8def236d23dea950d9b1b222cb9a463a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8def236d23dea950d9b1b222cb9a463a_JaffaCakes118
Size

251KB
MD5

8def236d23dea950d9b1b222cb9a463a
SHA1

69b8bbc7939e89d0aaf54a141afc6449daf315ef
SHA256

ce59e874dce78a606dfd6953fb574b401bcff6de10360f7351464657dcc2ff3e
SHA512

54b4baac4e4ce830205c7bbd4435f4d212b88f1cbaad3e0b8395869a5fb31e38e47a0af415d5863c3d2f6693563c908bc3e96ddaa2d7fc00505c6acdfe84f533
SSDEEP

3072:xx+fXkOEH2akyFsDbDo3zU7PdH3/AfRHh4BW9jOGiVCP07kuTA/7uGCOuyodRw:xx+fBG2yFsDbpvAfRBlOX0FuTADMOuyF

Score

1^/10

Malware Config

Signatures

Files

8def236d23dea950d9b1b222cb9a463a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4e9b60b4eba865eb97cda48f376a2b47

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01-05-2012 00:00

Not After

31-12-2012 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:4d:17:73:c9:51:7e:e2:00:e8:40:3f:6a:06:c5:c2
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

13-09-2010 00:00

Not After

28-10-2013 23:59

Subject

CN=VMware\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Marketing,O=VMware\, Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ee:ac:99:c7:b3:2c:fe:d6:58:fa:f2:72:1d:b9:81:0c:bd:97:d5:22
Signer

Actual PE Digest

ee:ac:99:c7:b3:2c:fe:d6:58:fa:f2:72:1d:b9:81:0c:bd:97:d5:22

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\build\ob\bora-812388\bora\build\release\ws\vmware-unity-helper.pdb

Imports

msvcr90

vswprintf_s
_vscwprintf
atoi
_purecall
wcscpy_s
__wargv
__argc
?_type_info_dtor_internal_method@type_info@@QAEXXZ
memset
??_U@YAPAXI@Z
_recalloc
wcsncpy_s
memcpy_s
malloc
wcsstr
memmove_s
free
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
??_V@YAXPAX@Z
swprintf_s
__CxxFrameHandler3
_CxxThrowException
??3@YAXPAX@Z
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
__RTDynamicCast
_wcmdln
_initterm
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_amsg_exit

kernel32

GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedCompareExchange
lstrlenW
GetLastError
InterlockedIncrement
InterlockedDecrement
GetProcAddress
GetModuleHandleW
lstrcmpiW
SetLastError
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
lstrcpynW
GetComputerNameW
CloseHandle
CreateMutexW
OutputDebugStringW
VerifyVersionInfoW
VerSetConditionMask
GetVersion
CreateProcessW
LoadLibraryW
OpenMutexW
GetExitCodeProcess
WaitForMultipleObjects
ReleaseMutex
WaitForSingleObject
CreateEventW
Sleep
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
FlushInstructionCache

user32

TranslateMessage
DispatchMessageW
LoadCursorW
GetClassInfoExW
GetMessageW
GetClassLongW
GetWindowDC
FillRect
PeekMessageW
CharNextW
DestroyWindow
RegisterClassExW
UnregisterClassA
GetSysColor
PostMessageW
SetWindowLongW
SendMessageW
FindWindowW
AllowSetForegroundWindow
PostQuitMessage
PtInRect
SetRectEmpty
CopyRect
IntersectRect
SetWindowPos
GetWindowRect
ShowWindow
IsWindowVisible
SetTimer
KillTimer
GetSystemMetrics
IsWindow
UnhookWindowsHookEx
UnregisterHotKey
RegisterHotKey
MonitorFromRect
AttachThreadInput
SetForegroundWindow
GetWindowThreadProcessId
GetForegroundWindow
GetWindowLongW
FindWindowExW
MonitorFromPoint
CallNextHookEx
GetCursorPos
SendInput
SetWindowsHookExW
GetFocus
GetDlgCtrlID
SystemParametersInfoW
ReleaseDC
GetDC
CreateWindowExW
DrawTextW
DrawFocusRect
DrawFrameControl
IsDialogMessageW
GetDlgItem
IsChild
RedrawWindow
GetClientRect
OffsetRect
InflateRect
CallWindowProcW
SetFocus
AnimateWindow
DefWindowProcW
GetMonitorInfoW

