp
Tcl_CreateInterp
Tcl_CreateCommand
Tcl_EvalEx
Tcl_SplitList
Tcl_FreeList
Tcl_SetResult

kernel32

ConvertDefaultLocale
GetCurrentThreadId
GetCurrentThread
GlobalDeleteAtom
SetThreadPriority
SuspendThread
GlobalAddAtomA
GetCurrentProcessId
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
GetModuleFileNameW
InterlockedDecrement
GetThreadLocale
SetFilePointer
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationA
LocalAlloc
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
InterlockedIncrement
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetCurrentDirectoryA
GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
GetTickCount
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
EnumResourceLanguagesA
HeapReAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
GetCommandLineA
GetStartupInfoA
ExitThread
GetTimeFormatA
GetDateFormatA
SetCurrentDirectoryA
SetEnvironmentVariableA
SetStdHandle
GetFileType
GetSystemTimeAsFileTime
ExitProcess
RaiseException
HeapSize
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetACP
IsValidCodePage
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetDriveTypeA
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoA
lstrcmpA
ReadFile
ConnectNamedPipe
HeapCompact
CreateNamedPipeA
DisconnectNamedPipe
FlushFileBuffers
WriteFile
HeapCreate
MoveFileA
HeapDestroy
CreateFileA
GetFileSize
GetFullPathNameA
TerminateThread
lstrcpynA
FileTimeToLocalFileTime
SetLastError
FindFirstFileA
GetFileAttributesA
FindNextFileA
FindClose
DeleteFileA
GetSystemDirectoryA
GetTempPathA
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
HeapFree
GetProcessHeap
HeapAlloc
FreeLibrary
LoadLibraryA
GetFileTime
ExpandEnvironmentStringsA
CreateThread
TerminateProcess
GetCurrentProcess
GetVersionExA
GetSystemInfo
LocalFree
lstrcatA
WinExec
FormatMessageA
FileTimeToSystemTime
Sleep
InitializeCriticalSection
lstrcpyA
SetConsoleScreenBufferSize
GetStdHandle
GetModuleFileNameA
GetConsoleScreenBufferInfo
AllocConsole
DeleteCriticalSection
FreeConsole
LeaveCriticalSection
GetLogicalDriveStringsA
SearchPathA
CreateProcessA
GetSystemTime
EnterCriticalSection
CreateDirectoryA
GetLocalTime
CloseHandle
GetWindowsDirectoryA
CreateEventA
GlobalAlloc
ResumeThread
GlobalFree
MulDiv
GlobalUnlock
ResetEvent
GlobalLock
SetEvent
WaitForSingleObject
FreeResource
GetModuleHandleA
GetProcAddress
GetEnvironmentVariableA
lstrlenA
CompareStringW
CompareStringA
GetVersion
GetLastError
MultiByteToWideChar
InterlockedExchange
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
IsDebuggerPresent

