84d2e1df979649e24a91334e08175275_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

84d2e1df979649e24a91334e08175275_JaffaCakes118
Size

1.0MB
MD5

84d2e1df979649e24a91334e08175275
SHA1

1bd681183d1763e949f1942ed1b29dbfe6a2c6e1
SHA256

c27ac0d1be8bdb9b293196344ad3671f44ad0b8d49ad1120227cf4e15818c4a4
SHA512

9bb1337ea031ac094a0ef583b35765675049a57de2589d5d511e5b77359d0d30aa8f0b9da7c4b9edfed0a0c46e9e6baf865e6499b9af4ff682c9086110310a21
SSDEEP

12288:aTizlGcYv5P/pkK33vrvK20qlaa5LFyIAXUTJKC+TltRSlovcVFAUE:aQ8DvrbzFyI6YwTlqlokYUE

Score

1^/10

Malware Config

Signatures

Files

84d2e1df979649e24a91334e08175275_JaffaCakes118
.dll windows:5 windows x86 arch:x86

1920950f4333a150ccfe8d8d0cb3a233

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:62:dc:36:72:d1:d2:04:7d:89:74:36:1b:53:ec:e7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/11/2009, 00:00

Not After

16/11/2011, 23:59

Subject

CN=Secure Digital Services Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Secure Digital Services Limited,L=Dublin,ST=Dublin,C=IE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:a2:36:aa:f4:93:81:2a:a8:6d:57:2b:6b:bc:d6:18:78:d6:87:87
Signer

Actual PE Digest

09:a2:36:aa:f4:93:81:2a:a8:6d:57:2b:6b:bc:d6:18:78:d6:87:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GetFileAttributesW
GetFileSizeEx
GetFileTime
WritePrivateProfileStringW
RtlUnwind
HeapAlloc
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
HeapReAlloc
GetCommandLineA
WriteConsoleW
GetFileType
GetStdHandle
ExitProcess
SetStdHandle
VirtualFree
VirtualAlloc
HeapCreate
HeapDestroy
TlsAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CreateFileA
GetCurrentDirectoryA
GetDriveTypeA
WriteConsoleA
GetConsoleOutputCP
GetProcessHeap
SetEnvironmentVariableA
GlobalHandle
GlobalReAlloc
IsProcessorFeaturePresent
InterlockedCompareExchange
TlsGetValue
GlobalFlags
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
LocalAlloc
FindNextFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
lstrlenA
lstrcmpA
GetCurrentProcessId
GetModuleHandleA
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
CompareStringW
LoadLibraryA
GetVersionExA
FreeResource
WideCharToMultiByte
GetLocalTime
MulDiv
lstrcmpW
CreateDirectoryW
LocalFree
TerminateThread
GetExitCodeThread
CreateMutexW
LoadLibraryExW
FreeLibrary
lstrcmpiW
OpenProcess
ResumeThread
SystemTimeToTzSpecificLocalTime
GlobalFree
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalUnlock
CreateFileW
WriteFile
GetTempPathW
lstrcatW
CreateEventW
CreateThread
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CloseHandle
FindResourceExW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLastError
GetProcAddress
LoadLibraryW
GetModuleHandleW
GetTickCount
SetLastError
GetModuleFileNameW
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
InterlockedDecrement
Sleep
InterlockedIncrement
FindResourceW
LoadResource
LockResource
GetModuleFileNameA
SizeofResource