gdi32

CombineRgn
CreateRectRgnIndirect
ExcludeClipRect
GetTextMetricsW
DeleteDC
GetObjectA
CreateCompatibleBitmap
CreateCompatibleDC
ExtTextOutW
BitBlt
SetTextColor
SetBkMode
SetBkColor
SelectObject
CreateFontIndirectW
CreateDIBSection
CreateBitmap
SaveDC
RestoreDC
DeleteObject

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
CreateBindCtx
CoCreateGuid
StringFromGUID2
CoTaskMemAlloc

oleaut32

VariantChangeType
VariantClear
SysAllocString
VariantCopy
VariantInit
SysFreeString
SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr

shell32

SHAppBarMessage

shlwapi

PathAppendW
PathRemoveFileSpecW
AssocQueryStringW

gdiplus

GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipMeasureString
GdipDrawString
GdipFillPolygonI
GdipFillRectangle
GdipDrawRectangle
GdipReleaseDC
GdipGetDC
GdipCreateFromHDC
GdipSetStringFormatTrimming
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatLineAlign
GdipSetStringFormatFlags
GdipCreateLineBrushFromRect
GdipCreateSolidFill
GdipDeleteFont
GdipDeleteGraphics
GdipCreateStringFormat
GdipDeletePen
GdipCreatePen2
GdipAlloc
GdipFree
GdipDeleteBrush
GdipDeleteStringFormat
GdipCreatePen1

uxtheme

GetThemeInt
DrawThemeBackground
OpenThemeData
CloseThemeData

msvcp90

??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?length@?$char_traits@D@std@@SAIPBD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

sigc-2.0

??0connection@sigc@@QAE@XZ
??0slot_base@sigc@@QAE@ABV01@@Z
??0slot_base@sigc@@QAE@XZ
??1signal_exec@internal@sigc@@QAE@XZ
?blocked@slot_base@sigc@@QBE_NXZ
?empty@slot_base@sigc@@QBE_NXZ
??Rslot_do_bind@internal@sigc@@QBEXPBUtrackable@2@@Z
??Rslot_do_unbind@internal@sigc@@QBEXPBUtrackable@2@@Z
??0signal_exec@internal@sigc@@QAE@PBUsignal_impl@12@@Z
??0slot_do_unbind@internal@sigc@@QAE@PAUslot_rep@12@@Z
??0slot_do_bind@internal@sigc@@QAE@PAUslot_rep@12@@Z
??0slot_rep@internal@sigc@@QAE@P6APAXPAX@Z11@Z
??4connection@sigc@@QAEAAU01@ABU01@@Z
?disconnect@connection@sigc@@QAEXXZ
?empty@connection@sigc@@QBE_NXZ
??1slot_base@sigc@@QAE@XZ
??3slot_rep@internal@sigc@@SAXPAX@Z
??2slot_rep@internal@sigc@@SAPAXI@Z
?add_destroy_notify_callback@trackable@sigc@@QBEXPAXP6APAX0@Z@Z
?notify@slot_rep@internal@sigc@@SAPAXPAX@Z
?remove_destroy_notify_callback@trackable@sigc@@QBEXPAX@Z
?connect@signal_base@sigc@@IAE?AV?$_Iterator@$00@?$list@Vslot_base@sigc@@V?$allocator@Vslot_base@sigc@@@std@@@std@@ABVslot_base@2@@Z
??1trackable@sigc@@QAE@XZ
??1slot_rep@internal@sigc@@QAE@XZ
??0trackable@sigc@@QAE@XZ
??0slot_base@sigc@@QAE@PAUslot_rep@internal@1@@Z
??0signal_base@sigc@@QAE@XZ
??1connection@sigc@@QAE@XZ
??1signal_base@sigc@@QAE@XZ

