8c7bebd3a7b1dbccd6c3598eeb0b2a30_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8c7bebd3a7b1dbccd6c3598eeb0b2a30_JaffaCakes118
Size

6.0MB
MD5

8c7bebd3a7b1dbccd6c3598eeb0b2a30
SHA1

cf8fa7c010148ef935213c9c1e3d3b89016dd606
SHA256

20510bf88339cd395e4e924096ae77101752be7cfa914b8a1fb7b927a2be0632
SHA512

23ec9142586bd43359e3cfb17d7ae61c011e7e3d9935729c10089dc16bab7bc86a6de3e4d883fee83a0b590fc5f7a3bb8374b4af24332ef986f1c0430a488988
SSDEEP

196608:VP4GcfofYBTAp6QByhzlwzbhx6yDgvB9kuDY:pobsgQBQJw76HjD

Score

1^/10

Malware Config

Signatures

Files

8c7bebd3a7b1dbccd6c3598eeb0b2a30_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8f1dd40a75adbf0d8c261c8321db50e4

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5d:5b:a1:f6:6a:d0:d9:8e:25:48:57:ba:2e:b2:e2:38
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

12/11/2008, 00:00

Not After

12/11/2010, 23:59

Subject

CN=OOO Port.Ru,OU=Secure Application Development,O=OOO Port.Ru,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f8:1b:87:b7:19:47:64:cb:0a:c8:2b:d6:80:f3:54:1a:95:ec:57:aa
Signer

Actual PE Digest

f8:1b:87:b7:19:47:64:cb:0a:c8:2b:d6:80:f3:54:1a:95:ec:57:aa

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathFindExtensionW
SHDeleteValueW
SHDeleteKeyW

psapi

GetModuleFileNameExW
EnumProcessModules
GetModuleBaseNameW
EnumProcesses

kernel32

LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
InterlockedIncrement
lstrlenA
GetThreadLocale
FileTimeToSystemTime
FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
FileTimeToLocalFileTime
GetCurrentThread
GetFileTime
SetErrorMode
GetStartupInfoW
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
GetConsoleCP
GetConsoleMode
GetProcessHeap
ExitThread
CreateThread
HeapReAlloc
HeapSize
ExitProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEnvironmentVariableA
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetModuleHandleA
FormatMessageW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryA
SetLastError
lstrcmpW
GetVersionExA
GetTickCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
FindClose
FindNextFileW
FindFirstFileW
WritePrivateProfileStringW
InterlockedDecrement
GetFileSizeEx
CreateProcessW
RemoveDirectoryW
GetModuleHandleW
GlobalUnlock
GlobalLock
CompareStringW
GetModuleFileNameW
FindResourceExW
MultiByteToWideChar
RaiseException
ResetEvent
TerminateThread
SetEvent
CreateEventW
GetCurrentProcess
ExpandEnvironmentStringsW
LocalFree
LoadLibraryW
GetProcAddress
GetLastError
GetSystemDirectoryW
GetWindowsDirectoryW
SetFileAttributesW
DeleteFileW
WaitForSingleObject
GetCurrentProcessId
LoadLibraryExW
FreeLibrary
OpenProcess
TerminateProcess
GlobalAlloc
GlobalFree
GetFileSize
ReadFile
SetFilePointer
SetEndOfFile
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
GetPrivateProfileIntW
CreateDirectoryW
CreateFileW
WriteFile
FreeResource
lstrlenW
CloseHandle
WideCharToMultiByte
GetCommandLineW
Sleep
GetVersionExW
OpenSemaphoreW
CreateSemaphoreW
GetFileAttributesW
GetTempPathW
CopyFileW
MoveFileExW
MulDiv
FindResourceW
LoadResource
LockResource
SizeofResource

