88183f652225b1cdd244e9bc4d609dcc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

88183f652225b1cdd244e9bc4d609dcc_JaffaCakes118
Size

546KB
MD5

88183f652225b1cdd244e9bc4d609dcc
SHA1

0de556e2838540b8c1d77bc1a30af2aeaf04c636
SHA256

69493d4dd2b44435410026d1d8e8fe324503f37489dc8c73ea55ee89187cf6b0
SHA512

dc90f2dd2afd3502c1c1a58326ec1d8dbe9239474c3b483c4b553af82866f9cce042f6f14d3d70599453c077a1016efcb9b0900d121edf6458b0b9913fa9fe5f
SSDEEP

12288:0/7INGMfi++V52RZI7XHgZQKhJgeCmkpN:0DIzH+V52RmLHgZpJEnz

Score

1^/10

Malware Config

Signatures

Files

88183f652225b1cdd244e9bc4d609dcc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9e0d538eb26e67330d92ae1be1e54d96

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/10/2008, 21:24

Not After

22/01/2010, 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

98:7d:21:69:b3:aa:cb:b3:26:fc:a6:f3:cc:35:71:ea:fb:72:ac:34
Signer

Actual PE Digest

98:7d:21:69:b3:aa:cb:b3:26:fc:a6:f3:cc:35:71:ea:fb:72:ac:34

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

t:\mso\x86\ship\0\offlb.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegQueryInfoKeyA
RegDeleteValueA
RegEnumValueA
RegEnumKeyExA
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyW
GetLengthSid
AddAccessAllowedAce
AddAccessDeniedAce
InitializeAcl
AllocateAndInitializeSid
CopySid
GetTokenInformation
OpenProcessToken
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidA
CheckTokenMembership
IsValidSid
OpenThreadToken
RegSetValueExA

kernel32

UnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
QueryPerformanceCounter
VirtualProtect
GetUserDefaultUILanguage
GetCalendarInfoW
EnumSystemLocalesW
EnumUILanguagesW
IsProcessorFeaturePresent
ReleaseSemaphore
GlobalMemoryStatus
GetCurrentThread
InitializeCriticalSection
CreateFileA
CreateDirectoryW
GetTempPathW
CompareStringW
IsValidCodePage
GetStringTypeExW
IsDBCSLeadByte
GetUserDefaultLCID
GetSystemInfo
GetDiskFreeSpaceExW
GetTimeZoneInformation
GetVersionExW
GetSystemDirectoryW
IsValidLocale
LocalAlloc
LocalFree
LoadLibraryExW
GetShortPathNameA
SetUnhandledExceptionFilter
OpenMutexA
GetProcessTimes
ExpandEnvironmentStringsW
GetLocaleInfoW
CreateFileW
GetFileType
MulDiv
GetACP
FlushFileBuffers
SetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
DeleteCriticalSection
TlsFree
TlsGetValue
VirtualFree
GetSystemDefaultLCID
TlsAlloc
InitializeCriticalSectionAndSpinCount
GlobalFree
CreateEventA
CreateMutexA
CreateFileMappingA
MapViewOfFile
ReleaseMutex
GlobalAlloc
UnmapViewOfFile
GetModuleFileNameA
CreateProcessA
FreeLibrary
GetCurrentThreadId
GetTickCount
TlsSetValue
RaiseException
VirtualAlloc
HeapReAlloc
HeapAlloc
HeapValidate
HeapSize
HeapFree
GetProcessHeap
IsDebuggerPresent
SetEvent
CreateThread
GetCurrentProcess
DuplicateHandle
MultiByteToWideChar
GetVersionExA
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetVersion
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetModuleHandleA
LoadLibraryA
ResetEvent
WaitForMultipleObjects
OpenProcess
TerminateProcess
WaitForSingleObject
DeleteFileW
OpenThread
QueueUserAPC
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
GetLocalTime
GetTempPathA
WideCharToMultiByte
GetLastError
Sleep
SetFilePointer
WriteFile
CloseHandle
GetFileAttributesW
GetSystemTime
SystemTimeToFileTime
CreateSemaphoreA

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

secur32

GetUserNameExW

lbghost

FIsOnlyLBInstance
FCopyOfficeHang
FRemoveOfficeHang
GetLBOSVersion
FStillHaveHangs
FSetLbOverrideWatsonUI
ResetLBInstance
HwndLBUISet
LoadLBIntl
FGetLbOverrideWatsonUI

msvcr80

__CxxFrameHandler3
_CxxThrowException
_wcsicmp
_wtoi
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_CIsqrt
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_crt_debugger_hook
_invoke_watson
_controlfp_s
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
memmove
memcpy
memset
_vsnprintf
_ismbblead

user32

RegisterClassExW
IsDialogMessageW
DestroyWindow
GetWindowLongW
LoadStringW
SendMessageW
PostMessageW
IsHungAppWindow
IsWindowVisible
CreateWindowExW
GetWindowInfo
ShowWindow
FlashWindowEx
GetFocus
DefWindowProcW
SetTimer
PostQuitMessage
KillTimer
DispatchMessageW
TranslateMessage
GetWindowThreadProcessId
CreateDialogParamW
GetMessageW
SystemParametersInfoW
GetSystemMetrics
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
SetForegroundWindow
SetWindowPos
SetWindowLongW
DrawIconEx
FillRect
GetSysColorBrush
ReleaseDC
GetDC
SetWindowTextW
GetDlgItem
SendMessageA
DestroyIcon
InvalidateRect
GetSysColor
SendDlgItemMessageW
DialogBoxParamW
LoadIconW
EndDialog
GetClassNameA
IsWindowUnicode
GetWindowLongA
GetParent
MapWindowPoints
MoveWindow
GetWindow
GetDlgCtrlID
GetClientRect
IsWindow
CreateWindowExA
CreateDialogIndirectParamA
DrawTextA
DrawTextW
MapDialogRect
SetFocus
EnumDisplayMonitors
GetMonitorInfoA
LoadBitmapA
GetKeyboardLayout
GetMenuCheckMarkDimensions
EnumWindows
SetRectEmpty

Sections

.text
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 197KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9e0d538eb26e67330d92ae1be1e54d96

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:06:27:81:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

98:7d:21:69:b3:aa:cb:b3:26:fc:a6:f3:cc:35:71:ea:fb:72:ac:34Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

version

secur32

lbghost

msvcr80

user32

Sections

.text Size: 296KB - Virtual size: 295KB

.data Size: 197KB - Virtual size: 217KB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 24KB - Virtual size: 24KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:06:27:81:00:00:00:00:00:08
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

98:7d:21:69:b3:aa:cb:b3:26:fc:a6:f3:cc:35:71:ea:fb:72:ac:34
Signer

.text
Size: 296KB - Virtual size: 295KB

.data
Size: 197KB - Virtual size: 217KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 24KB - Virtual size: 24KB