vmwarecui

?GetConnectionState@Connection@ipc@cui@@QBE?AW4ConnectionState@123@XZ
??1Error@cui@@UAE@XZ
??0Error@cui@@QAE@ABVstring@utf@@@Z
?SetConnectionState@Connection@ipc@cui@@IAEXW4ConnectionState@123@@Z
?GetConnection@Control@ipc@cui@@QBEPAVConnection@23@XZ
?GetControl@Dispatch@ipc@cui@@QBEPAVControl@23@XZ
??1Connection@ipc@cui@@UAE@XZ
?FromBitfield@Modifiers@cui@@SA?AU12@I@Z
??0Color@cui@@QAE@EEEE@Z
?SetControl@Dispatch@ipc@cui@@QAEXPAVControl@23@@Z
??0Control@ipc@cui@@QAE@PAVConnection@12@@Z
??1Control@ipc@cui@@UAE@XZ
?Format@cui@@YA?AVstring@utf@@PBDZZ
??1Dispatch@ipc@cui@@UAE@XZ
??0Dispatch@ipc@cui@@QAE@XZ
?COMMAND_ID_ADD_VM@UnityHelper@ipc@cui@@2Vstring@utf@@B
?COMMAND_ID_REMOVE_VM@UnityHelper@ipc@cui@@2Vstring@utf@@B
?COMMAND_ID_OPEN_VM_FAILED@UnityHelper@ipc@cui@@2Vstring@utf@@B
?COMMAND_ID_UPDATE_VM_INFO@UnityHelper@ipc@cui@@2Vstring@utf@@B
?COMMAND_ID_SET_UNITY_ACTIVE@UnityHelper@ipc@cui@@2Vstring@utf@@B
??9Color@cui@@QBE_NABV01@@Z
?COMMAND_ID_SHOW_APPS_BUTTON@UnityHelper@ipc@cui@@2Vstring@utf@@B
?COMMAND_ID_HIDE_APPS_BUTTON@UnityHelper@ipc@cui@@2Vstring@utf@@B
?COMMAND_ID_MENU_CLOSED@UnityHelper@ipc@cui@@2Vstring@utf@@B
?COMMAND_ID_LAUNCH_MENU_HOTKEY_CHANGED@UnityHelper@ipc@cui@@2Vstring@utf@@B
?ReceiveMessage@Dispatch@ipc@cui@@QAEXHV?$deque@Vstring@utf@@V?$allocator@Vstring@utf@@@std@@@std@@V?$slot@XV?$deque@Vstring@utf@@V?$allocator@Vstring@utf@@@std@@@std@@Unil@sigc@@U34@U34@U34@U34@U34@@sigc@@@Z
?COMMAND_ID_SHOW_APPS_MENU@UnityHelper@ipc@cui@@2Vstring@utf@@B
??0Color@cui@@QAE@ABVstring@utf@@@Z
??0Connection@ipc@cui@@QAE@XZ
?SendCommand@Dispatch@ipc@cui@@QAEXVstring@utf@@V?$deque@Vstring@utf@@V?$allocator@Vstring@utf@@@std@@@std@@H@Z
?COMMAND_ID_GHI_LAUNCH@UnityHelper@ipc@cui@@2Vstring@utf@@B

