867ea77fb72f37f673455c3bd7a9e9e7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

867ea77fb72f37f673455c3bd7a9e9e7_JaffaCakes118
Size

277KB
MD5

867ea77fb72f37f673455c3bd7a9e9e7
SHA1

55b0227db0a8ceada34b3d6431594b8d98b3fc10
SHA256

47cdb982fe3a11b8eceb44999a748436245a0ab3127bb179cf4159fbf398e3c5
SHA512

8a9490c2f4f2ff913f1d783f49a921dd6d61e5b0171eabc447765c2134051086e3459c5d0353bfea1073fa43d838d2ee633c35b6407a9168864798e105a100de
SSDEEP

3072:3495CykViV0sTL6Ww5d7kpRdgd3dJz1XKlNdh2xYutSg5Liz1gSzAGoI+b3SQel3:3495venKR6NJz2dh/utSZzz95NggBL

Score

1^/10

Malware Config

Signatures

Files

867ea77fb72f37f673455c3bd7a9e9e7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cec087725fa713c1cfc81d8323a83878

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:e7:89:ef:da:84:1b:09:84:1f:fd:f0:45:95:e4:ea
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

19/05/2008, 00:00

Not After

19/05/2010, 23:59

Subject

CN=Cassava Enterprises (Gibraltar) Limited,OU=Cassava,O=Cassava Enterprises (Gibraltar) Limited,L=Gibraltar,ST=Gibraltar,C=GI

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0b:d1:33:cc:7b:f7:af:df:3e:e2:86:17:f9:72:e0:c9:49:02:0d:00
Signer

Actual PE Digest

0b:d1:33:cc:7b:f7:af:df:3e:e2:86:17:f9:72:e0:c9:49:02:0d:00

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\GamingX\Develop\Installer\3.7.x.x\OUT_FILES\Release\Intermediate Files\Installer_newSocket\Installer.pdb

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetOpenA
InternetConnectA
InternetCloseHandle
HttpAddRequestHeadersA
InternetGetLastResponseInfoA
InternetQueryDataAvailable
InternetReadFile
HttpOpenRequestA
InternetSetOptionA
HttpSendRequestA
HttpEndRequestA
HttpQueryInfoA
InternetCheckConnectionA
InternetCrackUrlA

kernel32

CreateEventA
CloseHandle
GlobalMemoryStatus
GetVersionExA
GetVersion
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateSemaphoreA
CreateProcessA
DeleteFileA
DeleteCriticalSection
TerminateThread
GetModuleFileNameA
GetPrivateProfileIntA
CreateThread
GetTickCount
Sleep
ReleaseMutex
ReleaseSemaphore
GetLastError
GetSystemTime
GetModuleHandleA
GetTempPathA
GetCurrentDirectoryA
MultiByteToWideChar
CreateFileA
GetFileSize
ReadFile
WriteFile
CopyFileA
GetUserDefaultLangID
SetFilePointer
GlobalFree
GlobalSize
GlobalUnlock
GlobalLock
GlobalAlloc
LocalFree
LocalAlloc
GetConsoleCP
FatalAppExitA
SetCurrentDirectoryA
CreateMutexA
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
ExitProcess
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentThread
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcAddress
RemoveDirectoryA
GetTimeZoneInformation
GetLocalTime
GetConsoleMode
GetFullPathNameA
GetDriveTypeA
CreateDirectoryA
GetStartupInfoA
GetProcessHeap
HeapAlloc
HeapFree
GetCommandLineA
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetPrivateProfileStringA
SetEvent
MulDiv
WaitForSingleObject
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
SetStdHandle
WriteConsoleA
WriteConsoleW
GetConsoleOutputCP
GetLocaleInfoW
SetEndOfFile
CompareStringA
CompareStringW
GetCurrentProcessId
SetEnvironmentVariableA
TerminateProcess
GetSystemTimeAsFileTime
RtlUnwind
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapReAlloc
VirtualAlloc
FlushFileBuffers

user32

IsWindow
IsRectEmpty
IntersectRect
UnionRect
PtInRect
SendDlgItemMessageA
DrawTextA
InvalidateRect
UpdateWindow
SetDlgItemTextA
KillTimer
SetTimer
ChangeDisplaySettingsA
GetSystemMetrics
SendMessageA
PostMessageA
EndDialog
DestroyWindow
MessageBoxIndirectA
GetDlgItem
EnableWindow
DefWindowProcA
ShowWindow
SetWindowTextA
GetWindowRect
ScreenToClient
CreateWindowExA
GetDC
ReleaseDC
GetClientRect
FillRect
EndPaint
PostQuitMessage
SetFocus
FindWindowA
MessageBoxA
SetForegroundWindow
GetClassInfoExA
DialogBoxParamA
LoadIconA
LoadCursorA
RegisterClassExA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
EnumDisplaySettingsA

gdi32

CreateDIBitmap
DeleteDC
GetBkColor
SetBkMode
SetTextColor
SetMapMode
SetBkColor
GetObjectA
GetDeviceCaps
CreateFontIndirectA
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateSolidBrush
DeleteObject
CreateBitmap

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA

shell32

ShellExecuteExA
ShellExecuteA

ole32

CoCreateGuid

wsock32

WSAStartup
inet_addr
gethostbyname
gethostname

Sections

.text
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cec087725fa713c1cfc81d8323a83878

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

48:e7:89:ef:da:84:1b:09:84:1f:fd:f0:45:95:e4:eaCertificate

Extended Key Usages

0b:d1:33:cc:7b:f7:af:df:3e:e2:86:17:f9:72:e0:c9:49:02:0d:00Signer

Headers

File Characteristics

PDB Paths

Imports

version

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

wsock32

Sections

.text Size: 224KB - Virtual size: 223KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 12KB - Virtual size: 229KB

.rsrc Size: 4KB - Virtual size: 3KB

01
Certificate

0a
Certificate

48:e7:89:ef:da:84:1b:09:84:1f:fd:f0:45:95:e4:ea
Certificate

0b:d1:33:cc:7b:f7:af:df:3e:e2:86:17:f9:72:e0:c9:49:02:0d:00
Signer

.text
Size: 224KB - Virtual size: 223KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 12KB - Virtual size: 229KB

.rsrc
Size: 4KB - Virtual size: 3KB