8ed5a80c4f3cea87a519dd3bafd80671_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8ed5a80c4f3cea87a519dd3bafd80671_JaffaCakes118
Size

3.2MB
MD5

8ed5a80c4f3cea87a519dd3bafd80671
SHA1

1edbd9f57b8731cae66b91e3d18d2da95fe5c4c9
SHA256

d2a8d6836be624d4b5c53b5d31cdf5c21c5e18b01a054e196a335ba7596250d1
SHA512

fe6060cc5a17e16ffaeab6790474470619408f72c34b194f792aec1e697260151d1951fd9532d65a3510ce0c95f071ab5f8c99afe5c8da35194a4991c3da5a1b
SSDEEP

98304:W9Td3A0xPxu/cC9X0GNkaS9wnOMu5+llTbkPyZoK0LH4Yw33o:WxZfxPx3VAnvhTgq30LH4p34

Score

1^/10

Malware Config

Signatures

Files

8ed5a80c4f3cea87a519dd3bafd80671_JaffaCakes118
.exe windows:5 windows x86 arch:x86

17763f4d70e3b978c4973dec057b9d97

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:e1:0c:bc:a6:f9:91:af:47:8f:33:0a:2e:a1:f0:e6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

02-02-2009 00:00

Not After

19-04-2012 23:59

Subject

CN=gimas Gesellschaft fuer InformationsManagement und Software mbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=gimas Gesellschaft fuer InformationsManagement und Software mbH,L=Frankfurt am Main,ST=Hessen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d9:47:ae:0c:48:ee:32:7e:15:63:85:8f:dc:ba:36:5d:e9:d0:9a:4a
Signer

Actual PE Digest

d9:47:ae:0c:48:ee:32:7e:15:63:85:8f:dc:ba:36:5d:e9:d0:9a:4a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\TFSCache\ResetDefault (IE9-Installer)\Release\ResetDefaults.pdb

Imports

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

advapi32

GetUserNameA
RegCreateKeyExW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
RegDeleteKeyW
CryptAcquireContextW
CryptGetUserKey
CryptDestroyKey
CryptExportKey
RegQueryValueExA
RegSetValueExA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegCreateKeyExA
RegOpenKeyExA

oleaut32

SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
VariantClear
VarBstrFromDate
VariantInit
SysAllocStringLen
SysFreeString
OleLoadPicture
SysAllocString

ole32

CreateStreamOnHGlobal
CoInitialize
OleUninitialize
OleInitialize
CLSIDFromProgID
CoCreateInstance
CoTaskMemFree
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CoUninitialize
CoInitializeEx
DoDragDrop
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard

kernel32

OpenProcess
GetModuleHandleW
CreateDirectoryW
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadResource
FindResourceW
FindFirstFileW
MultiByteToWideChar
GetProcAddress
LockResource
FindNextFileW
CloseHandle
FreeResource
ResumeThread
HeapAlloc
HeapFree
GetProcessHeap
LeaveCriticalSection
SetEnvironmentVariableA
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetStringTypeW
Sleep
GetConsoleMode
GetConsoleCP
IsProcessorFeaturePresent
IsValidCodePage
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
QueryPerformanceCounter
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
ExitProcess
HeapSize
HeapQueryInformation
ExitThread
GetFileType
SetStdHandle
RaiseException
HeapReAlloc
DecodePointer
InterlockedExchange
EnterCriticalSection
CreateThread
LocalFree
SizeofResource
GetVersionExW
LCMapStringW
GetFileAttributesW
GetLastError
GetTickCount
GetACP
GetOEMCP
GetComputerNameA
FormatMessageA
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
GetLocalTime
FileTimeToLocalFileTime
GetFullPathNameW
GetFullPathNameA
GetCurrentDirectoryA
GetCurrentDirectoryW
GetTempPathW
GetTempPathA
GetModuleFileNameW
CopyFileW
DeleteFileW
DeleteFileA
CreateDirectoryA
EncodePointer
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualAlloc
GetSystemTimeAsFileTime
GetStartupInfoW
HeapSetInformation
GetCommandLineW
SearchPathW
GetProfileIntW
SetFileAttributesA
SetFileAttributesW
GetFileAttributesA
CreateFileA
MoveFileW
InitializeCriticalSectionAndSpinCount
MoveFileA
FindClose
GetTempFileNameW
GetUserDefaultLCID
lstrcpyW
GetNumberFormatW
GetWindowsDirectoryW
GetLocaleInfoW
GlobalFlags
GetUserDefaultUILanguage
FindResourceExW
GetFileSizeEx
GetFileAttributesExW
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
lstrcmpiW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
lstrlenA
lstrcmpA
GlobalGetAtomNameW
CreateEventW
SuspendThread
SetEvent
WaitForSingleObject
SetThreadPriority
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetCurrentProcessId
GlobalSize
FormatMessageW
MulDiv
ReleaseActCtx
GlobalAlloc
ActivateActCtx
DeactivateActCtx
LoadLibraryW
GlobalLock
GlobalUnlock
GlobalFree
VirtualProtect
SetLastError
lstrlenW
WideCharToMultiByte
LoadLibraryA
FreeLibrary
CreateFileW
GetVersionExA
GetTimeZoneInformation
GetFileSize
WriteFile
ReadFile
GetFileTime
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
TerminateProcess