vmwarewui

?ScheduleCallback@util@wui@@YA?AUconnection@sigc@@V?$slot@XUnil@sigc@@U12@U12@U12@U12@U12@U12@@4@I@Z
?GetMoniker@util@wui@@YAJABVstring@utf@@PAPAUIMoniker@@@Z
??1VM@wui@@MAE@XZ
?IsHighContrastOn@util@wui@@YA_NXZ
??0CInitGdiplus@util@wui@@QAE@_N@Z
??1CInitGdiplus@util@wui@@QAE@XZ
?Succeeded@CInitGdiplus@util@wui@@QBE_NXZ
?LookUpVmxPath@unityHelperXml@util@wui@@YA_NABVstring@utf@@AAV45@@Z
?LookUpExecPath@unityHelperXml@util@wui@@YA_NABVstring@utf@@AAV45@@Z
?CreateServerConnection@ipc@wui@@YAPAV?$CComObjectNoLockCreator@VServerConnectionImpl@ipc@wui@@@12@XZ

vmwarebase

ord659
ord182
ord25
ord349
ord3
ord750
ord459
ord880
ord8
ord6
ord11
ord7
ord18
ord9
ord2
ord4

vmwarestring

?empty@string@utf@@QBE_NXZ
??4string@utf@@QAEAAV01@V01@@Z
??0string@utf@@QAE@PB_W@Z
??0string@utf@@QAE@ABV01@@Z
?w_str@string@utf@@QBEPB_WXZ
?c_str@string@utf@@QBEPBDXZ
?swap@string@utf@@QAEXAAV12@@Z
?CreateWritableBuffer@utf@@YAXABVstring@1@AAV?$vector@_WV?$allocator@_W@std@@@std@@@Z
??8string@utf@@QBE_NABV01@@Z
??0string@utf@@QAE@PBD@Z
??9string@utf@@QBE_NABV01@@Z
??Mstring@utf@@QBE_NABV01@@Z
?substr@string@utf@@QBE?AV12@II@Z
?length@string@utf@@QBEIXZ
??0string@utf@@QAE@ABV_bstr_t@@@Z
??0string@utf@@QAE@ABVubstr_t@@@Z
??0string@utf@@QAE@XZ
??1string@utf@@QAE@XZ

Exports

Exports

??4CGuestLaunchMenu@wui@@QAEAAV01@ABV01@@Z
??_DVM@wui@@IAEXXZ
?CreateClientConnection@ipc@wui@@YAPAV?$CComObjectNoLockCreator@VClientConnectionImpl@ipc@wui@@@12@XZ
?GetAllowMultimon@UnityMgr@wui@@QBE_NXZ
?GetLaunchMenu@UnityMgr@wui@@QAEAAVCGuestLaunchMenu@2@XZ
?GetUnityOptions@UnityMgr@wui@@UAEIXZ
?GetUnityWindowZOrder@UnityMgr@wui@@QBEABV?$vector@PAUHWND__@@V?$allocator@PAUHWND__@@@std@@@std@@XZ

Sections

.text
Size: 114KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdat
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4e9b60b4eba865eb97cda48f376a2b47

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0c:4d:17:73:c9:51:7e:e2:00:e8:40:3f:6a:06:c5:c2Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

ee:ac:99:c7:b3:2c:fe:d6:58:fa:f2:72:1d:b9:81:0c:bd:97:d5:22Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr90

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shell32

shlwapi

gdiplus

uxtheme

msvcp90

sigc-2.0

vmwarecui

vmwarewui

vmwarebase

vmwarestring

Exports

Exports

Sections

.text Size: 114KB - Virtual size: 116KB

.rdata Size: 42KB - Virtual size: 44KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 3KB - Virtual size: 4KB

.reloc Size: 14KB - Virtual size: 16KB

.rdat Size: 5KB - Virtual size: 5KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0c:4d:17:73:c9:51:7e:e2:00:e8:40:3f:6a:06:c5:c2
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

ee:ac:99:c7:b3:2c:fe:d6:58:fa:f2:72:1d:b9:81:0c:bd:97:d5:22
Signer

.text
Size: 114KB - Virtual size: 116KB

.rdata
Size: 42KB - Virtual size: 44KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 4KB

.reloc
Size: 14KB - Virtual size: 16KB

.rdat
Size: 5KB - Virtual size: 5KB