user32

DestroyMenu
GetSysColorBrush
UnregisterClassW
CharNextW
IsRectEmpty
SetRect
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatW
TranslateMessage
ValidateRect
PostQuitMessage
ClientToScreen
GrayStringW
DrawTextExW
TabbedTextOutW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
MoveWindow
IsDialogMessageW
GetMenuState
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetFocus
SetFocus
GetLastActivePopup
DispatchMessageW
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageW
GetKeyState
SetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetClassInfoW
EqualRect
CopyRect
SystemParametersInfoA
GetWindow
IntersectRect
OffsetRect
GetForegroundWindow
IsWindowVisible
GetWindowPlacement
LoadIconW
GetMenu
AdjustWindowRectEx
RegisterClassW
DrawTextW
IsWindowEnabled
GetSysColor
PtInRect
SetCapture
GetWindowDC
ShowWindow
InvalidateRect
GetCursorPos
SendMessageW
LoadImageW
EnableWindow
ReleaseCapture
DefWindowProcW
CallWindowProcW
EndPaint
BeginPaint
UnhookWindowsHookEx
CreateWindowExW
SetWindowsHookExW
SetWindowLongW
CallNextHookEx
GetClassInfoExW
GetParent
CharUpperW
SetWindowPos
GetDlgCtrlID
EnumChildWindows
SetWindowTextW
GetDlgItem
EndDialog
GetWindowTextW
GetWindowTextLengthW
SetDlgItemTextW
RemovePropW
SetActiveWindow
SetForegroundWindow
GetPropW
SetPropW
ReleaseDC
GetDC
GetDesktopWindow
MessageBoxW
UpdateWindow
SetCursor
LoadCursorW
RegisterWindowMessageW
DrawIcon
IsIconic
GetClientRect
GetSystemMetrics
LoadStringW
CharLowerW
CopyImage
GetClassNameW
SendMessageTimeoutW
IsWindow
EnumWindows
SendNotifyMessageW
GetWindowThreadProcessId
GetWindowRect
MapWindowPoints
PostThreadMessageW
GetMessageW
PostMessageW
DestroyWindow
GetWindowLongW

gdi32

ExtSelectClipRgn
CreatePen
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
SetBkColor
SetTextColor
DeleteDC
SetViewportOrgEx
GetStockObject
SelectObject
DeleteObject
GetDeviceCaps
GetObjectW
CreateFontIndirectW
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
MoveToEx
LineTo
SetMapMode
RestoreDC
SaveDC
CreateRectRgnIndirect
CreateBitmap
GetClipBox

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegCreateKeyW
RegOpenKeyW
CreateProcessAsUserW
GetLengthSid
SetTokenInformation
DuplicateTokenEx
RegQueryInfoKeyW
OpenProcessToken
GetTokenInformation
EqualSid
ConvertSidToStringSidW
RegEnumKeyW
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryValueW

shell32

SHGetFolderPathW
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderPathW
CommandLineToArgvW
SHCreateDirectoryExW
ord680

oledlg

OleUIBusyW

ole32

OleIsCurrentClipboard
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CLSIDFromProgID
CLSIDFromString
CoInitialize
CoGetClassObject
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
OleFlushClipboard
CoUninitialize

oleaut32

OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
OleLoadPicture
SysFreeString
SysAllocString
VariantInit
VariantClear
VariantChangeType
SysAllocStringLen
SysStringLen
SafeArrayDestroy
VariantCopy

wsock32

WSAStartup
WSACleanup
WSASetLastError

Sections

.text
Size: 347KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 81B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.6MB - Virtual size: 5.7MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8f1dd40a75adbf0d8c261c8321db50e4

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

5d:5b:a1:f6:6a:d0:d9:8e:25:48:57:ba:2e:b2:e2:38Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

f8:1b:87:b7:19:47:64:cb:0a:c8:2b:d6:80:f3:54:1a:95:ec:57:aaSigner

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

psapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

oledlg

ole32

oleaut32

wsock32

Sections

.text Size: 347KB - Virtual size: 346KB

.rdata Size: 98KB - Virtual size: 98KB

.data Size: 17KB - Virtual size: 45KB

.tls Size: 512B - Virtual size: 81B

.rsrc Size: 5.6MB - Virtual size: 5.7MB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

5d:5b:a1:f6:6a:d0:d9:8e:25:48:57:ba:2e:b2:e2:38
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

f8:1b:87:b7:19:47:64:cb:0a:c8:2b:d6:80:f3:54:1a:95:ec:57:aa
Signer

.text
Size: 347KB - Virtual size: 346KB

.rdata
Size: 98KB - Virtual size: 98KB

.data
Size: 17KB - Virtual size: 45KB

.tls
Size: 512B - Virtual size: 81B

.rsrc
Size: 5.6MB - Virtual size: 5.7MB