a491dfc55cadec9fc534a815e12d330b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a491dfc55cadec9fc534a815e12d330b_JaffaCakes118
Size

638KB
MD5

a491dfc55cadec9fc534a815e12d330b
SHA1

b140b94f3ae97e6955e07f72a4d606723ae7772a
SHA256

2655951855b1dd12191d578a634b3ad7bbe4cf19b191fa27c0409992842e1446
SHA512

0be00a0840595fd0bc033c9de4028df6ab56a7cc29bdb8e1a7becf0c323ea838f0b5eed6366a1d890d49baff04df17514b5ea96b0847e04907ed4ebade7bcc49
SSDEEP

12288:0ePOsr6KFqfei7TyUQmcaXOCw8LiFsXKXiSQCVfxJ9+I:0ePvhFqfeiCU2aXOCw8Li2XKXiSQCVfZ

Score

1^/10

Malware Config

Signatures

Files

a491dfc55cadec9fc534a815e12d330b_JaffaCakes118
.exe windows:4 windows x64 arch:x64

8ac923676732209d6f99676f92cb5cef

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:86:19:7c:44:03:77:42:bd:bc:fb:bf:f4:e2:a7:89
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

23/01/2007, 00:00

Not After

22/01/2010, 23:59

Subject

CN=Broadcom Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Broadcom Corporation,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f8:41:85:df:5e:e9:1b:e7:24:a0:af:4c:66:5b:75:e4:3a:9a:8d:bd
Signer

Actual PE Digest

f8:41:85:df:5e:e9:1b:e7:24:a0:af:4c:66:5b:75:e4:3a:9a:8d:bd

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\build\BASS_REL_5_60_48_18\win_external_wl_1\src\tools\install\app\bcmwls\x64\Release\bcmwls64.pdb

Imports

setupapi

SetupGetBinaryField
SetupGetTargetPathW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiCallClassInstaller
SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiGetINFClassW
CM_Get_DevNode_Registry_PropertyW
SetupDiOpenDevRegKey
CM_Get_DevNode_Status
SetupDiGetDeviceInstallParamsW
SetupDiSetClassInstallParamsW
CMP_WaitNoPendingInstallEvents
CM_Reenumerate_DevNode
SetupIterateCabinetW
SetupOpenFileQueue
SetupDefaultQueueCallbackW
SetupInitDefaultQueueCallbackEx
SetupCommitFileQueueW
SetupScanFileQueueW
SetupGetFileCompressionInfoW
SetupDecompressOrCopyFileW
SetupCopyOEMInfW
SetupCloseFileQueue
SetupTermDefaultQueueCallback
SetupGetSourceFileLocationW
SetupGetIntField
SetupGetStringFieldW
SetupGetFieldCount
SetupFindNextMatchLineW
SetupGetLineTextW
SetupGetLineByIndexW
SetupFindFirstLineW
SetupGetLineCountW
SetupOpenInfFileW
SetupCloseInfFile
CM_Locate_DevNodeW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wintrust

WinVerifyTrust

kernel32

GetCurrentThreadId
FlsFree
TlsFree
FlsSetValue
TlsAlloc
FlsGetValue
RtlVirtualUnwind
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
RtlCaptureContext
IsDebuggerPresent
SetUnhandledExceptionFilter
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
SetEndOfFile
GetLocaleInfoW
GetFileAttributesW
ExpandEnvironmentStringsW
lstrcpyW
lstrcatW
CloseHandle
GetCurrentProcess
GetModuleHandleW
GetSystemDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
GetLastError
GetSystemWow64DirectoryW
SetLastError
lstrlenW
LocalAlloc
LocalFree
GetCommandLineW
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
Sleep
Module32NextW
Module32FirstW
TlsSetValue
SetThreadLocale
GetThreadLocale
CreateFileW
DeleteFileW
FlushFileBuffers
WriteFile
ReadFile
SetFilePointer
SetErrorMode
SetNamedPipeHandleState
DuplicateHandle
CreatePipe
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
GetCurrentProcessId
OutputDebugStringW
OutputDebugStringA
MoveFileExW
SetFileAttributesW
CopyFileW
GetModuleHandleA
GetStdHandle
MoveFileW
RemoveDirectoryW
GetVersionExW
GetVersionExA
GetFullPathNameW
GetTempFileNameW
GetModuleFileNameW
GetWindowsDirectoryW
GetCurrentDirectoryW
FindClose
FindFirstFileW
GetCurrentThread
GetUserDefaultLangID
WideCharToMultiByte
FormatMessageW
GetStringTypeA
UnhandledExceptionFilter
TerminateProcess
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
DeleteCriticalSection
InitializeCriticalSection
FlsAlloc
ExitProcess
GetModuleFileNameA
HeapSetInformation
HeapCreate
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
FatalAppExitA
SetHandleCount
GetStartupInfoA
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
QueryPerformanceCounter
GetTickCount
SetConsoleCtrlHandler
LoadLibraryA
CreateToolhelp32Snapshot
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetLocaleInfoA
GetACP

user32

ExitWindowsEx
EnumWindows
GetClassNameW
GetWindowThreadProcessId
GetWindowTextW
SendMessageW
UnregisterClassA

advapi32

ImpersonateSelf
OpenThreadToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
FreeSid
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegLoadKeyW
RegUnLoadKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegEnumValueW

shell32

SHGetPathFromIDListW
SHBindToParent
SHCreateDirectoryExW
SHSetLocalizedName
SHGetMalloc
SHBrowseForFolderW
SHFileOperationW
SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemAlloc

shlwapi

SHDeleteKeyW

Sections

.text
Size: 457KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ac923676732209d6f99676f92cb5cef

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

18:86:19:7c:44:03:77:42:bd:bc:fb:bf:f4:e2:a7:89Certificate

Extended Key Usages

Key Usages

f8:41:85:df:5e:e9:1b:e7:24:a0:af:4c:66:5b:75:e4:3a:9a:8d:bdSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

version

wintrust

kernel32

user32

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 457KB - Virtual size: 456KB

.rdata Size: 131KB - Virtual size: 130KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 30KB - Virtual size: 29KB

�� Size: 1024B - Virtual size: 1000B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

18:86:19:7c:44:03:77:42:bd:bc:fb:bf:f4:e2:a7:89
Certificate

f8:41:85:df:5e:e9:1b:e7:24:a0:af:4c:66:5b:75:e4:3a:9a:8d:bd
Signer

.text
Size: 457KB - Virtual size: 456KB

.rdata
Size: 131KB - Virtual size: 130KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 30KB - Virtual size: 29KB

��
Size: 1024B - Virtual size: 1000B