93f9fe7f8d236188c79aeb7f8bff79fd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

93f9fe7f8d236188c79aeb7f8bff79fd_JaffaCakes118
Size

12.4MB
MD5

93f9fe7f8d236188c79aeb7f8bff79fd
SHA1

45b84a39dccc4fe43c8595be75f53328bc86de40
SHA256

18a631cbfac63a285d463a676b29cad00cc82ae12679194c1ccc70504a8ec493
SHA512

eec5b272f68d4164d1fc2b2d823254b9d48482d97438988a6b69e268a00012c6508f57c79732340ab90f12e56675f4cfac66ae1aacde8c63fedb9c7bd0ad34c9
SSDEEP

49152:zYBZJ0tLBOEvOtZzSZZgGtD5vcV760XLhhhhmT:469BOkObzSftD5vQ7j7hhhhw

Score

1^/10

Malware Config

Signatures

Files

93f9fe7f8d236188c79aeb7f8bff79fd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8700dc5ad2d924a60cd863138e8ac122

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:a7:e1:97:9d:3a:07:e6:72:82:d6:f9:71:38:b4:b3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/02/2008, 00:00

Not After

27/02/2011, 23:59

Subject

CN=ParetoLogic Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=ParetoLogic Inc.,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:d2:27:5b:17:dc:cf:a4:fb:f1:68:0c:ae:b0:49:12:3e:8b:7b:33
Signer

Actual PE Digest

bd:d2:27:5b:17:dc:cf:a4:fb:f1:68:0c:ae:b0:49:12:3e:8b:7b:33

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\_BuildSystem\_builds\PLRC160\Release\RegCure.pdb

Imports

shfolder

SHGetFolderPathA

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA
DragFinish
DragQueryFileA
ExtractIconA
ShellExecuteExA
Shell_NotifyIconA
SHAppBarMessage
ShellExecuteA

ole32

OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CreateBindCtx
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
StringFromGUID2
WriteClassStg
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleRun
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterClassObject
CoRevokeClassObject
CreateStreamOnHGlobal
CoUninitialize
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
WriteFmtUserTypeStg
CoGetClassObject
SetConvertStg
CoTaskMemFree
CoInitialize
CoCreateInstance
CoRegisterMessageFilter

shlwapi

PathCompactPathA
PathRemoveFileSpecA
SHDeleteKeyA
UrlUnescapeA
PathRemoveExtensionA
PathFindExtensionA
PathIsUNCA
PathStripToRootA
PathFindOnPathA
PathFindFileNameA
PathUnquoteSpacesA
PathGetCharTypeA
PathFileExistsA
PathAppendA

gdi32

TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
GetViewportOrgEx
DeleteDC
GetTextExtentPointA
GetTextMetricsA
CreateFontW
CreateBitmapIndirect
GetBitmapBits
SetPixel
CreateDIBitmap
CreateRectRgnIndirect
ExtSelectClipRgn
PolyBezierTo
PtVisible
LPtoDP
DPtoLP
GetWindowExtEx
GetViewportExtEx
GetMapMode
GetBkColor
StretchBlt
Rectangle
CreatePen
PolylineTo
PolyDraw
ArcTo
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
StartDocA
SelectClipPath
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
CreateDCA
CopyMetaFileA
GetCurrentPositionEx
GetDeviceCaps
SaveDC
GetTextExtentPoint32A
RestoreDC
DeleteObject
SelectObject
CreateFontIndirectA
GetTextColor
SetTextColor
GetStockObject
GetPixel
CombineRgn
CreateRectRgn
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
GetObjectA
CreateSolidBrush
CreateDIBPatternBrushPt
CreatePatternBrush
CreateBitmap
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
ExtCreatePen
CreateHatchBrush
GetDCOrgEx
PatBlt
SetRectRgn
EnumFontFamiliesExA
GetRgnBox
GetCharWidthA
CreateFontA
RectVisible
StretchDIBits

msimg32

TransparentBlt

autoupdate

_AuQueryServer@4
_AuInitialize@4
_AuSetup@4
_AuRunAutoUpdate@4
_AuDownloadUpdateAsync@4
_AuQueryServerAsync@4