user32

SetCursorPos
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
CopyAcceleratorTableW
SetClassLongW
DestroyAcceleratorTable
SetParent
GetSystemMenu
WaitMessage
PostThreadMessageW
IsZoomed
IsMenu
MonitorFromPoint
UpdateLayeredWindow
UnionRect
SetWindowRgn
DrawFrameControl
DrawEdge
GetKeyboardLayout
MapVirtualKeyExW
IsCharLowerW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
DrawStateW
GetKeyNameTextW
WindowFromPoint
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
BringWindowToTop
TranslateAcceleratorW
SetLayeredWindowAttributes
EnumDisplayMonitors
DeleteMenu
ShowOwnedPopups
DrawIconEx
GetNextDlgGroupItem
LoadImageW
CopyImage
GetIconInfo
OffsetRect
NotifyWinEvent
SetCursor
EnableScrollBar
HideCaret
DrawFocusRect
InvertRect
ReleaseCapture
SetCapture
MapVirtualKeyW
IsRectEmpty
CreatePopupMenu
LockWindowUpdate
RedrawWindow
IsIconic
SetRectEmpty
DestroyIcon
PostQuitMessage
IntersectRect
MessageBeep
IsClipboardFormatAvailable
DestroyMenu
GetMenuItemInfoW
InflateRect
RealChildWindowFromPoint
LoadCursorW
GetSysColorBrush
CharUpperW
GetSystemMetrics
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
MoveWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
CheckDlgButton
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
GetWindowTextLengthW
GetWindowTextW
SetMenuDefaultItem
CopyIcon
GetDoubleClickTime
RegisterClipboardFormatW
FrameRect
CharUpperBuffW
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
GetForegroundWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
GetUpdateRect
SubtractRect
DestroyCursor
DrawIcon
GetWindowRgn
GetMenuDefaultItem
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
GetWindow
GetDesktopWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetNextDlgTabItem
EndDialog
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetLastActivePopup
LoadMenuW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
UnhookWindowsHookEx
SetPropW
GetCapture
GetActiveWindow
SetActiveWindow
MapDialogRect
SetWindowPos
ShowWindow
GetPropW
RemovePropW
GetAsyncKeyState
GetFocus
SetFocus
GetWindowRect
GetWindowLongW
GetDlgItem
IsWindowEnabled
GetParent
InvalidateRect
GetClientRect
SetTimer
KillTimer
GetDC
ReleaseDC
EnableWindow
PostMessageW
FindWindowW
SystemParametersInfoW
MessageBoxW
SendMessageW
GetWindowThreadProcessId
SetRect

gdi32

GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
GetTextExtentPoint32W
GetTextMetricsW
CreateFontIndirectW
EnumFontFamiliesExW
DPtoLP
CreateRectRgnIndirect
SetRectRgn
CombineRgn
PatBlt
CreateCompatibleBitmap
BitBlt
GetBkColor
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
CreateEllipticRgn
CreatePolygonRgn
GetTextColor
Polyline
Ellipse
Polygon
Rectangle
OffsetRgn
GetRgnBox
CreateRoundRectRgn
PtInRegion
FrameRgn
SetPixelV
ExtFloodFill
SetPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
FillRgn
GetBoundsRect
GetTextFaceW
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
CreateFontW
GetDeviceCaps
GetObjectW
CreateCompatibleDC
SelectObject
DeleteObject
SetDIBColorTable
StretchBlt
CreateDIBSection
DeleteDC
GetStockObject
CopyMetaFileW
CreateDCW
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextColor

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderLocation
DragFinish
SHAppBarMessage
SHBrowseForFolderW
DragQueryFileW
SHGetFileInfoW

comctl32

ord17
ImageList_GetIconSize

shlwapi

PathIsUNCW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathStripToRootW
PathAppendW

gdiplus

GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdipGetImageWidth
GdipCloneImage
GdipBitmapLockBits
GdipGetImagePaletteSize
GdipDisposeImage
GdipAlloc
GdipDrawImageI
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImageHeight
GdipFree
GdiplusShutdown
GdipDrawImageRectI
GdipSetInterpolationMode

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertCreateCertificateContext
CertDuplicateCertificateContext
CryptAcquireCertificatePrivateKey
CertGetCertificateContextProperty
CertGetCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateChain
CryptDecodeObject
CertSetCertificateContextProperty
CertNameToStrA
CertFreeCertificateContext
CertGetSubjectCertificateFromStore
CryptMsgControl
CryptMsgGetParam
CryptMsgClose
CryptMsgUpdate
CryptMsgOpenToDecode
CryptDecryptMessage
CertCreateCertificateChainEngine

ws2_32

recv
send
shutdown
closesocket
__WSAFDIsSet
select
ioctlsocket
setsockopt
WSAStartup
ntohs
htons
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr
connect
getsockname
bind
socket

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 670KB - Virtual size: 670KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17763f4d70e3b978c4973dec057b9d97

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

71:e1:0c:bc:a6:f9:91:af:47:8f:33:0a:2e:a1:f0:e6Certificate

Extended Key Usages

Key Usages

d9:47:ae:0c:48:ee:32:7e:15:63:85:8f:dc:ba:36:5d:e9:d0:9a:4aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

advapi32

oleaut32

ole32

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

shell32

comctl32

shlwapi

gdiplus

oleacc

imm32

winmm

crypt32

ws2_32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 670KB - Virtual size: 670KB

.data Size: 76KB - Virtual size: 118KB

.rsrc Size: 115KB - Virtual size: 115KB

.reloc Size: 272KB - Virtual size: 272KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

71:e1:0c:bc:a6:f9:91:af:47:8f:33:0a:2e:a1:f0:e6
Certificate

d9:47:ae:0c:48:ee:32:7e:15:63:85:8f:dc:ba:36:5d:e9:d0:9a:4a
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 670KB - Virtual size: 670KB

.data
Size: 76KB - Virtual size: 118KB

.rsrc
Size: 115KB - Virtual size: 115KB

.reloc
Size: 272KB - Virtual size: 272KB