9494fda8c25ebfa77adad42bc2b903ca_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9494fda8c25ebfa77adad42bc2b903ca_JaffaCakes118
Size

477KB
MD5

9494fda8c25ebfa77adad42bc2b903ca
SHA1

9b5394d5094988993110d2b82ee175c7605c124a
SHA256

4a0d1aeb75dd934d0d6ff242903c99cd6bf6b0b235edb77a41eb21290153d1cc
SHA512

de79787abb6f8e6d371b3d3868a011d1a159edf26f8c6566234d9dc632c462f01318170476689fbfdcf7c3cbe32d5e27e495da360a45d27dab4c3071f7753260
SSDEEP

12288:0WN0Jks96wYNt3Nj41Xd9VFtHp9V4DWhSQ:0hJksQwYNt3Nj4ntL4DW

Score

1^/10

Malware Config

Signatures

Files

9494fda8c25ebfa77adad42bc2b903ca_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7e0333d91c046ea7913a5eded75d9eb4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:34:5f:76:6c:6d:13:5a:a9:ab:ed:3c:58:86:03:f8
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

20-09-2011 00:00

Not After

19-09-2012 23:59

Subject

CN=Beijing Enet Technology Co.\, Ltd.,O=Beijing Enet Technology Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8f:cd:50:81:c5:3f:aa:e5:65:03:a5:88:6f:3d:ac:f2:fa:33:9a:ef
Signer

Actual PE Digest

8f:cd:50:81:c5:3f:aa:e5:65:03:a5:88:6f:3d:ac:f2:fa:33:9a:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipDisposeImage
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup

kernel32

LeaveCriticalSection
ReleaseMutex
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
WritePrivateProfileStringA
GetProcessVersion
GetCPInfo
GetOEMCP
SizeofResource
SetErrorMode
RtlUnwind
CreateThread
ExitThread
HeapFree
HeapAlloc
GetTimeZoneInformation
GetSystemTime
ExitProcess
GetStartupInfoA
GetCommandLineA
RaiseException
SetStdHandle
GetFileType
HeapReAlloc
HeapSize
UnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
DeleteCriticalSection
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
MultiByteToWideChar
WideCharToMultiByte
SetLocaleInfoA
WriteProfileStringA
GetProfileIntA
GetProfileStringA
CreateDirectoryA
GetDiskFreeSpaceExA
GetSystemDirectoryA
GetVersion
Sleep
DeleteFileA
GetTickCount
lstrlenA
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
GetModuleFileNameA
LoadLibraryA
lstrcatA
FreeLibrary
GetProcAddress
GetACP
lstrcpyA
CreateFileA
DeviceIoControl
CloseHandle
InitializeCriticalSection
LocalAlloc
EnterCriticalSection
GetFileTime
GetThreadLocale
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetCurrentProcess
DuplicateHandle
FileTimeToLocalFileTime
FindNextFileA
GlobalMemoryStatus
FindClose
FindFirstFileA
TerminateProcess
WaitForSingleObject
InterlockedExchange
FormatMessageA
LocalFree
SetLastError
InterlockedDecrement
InterlockedIncrement
FindResourceA
LoadResource
LockResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetModuleHandleA
MulDiv
lstrlenW
GlobalDeleteAtom
lstrcmpA
GetLastError
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
GetDriveTypeA
GetShortPathNameA
GetLocalTime
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetFileInformationByHandle
GetFileSize
FileTimeToSystemTime
WriteFile
GetFileAttributesA
GetCurrentDirectoryA
SystemTimeToFileTime
ReadFile
SetFilePointer
CreateMutexA
GetEnvironmentStrings

user32

PtInRect
GetSysColorBrush
CharNextA
CopyAcceleratorTableA
SetRect
GetNextDlgGroupItem
MessageBeep
InflateRect
RegisterClipboardFormatA
PostThreadMessageA
GetDC
ClientToScreen
DestroyMenu
LoadStringA
MapDialogRect
SetWindowContextHelpId
EndDialog
CreateDialogIndirectParamA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetActiveWindow
ScreenToClient
CopyRect
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
LoadCursorA
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
SetWindowPlacement
GetDlgItem
GetWindowTextLengthA
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessagePos
SetForegroundWindow
SetWindowLongA
SetWindowPos
IntersectRect
GetWindowPlacement
OffsetRect
SystemParametersInfoA
GetWindow
SetFocus
GetDlgCtrlID
IsChild
InvalidateRect
AdjustWindowRectEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
IsWindowUnicode
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
SetCursor
PostQuitMessage
EnumWindows
IsWindowEnabled
GetWindowLongA
wsprintfA
GetWindowDC
ReleaseDC
GetForegroundWindow
GetWindowTextA
CharUpperA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
SetScrollPos
BeginPaint
GetWindowThreadProcessId
MessageBoxA
RegisterWindowMessageA
SendMessageTimeoutA
EnumChildWindows
GetClassNameA
GetWindowRect
WindowFromPoint
EqualRect
PostMessageA
UpdateWindow
FindWindowExA
IsWindow
IsWindowVisible
KillTimer
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuA
SendMessageA
SetTimer
LoadIconA
EnableWindow
FindWindowA
GetDesktopWindow
GetMessageA
TranslateMessage
DispatchMessageA
DefDlgProcA
DrawFocusRect
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA
GetMessageTime

gdi32

SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
DeleteObject
GetStockObject
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextColor
GetBkColor
GetMapMode
PatBlt
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
DPtoLP
LPtoDP
CreateBitmap
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
GetTextExtentPointA
CreateDIBitmap
BitBlt

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

comctl32

ord17

oledlg

ord8

ole32

OleFlushClipboard
CoInitialize
CoUninitialize
StgOpenStorage
StgIsStorageFile
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleIsCurrentClipboard

olepro32

ord253

oleaut32

SysStringLen
VariantTimeToSystemTime
SysAllocStringByteLen
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
VariantChangeType
VariantCopy
SysAllocStringLen
VariantClear
SysFreeString

wsock32

send
recv
closesocket
connect
htons
socket
gethostbyname
getprotobyname
gethostname
WSACleanup
WSAStartup

oleacc

ObjectFromLresult

Sections

.text
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 40.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e0333d91c046ea7913a5eded75d9eb4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

6c:34:5f:76:6c:6d:13:5a:a9:ab:ed:3c:58:86:03:f8Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

8f:cd:50:81:c5:3f:aa:e5:65:03:a5:88:6f:3d:ac:f2:fa:33:9a:efSigner

Headers

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wsock32

oleacc

Sections

.text Size: 372KB - Virtual size: 371KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 16KB - Virtual size: 40.0MB

.rsrc Size: 8KB - Virtual size: 7KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

6c:34:5f:76:6c:6d:13:5a:a9:ab:ed:3c:58:86:03:f8
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

8f:cd:50:81:c5:3f:aa:e5:65:03:a5:88:6f:3d:ac:f2:fa:33:9a:ef
Signer

.text
Size: 372KB - Virtual size: 371KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 16KB - Virtual size: 40.0MB

.rsrc
Size: 8KB - Virtual size: 7KB