comctl32

PropertySheetA
_TrackMouseEvent

user32

SetForegroundWindow
FindWindowExA
DrawIcon
EnableMenuItem
GetMenuDefaultItem
GetMenuItemCount
GetMenuItemID
ModifyMenuA
LoadMenuA
IsIconic
IsWindowVisible
LoadIconA
GetSystemMetrics
RegisterWindowMessageA
GetDlgCtrlID
GetWindow
MoveWindow
AdjustWindowRectEx
ClientToScreen
EndPaint
BeginPaint
EqualRect
CharLowerA
CharNextA
UnregisterClassA
GetSysColorBrush
GetDialogBaseUnits
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
BringWindowToTop
SetMenu
TranslateAcceleratorA
IsZoomed
SetWindowContextHelpId
ShowOwnedPopups
PostQuitMessage
WindowFromPoint
GetMessageA
ValidateRect
MapVirtualKeyA
GetKeyNameTextA
PostThreadMessageA
SetWindowTextA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
CheckMenuItem
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SendDlgItemMessageA
WinHelpA
IsChild
SetWindowsHookExA
DeleteMenu
WaitMessage
CharLowerW
CharUpperA
CharUpperW
ShowWindow
GetClassLongA
GetWindowTextLengthA
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetMenu
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
DeferWindowPos
SetScrollInfo
SetWindowPlacement
DefWindowProcA
CallWindowProcA
SetWindowLongA
GetCursorPos
IsWindow
ReleaseCapture
SetCapture
KillTimer
SetTimer
RedrawWindow
IsClipboardFormatAvailable
GetClipboardData
SetWindowPos
GetMonitorInfoA
GetSysColor
IsRectEmpty
CopyIcon
FillRect
LoadCursorA
GrayStringA
DrawTextExA
TabbedTextOutA
SetCursor
GetScrollInfo
UpdateWindow
ReleaseDC
GetDC
DrawFocusRect
DrawEdge
OffsetRect
SetRectEmpty
PtInRect
CopyRect
InvalidateRect
InflateRect
GetKeyState
SetRect
DrawTextA
LoadImageA
GetClientRect
GetWindowRect
SetWindowRgn
PostMessageA
GetClassNameA
EnableWindow
SendMessageA
GetParent
RemoveMenu
GetSubMenu
SetMenuDefaultItem
LoadBitmapA
MonitorFromWindow
FindWindowA
CloseClipboard
OpenClipboard
InvalidateRgn
CallNextHookEx
CopyAcceleratorTableA
GetSystemMenu
SetParent
UnionRect
RegisterClipboardFormatA
GetDCEx
LockWindowUpdate
TrackPopupMenu
SystemParametersInfoA
MessageBeep
GetNextDlgGroupItem
ScrollWindowEx
DestroyIcon
wvsprintfA
EnumWindows
GetWindowThreadProcessId
GetWindowTextA
TranslateMessage
IsDialogMessageA
DispatchMessageA
PeekMessageA
IsWindowEnabled
GetDlgItem
GetWindowLongA
SetFocus
GetFocus
GetAsyncKeyState
RemovePropA
GetPropA
MapDialogRect
SetActiveWindow
GetActiveWindow
GetCapture
SetPropA
InsertMenuA
AppendMenuA
GetMenuStringA
GetMenuState
UnhookWindowsHookEx
ScreenToClient
GetWindowDC
GetMenuItemInfoA
DestroyMenu
GetWindowPlacement
IntersectRect