user32

SetRect
IsZoomed
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetMenuState
SendDlgItemMessageA
WinHelpW
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetLastActivePopup
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxW
GetClassInfoW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetMenu
SystemParametersInfoA
GetWindowPlacement
GetDlgCtrlID
IsDialogMessageW
SendDlgItemMessageW
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
wsprintfW
PeekMessageW
MsgWaitForMultipleObjects
RegisterClassW
FindWindowW
SetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
FillRect
GetDlgItem
IsChild
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ClientToScreen
GetSysColor
GetWindowTextLengthW
SendMessageW
EnableWindow
UnregisterClassA
PtInRect
RegisterWindowMessageW
GetMessageW
GetCursorPos
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
SetForegroundWindow
PostQuitMessage
SetMenu
SetWindowTextW
CharNextW
CheckMenuItem
EnableMenuItem
AppendMenuW
CreatePopupMenu
SetCursor
ValidateRect
CharUpperW
WindowFromPoint
SetRectEmpty
GetSysColorBrush
DestroyMenu
OffsetRect
IsIconic
CopyRect
GetClientRect
RedrawWindow
GetCapture
SetCapture
GetFocus
GetParent
ReleaseCapture
DestroyIcon
ScreenToClient
SetWindowLongW
ShowWindow
DestroyWindow
CallWindowProcW
GetWindowLongW
MoveWindow
GetClassInfoExW
LoadCursorW
DefWindowProcW
RegisterClassExW
CreateWindowExW
LoadIconW
GetWindowRect
GetAsyncKeyState
IsWindowVisible
GetKeyState
LoadImageW
CreateMenu
CreateAcceleratorTableW
GetForegroundWindow
GetSystemMetrics
SetWindowPos
UpdateWindow
GetClassNameW
GetWindowTextW
GetWindowThreadProcessId
UnregisterClassW
KillTimer
SetTimer
GetWindow
IsWindow
PostMessageW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetTopWindow

gdi32

GetTextMetricsW
GetTextExtentPoint32W
GetBkColor
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateFontIndirectW
IntersectClipRect
ExcludeClipRect
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
CreateSolidBrush
GetDeviceCaps
GetStockObject
CreateCompatibleDC
SelectObject
DeleteObject
GetObjectW
DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
BitBlt
GetPixel
SetPixel
SetBkColor
DeleteDC

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegQueryValueW
RegEnumKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey

shell32

SHGetFolderPathW

shlwapi

PathFindExtensionW
UrlUnescapeW
PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW
PathFindFileNameW

ole32

CoTaskMemRealloc
OleUninitialize
OleInitialize
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromString
CoInitializeEx
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CLSIDFromProgID
OleRun
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemFree

oleaut32

SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysStringLen
VariantClear
VariantInit
DispCallFunc
LoadRegTypeLi
LoadTypeLi
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
VariantChangeType
VarUI4FromStr
OleCreateFontIndirect
GetErrorInfo
SysFreeString

urlmon

CreateURLMonikerEx
CoInternetParseUrl

wininet

InternetCloseHandle
HttpQueryInfoW
InternetReadFile
HttpSendRequestW
InternetQueryOptionW
InternetSetOptionW
HttpOpenRequestW
InternetConnectW
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
HttpAddRequestHeadersW
InternetCrackUrlW
InternetCanonicalizeUrlW

psapi

GetModuleFileNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

?initialize@Engine@@SA_NHHHPB_W00000000000PAUHWND__@@IIHH0@Z
?pause@Engine@@SA_NXZ
?resume@Engine@@SA_NXZ
?uninitialize@Engine@@SA_NXZ

Sections

.text
Size: 510KB - Virtual size: 510KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1920950f4333a150ccfe8d8d0cb3a233

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

3b:62:dc:36:72:d1:d2:04:7d:89:74:36:1b:53:ec:e7Certificate

Extended Key Usages

Key Usages

09:a2:36:aa:f4:93:81:2a:a8:6d:57:2b:6b:bc:d6:18:78:d6:87:87Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

urlmon

wininet

psapi

version

Exports

Exports

Sections

.text Size: 510KB - Virtual size: 510KB

.rdata Size: 124KB - Virtual size: 124KB

.data Size: 17KB - Virtual size: 1.5MB

.rsrc Size: 332KB - Virtual size: 331KB

.reloc Size: 58KB - Virtual size: 57KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

3b:62:dc:36:72:d1:d2:04:7d:89:74:36:1b:53:ec:e7
Certificate

09:a2:36:aa:f4:93:81:2a:a8:6d:57:2b:6b:bc:d6:18:78:d6:87:87
Signer

.text
Size: 510KB - Virtual size: 510KB

.rdata
Size: 124KB - Virtual size: 124KB

.data
Size: 17KB - Virtual size: 1.5MB

.rsrc
Size: 332KB - Virtual size: 331KB

.reloc
Size: 58KB - Virtual size: 57KB