user32

CharNextA
CopyAcceleratorTableA
IsRectEmpty
InvalidateRgn
GetNextDlgGroupItem
RegisterClipboardFormatA
PostThreadMessageA
SetCapture
MessageBeep
SetWindowContextHelpId
MapDialogRect
DestroyMenu
InflateRect
GrayStringA
DrawTextExA
TabbedTextOutA
RegisterWindowMessageA
WinHelpA
IsChild
GetClassLongA
GetClassNameA
RemovePropA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
UpdateWindow
GetMenu
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
PtInRect
CallWindowProcA
OffsetRect
IntersectRect
GetWindowPlacement
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
EndDialog
SetFocus
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GetWindow
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
ValidateRect
GetMenuCheckMarkDimensions
GetFocus
EnableMenuItem
CheckMenuItem
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
PeekMessageA
DispatchMessageA
TranslateMessage
GetSysColorBrush
GetCaretPos
SystemParametersInfoA
SetWindowPos
GetWindowDC
ScreenToClient
ModifyMenuA
LoadIconA
IsIconic
DrawIcon
MessageBoxA
IsWindow
EqualRect
FindWindowA
GetDesktopWindow
ExitWindowsEx
TrackMouseEvent
GetSystemMetrics
EndPaint
BeginPaint
SetPropA
GetDlgCtrlID
DefWindowProcA
GetPropA
UnregisterClassA
RegisterClassExA
DrawTextA
GetWindowTextA
GetWindowTextLengthA
SendMessageCallbackA
CreateWindowExA
DrawEdge
WindowFromPoint
GetCapture
ReleaseCapture
ClientToScreen
DrawFocusRect
DestroyCursor
FillRect
LoadCursorA
SetClassLongA
SetCursor
GetSysColor
KillTimer
GetDC
InvalidateRect
GetClientRect
SetWindowRgn
LoadImageA
GetParent
ReleaseDC
HideCaret
SetWindowLongA
GetSubMenu
GetWindowLongA
SetForegroundWindow
LoadMenuA
GetCursorPos
SetRect
GetWindowRect
SendMessageA
LoadBitmapA
EnableWindow
PostMessageA
CopyRect
CharUpperA
SetTimer
RedrawWindow
SetMenuItemBitmaps
CopyIcon

gdi32

SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
GetTextExtentPoint32A
GetMapMode
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
BitBlt
CreateCompatibleBitmap
StretchBlt
CreateRectRgnIndirect
GetObjectA
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
SetMapMode
RestoreDC
SaveDC
GetClipBox
GetDIBits
CreateFontIndirectA
SetTextColor
SetBkColor
SetBkMode
GetTextMetricsA
SelectClipRgn
ExtTextOutA
DeleteDC
SelectObject
GetDeviceCaps
Rectangle
CombineRgn
CreateCompatibleDC
CreateBitmap
ExtCreateRegion
CreateRectRgn
CreateSolidBrush
GetPixel
DeleteObject
GetStockObject

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ord17
_TrackMouseEvent

shlwapi

PathStripToRootA
PathIsDirectoryA
SHDeleteKeyA
PathFindExtensionA
PathFindFileNameA
PathIsUNCA
UrlUnescapeA
PathFileExistsA

oledlg

ord8

ole32

CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CreateILockBytesOnHGlobal
CoTaskMemFree
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal

oleaut32

SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysStringLen
SysFreeString
OleLoadPicture
VariantCopy
SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy

wininet

HttpOpenRequestA
InternetOpenUrlA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetSetOptionExA
InternetQueryDataAvailable
HttpQueryInfoA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

zlib

inflate
inflateInit2_
inflateEnd

Sections

.text
Size: 624KB - Virtual size: 622KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c4b41782372e562b92621e4e2170c8d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

02:a7:89:94:e8:04:2b:c5:0c:7a:33:3e:91:f7:4b:3dCertificate

Extended Key Usages

Key Usages

b8:2f:7a:cb:52:ef:b6:39:85:b7:4d:f5:43:42:ef:19:74:46:ce:c0Signer

Headers

File Characteristics

PDB Paths

Imports

tcl

kernel32

user32

gdi32

comdlg32

winspool.drv

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

version

zlib

Sections

.text Size: 624KB - Virtual size: 622KB

.rdata Size: 140KB - Virtual size: 139KB

.data Size: 20KB - Virtual size: 32KB

.rsrc Size: 5.3MB - Virtual size: 5.3MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

02:a7:89:94:e8:04:2b:c5:0c:7a:33:3e:91:f7:4b:3d
Certificate

b8:2f:7a:cb:52:ef:b6:39:85:b7:4d:f5:43:42:ef:19:74:46:ce:c0
Signer

.text
Size: 624KB - Virtual size: 622KB

.rdata
Size: 140KB - Virtual size: 139KB

.data
Size: 20KB - Virtual size: 32KB

.rsrc
Size: 5.3MB - Virtual size: 5.3MB