msi

ord172
ord216

kernel32

GetLocaleInfoW
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
QueryPerformanceCounter
SizeofResource
LockResource
LoadResource
FindResourceA
WideCharToMultiByte
CloseHandle
ReadFile
CreateFileA
lstrcmpiA
GetACP
MultiByteToWideChar
GetTickCount
GetModuleFileNameA
LoadLibraryA
GetModuleHandleA
GetProcAddress
SetLastError
GetLastError
FreeLibrary
GetWindowsDirectoryA
WaitForSingleObject
Sleep
GlobalUnlock
GlobalLock
FormatMessageA
LocalFree
GetVersion
ResetEvent
SetEvent
GlobalAlloc
ResumeThread
CreateEventA
GlobalFree
MulDiv
FreeResource
FindClose
DeleteFileA
FindNextFileA
RemoveDirectoryA
FindFirstFileA
MoveFileA
GetCurrentProcess
CreateDirectoryA
CreateMutexA
SetCurrentDirectoryA
TerminateThread
lstrlenW
lstrlenA
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
InterlockedExchange
CompareStringA
CompareStringW
lstrcmpiW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
HeapFree
GetProcessHeap
InterlockedDecrement
GetVersionExA
lstrcpyA
CopyFileA
lstrcatA
HeapAlloc
CreateToolhelp32Snapshot
Process32First
TerminateProcess
InitializeCriticalSection
Process32Next
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThread
OpenProcess
QueryDosDeviceA
VirtualAlloc
VirtualFree
GetCurrentProcessId
DuplicateHandle
GetLogicalDriveStringsA
ExpandEnvironmentStringsA
lstrcpynA
FileTimeToLocalFileTime
GetFileAttributesA
SetFileAttributesA
GetFileSize
GetShortPathNameA
VirtualProtect
GlobalSize
GetModuleFileNameW
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
lstrcmpA
GetThreadLocale
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationA
GetFullPathNameA
RaiseException
SetThreadPriority
SuspendThread
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
LocalFileTimeToFileTime
SetFileTime
GetFileTime
LocalAlloc
FindResourceExA
GetAtomNameA
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetCurrentDirectoryA
RtlUnwind
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetSystemInfo
VirtualQuery
GetCommandLineA
GetStartupInfoA
GetDriveTypeA
SetStdHandle
GetFileType
ExitProcess
HeapSize
IsValidCodePage
LCMapStringA
LCMapStringW
FatalAppExitA
HeapDestroy
HeapCreate
GetStdHandle
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
SetHandleCount
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

GetSidSubAuthority
RegEnumValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
GetUserNameA
RegEnumKeyExA
OpenThreadToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CopySid
GetLengthSid
RegCreateKeyA
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RegGetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAce
InitializeAcl
RegSetKeySecurity
RegOpenKeyA
RegSetValueA
RegQueryValueA

oledlg

ord8

oleaut32

VariantClear
SetErrorInfo
VariantChangeType
GetErrorInfo
VariantInit
SafeArrayLock
OleLoadPicture
SysFreeString
SysAllocStringLen
SysAllocString
SysStringLen
SysAllocStringByteLen
LoadTypeLi
OleCreateFontIndirect
VarBstrFromDate
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarDateFromStr
SysReAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
CreateErrorInfo
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
DispCallFunc
VariantCopy
VarBstrCmp
SysStringByteLen

wininet

InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
HttpEndRequestA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetSetOptionExA
InternetSetCookieA
InternetGetCookieA
InternetQueryDataAvailable
FtpDeleteFileA
FtpRenameFileA
FtpCreateDirectoryA
FtpRemoveDirectoryA
FtpSetCurrentDirectoryA
FtpGetCurrentDirectoryA
FtpPutFileA
FtpGetFileA
InternetErrorDlg
InternetFindNextFileA
GopherFindFirstFileA
InternetOpenUrlA
GopherOpenFileA
FtpFindFirstFileA
GopherCreateLocatorA
FtpCommandA
FtpOpenFileA
GopherGetAttributeA
HttpSendRequestExA
InternetGetLastResponseInfoA

mpr

WNetGetUserA

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11.1MB - Virtual size: 11.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8700dc5ad2d924a60cd863138e8ac122

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

1d:a7:e1:97:9d:3a:07:e6:72:82:d6:f9:71:38:b4:b3Certificate

Extended Key Usages

Key Usages

bd:d2:27:5b:17:dc:cf:a4:fb:f1:68:0c:ae:b0:49:12:3e:8b:7b:33Signer

Headers

File Characteristics

PDB Paths

Imports

shfolder

shell32

ole32

shlwapi

gdi32

msimg32

autoupdate

comctl32

user32

msi

kernel32

comdlg32

winspool.drv

advapi32

oledlg

oleaut32

wininet

mpr

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 240KB - Virtual size: 236KB

.data Size: 28KB - Virtual size: 41KB

.rsrc Size: 11.1MB - Virtual size: 11.1MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

1d:a7:e1:97:9d:3a:07:e6:72:82:d6:f9:71:38:b4:b3
Certificate

bd:d2:27:5b:17:dc:cf:a4:fb:f1:68:0c:ae:b0:49:12:3e:8b:7b:33
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 240KB - Virtual size: 236KB

.data
Size: 28KB - Virtual size: 41KB

.rsrc
Size: 11.1MB - Virtual size: 11.1MB