89be15ffc2c7f4e4149bf73a8b8ff4c1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

89be15ffc2c7f4e4149bf73a8b8ff4c1_JaffaCakes118
Size

288KB
MD5

89be15ffc2c7f4e4149bf73a8b8ff4c1
SHA1

7a17c533d2fde28bb5e3f9db48055ba9d0dbb48f
SHA256

14b1730e6755d4da0b4f33f2147630317290bc477dce609deadeb028694d197f
SHA512

d164cb519f620dd0ba5a90247e0c15d4e20166d68821c8e44dc41fa346e3e27a78cf71ba8c2bed03a69d3feec9f59a1bdc4e5b0eb03519eb1ae80bd57d196d6c
SSDEEP

3072:eEWhyAQA8Y2aiffAq3CBJIIjdsclFLilwt1BHRWUofJ3wt9Lh6hxni8//pSP7qFL:eEWhP2Es4SclYw6/0MhV

Score

1^/10

Malware Config

Signatures

Files

89be15ffc2c7f4e4149bf73a8b8ff4c1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ff6e103b73517d5bc32e26d8351d0f67

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:05:94:f3:b5:66:2c:25:0a:73:89:c7:bb:92:58:68
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

17/05/2007, 00:00

Not After

14/06/2009, 23:59

Subject

CN=888 Holdings Plc,OU=888,O=888 Holdings Plc,L=Gibraltar,ST=Gibraltar,C=GI

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

86:5b:73:6b:57:55:67:9a:ea:ab:9d:ce:77:7d:11:53:ab:bf:de:21
Signer

Actual PE Digest

86:5b:73:6b:57:55:67:9a:ea:ab:9d:ce:77:7d:11:53:ab:bf:de:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\GamingX\Develop\Installer\3.6.x.x\OUT_FILES\Release\Intermediate Files\Installer_newSocket\Installer.pdb

Imports

wsock32

WSAStartup
send
setsockopt
select
closesocket
ioctlsocket
connect
socket
htons
WSAGetLastError
WSACleanup
inet_addr
gethostname
shutdown
recv
gethostbyname

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

GetModuleFileNameA
GetPrivateProfileIntA
CreateThread
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
ReleaseMutex
GetTempPathA
GetModuleHandleA
GetCurrentDirectoryA
lstrlenA
CreateFileA
GetFileSize
GetLastError
ReadFile
WriteFile
CopyFileA
GetUserDefaultLangID
SetFilePointer
GlobalFree
GlobalSize
GlobalUnlock
GlobalLock
GlobalAlloc
LocalFree
LocalAlloc
SetStdHandle
LoadLibraryA
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
TerminateThread
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetTimeZoneInformation
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
HeapCreate
HeapDestroy
HeapReAlloc
VirtualAlloc
VirtualFree
FatalAppExitA
ExitProcess
HeapSize
Sleep
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentThread
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
DeleteCriticalSection
DeleteFileA
InitializeCriticalSection
GetVersion
GetVersionExA
GlobalMemoryStatus
CloseHandle
CreateEventA
SetEnvironmentVariableA
CreateMutexA
GetPrivateProfileStringA
GetTickCount
WinExec
SetEvent
MulDiv
WaitForSingleObject
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
FlushFileBuffers
CompareStringA
CompareStringW
GetDateFormatA
TlsAlloc
TlsGetValue
GetProcAddress
RemoveDirectoryA
CreateDirectoryA
GetStartupInfoA
GetProcessHeap
GetCommandLineA
RaiseException
HeapFree
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
RtlUnwind

user32

TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
RegisterClassExA
LoadCursorA
TranslateMessage
DialogBoxParamA
GetClassInfoExA
SetForegroundWindow
MessageBoxA
FindWindowA
SetFocus
DispatchMessageA
LoadIconA
DestroyWindow
IsWindow
IsRectEmpty
IntersectRect
UnionRect
PtInRect
SendDlgItemMessageA
DrawTextA
InvalidateRect
UpdateWindow
SetDlgItemTextA
KillTimer
SetTimer
EnumDisplaySettingsA
ChangeDisplaySettingsA
GetSystemMetrics
SendMessageA
PostMessageA
EndDialog
EndPaint
MessageBoxIndirectA
GetDlgItem
EnableWindow
PostQuitMessage
DefWindowProcA
ShowWindow
SetWindowTextA
GetWindowRect
ScreenToClient
CreateWindowExA
GetDC
ReleaseDC
GetClientRect
FillRect

gdi32

CreateBitmap
CreateDIBitmap
DeleteDC
GetBkColor
SetBkMode
SetTextColor
SetMapMode
SetBkColor
GetDeviceCaps
CreateFontIndirectA
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateSolidBrush
DeleteObject
GetObjectA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteA
ShellExecuteExA

ole32

CoCreateGuid

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff6e103b73517d5bc32e26d8351d0f67

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

4f:05:94:f3:b5:66:2c:25:0a:73:89:c7:bb:92:58:68Certificate

Extended Key Usages

86:5b:73:6b:57:55:67:9a:ea:ab:9d:ce:77:7d:11:53:ab:bf:de:21Signer

Headers

File Characteristics

PDB Paths

Imports

wsock32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 220KB - Virtual size: 219KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 12KB - Virtual size: 211KB

.rsrc Size: 4KB - Virtual size: 3KB

01
Certificate

0a
Certificate

4f:05:94:f3:b5:66:2c:25:0a:73:89:c7:bb:92:58:68
Certificate

86:5b:73:6b:57:55:67:9a:ea:ab:9d:ce:77:7d:11:53:ab:bf:de:21
Signer

.text
Size: 220KB - Virtual size: 219KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 12KB - Virtual size: 211KB

.rsrc
Size: 4KB - Virtual size: 3KB