8ceb3be2c3affa0001f0c044a70bdb6c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8ceb3be2c3affa0001f0c044a70bdb6c_JaffaCakes118
Size

390KB
MD5

8ceb3be2c3affa0001f0c044a70bdb6c
SHA1

8b05817631a534f62ed7fc50c60e22f3c1beda2a
SHA256

2e4654200b4efa00def65fcb8e5687f2d67505fbfe5adbac0ea2153ac9375594
SHA512

5bf6aeba3e9c7541520ba30b45ab73ae979c5a0d67cc57fe55d56887688e4ca91b6c2f62c925f3c5fbb0218491bd7432f9b31ae7b60ca5995b71ca34d434de63
SSDEEP

6144:nhQLcxQtCACRtIDlhSGR4RXtSPtfEq06pTpl+qiZY+museNjepN:nhQLcCtC9oDXSSMAPtfZNpTL+3seNj

Score

1^/10

Malware Config

Signatures

Files

8ceb3be2c3affa0001f0c044a70bdb6c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0ff2602c20046bf3a16c9418fe41c2e6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:22:1b:40:97:e0
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

26/06/2009, 05:34

Not After

27/06/2011, 05:34

Subject

CN=Hangzhou Shunwang Information Technology Co.\, Ltd,OU=Hangzhou Shunwang Information Technology Co.\, Ltd,O=Hangzhou Shunwang Information Technology Co.\, Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\WorkCopies\old\NBMS_BAR\tag\7100_20100401_01_D\BarClient\BarClientTask\Release\BarClientTask.pdb

Imports

kernel32

SetEndOfFile
DuplicateHandle
lstrcpynA
GetVolumeInformationA
GetFullPathNameA
FormatMessageA
MulDiv
SetLastError
GlobalAddAtomA
lstrcmpW
lstrcatA
GlobalFindAtomA
GlobalGetAtomNameA
InterlockedDecrement
GetCurrentDirectoryA
InterlockedIncrement
GlobalFlags
LocalAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GetCPInfo
GetOEMCP
ExitProcess
RtlUnwind
UnlockFile
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapAlloc
VirtualProtect
GetSystemInfo
VirtualQuery
GetStartupInfoA
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
GetCurrentThread
GlobalDeleteAtom
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
Process32First
Process32Next
CreateToolhelp32Snapshot
GetProcAddress
VirtualAlloc
WriteProcessMemory
ExpandEnvironmentStringsA
GetModuleHandleA
MoveFileA
CreateDirectoryW
lstrcpyW
FileTimeToLocalFileTime
FileTimeToSystemTime
OpenMutexA
GetDriveTypeA
LocalFree
GetFileTime
DeviceIoControl
CreateThread
TerminateThread
OpenThread
CreateMutexA
GetLocalTime
GetCurrentThreadId
OutputDebugStringA
SetEvent
OpenFileMappingA
OpenEventA
CreateFileMappingA
CreateEventA
MapViewOfFile
UnmapViewOfFile
WritePrivateProfileStringA
GetPrivateProfileStringA
GetTimeZoneInformation
WaitForSingleObject
CreateProcessA
CompareStringW
CompareStringA
lstrlenW
lstrcmpiA
GetVersion
MultiByteToWideChar
GetModuleFileNameA
GetFileAttributesA
DeleteFileA
RemoveDirectoryA
LoadLibraryA
FreeLibrary
FreeResource
GetLastError
CreateDirectoryA
CreateFileA
GetFileSize
ReadFile
CloseHandle
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
GetCommandLineA
TerminateProcess
GetComputerNameA
GetCurrentProcess
Sleep
GetDiskFreeSpaceExA
GetTickCount
GetTempPathA
FindFirstFileW
DeleteVolumeMountPointW
RemoveDirectoryW
SetFileAttributesW
DeleteFileW
FindNextFileW
GetSystemDirectoryA
FindFirstFileA
CopyFileA
FindNextFileA
FindClose
SetFileAttributesA
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
lstrlenA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
HeapFree
InterlockedExchange

user32

DestroyMenu
GetSysColorBrush
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
GetWindowTextLengthA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
UnregisterClassA
ExitWindowsEx
ClipCursor
DestroyCursor
FillRect
GetClientRect
InvalidateRect
SetTimer
KillTimer
EnableWindow
GetSysColor
LoadCursorA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
MessageBoxA
SetCursor
ReleaseDC
GetDC
wsprintfA
CharUpperA
SetCapture
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
GetWindowTextA
PostMessageA
PostQuitMessage
GetSystemMetrics
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
SendMessageA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu

gdi32

RectVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
CreateSolidBrush
PtVisible
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
DeleteObject
DeleteDC
GetStockObject
GetObjectA
SelectObject
CreateFontIndirectA
TextOutA

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCreateKeyA
RegDeleteKeyA
RegQueryValueA
RegEnumKeyA
RegCloseKey
AllocateAndInitializeSid
SetEntriesInAclA
SetNamedSecurityInfoA
FreeSid
RegEnumKeyExA

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathFileExistsA
PathFileExistsW
PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathFindFileNameA

oleaut32

VariantClear
VariantChangeType
VariantInit

ws2_32

htonl
ntohl

iphlpapi

CreateIpNetEntry
GetAdaptersInfo
GetPerAdapterInfo

Sections

.text
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ff2602c20046bf3a16c9418fe41c2e6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:23:9e:0f:ac:b3Certificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:22:1b:40:97:e0Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:23:9e:0f:af:24Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oleaut32

ws2_32

iphlpapi

Sections

.text Size: 288KB - Virtual size: 287KB

.rdata Size: 60KB - Virtual size: 56KB

.data Size: 8KB - Virtual size: 27KB

.rsrc Size: 24KB - Virtual size: 23KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:00:00:00:00:01:23:9e:0f:ac:b3
Certificate

01:00:00:00:00:01:22:1b:40:97:e0
Certificate

04:00:00:00:00:01:23:9e:0f:af:24
Certificate

.text
Size: 288KB - Virtual size: 287KB

.rdata
Size: 60KB - Virtual size: 56KB

.data
Size: 8KB - Virtual size: 27KB

.rsrc
Size: 24KB - Virtual size: 23KB