a34da5bfea49cea060a3f77acbf2dd41_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a34da5bfea49cea060a3f77acbf2dd41_JaffaCakes118
Size

155KB
MD5

a34da5bfea49cea060a3f77acbf2dd41
SHA1

81a31d1a2bbc0c37c9b8f971d8f07cb4ac2a0d47
SHA256

85917a70e3a0eb71517d083407dbb0f364c24bc723bbafe2fd2713733cb5e4af
SHA512

9f734fc7eabdb9e3660ddcc3af72e0daa8aa2d24c0141ec5fac422be01bd4c203128f1b57a702e614dca86347f4d9ec74ccf00069056c17ee44e4a46b453e3b0
SSDEEP

3072:DW6a+k4p6TOfSY+U4DLTRTBxcIn1LSejy5y+mZ:DW6ar/TOfn+U4DLTRV2Inx5jh+s

Score

1^/10

Malware Config

Signatures

Files

a34da5bfea49cea060a3f77acbf2dd41_JaffaCakes118
.exe windows:5 windows x86 arch:x86

57e927c38bfc7d4f3974e719ed4f8c5d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13/09/2008, 00:00

Not After

09/10/2011, 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

55:29:76:85:d8:1c:23:b9:3e:64:e1:12:5b:bc:ca:d0:8d:10:d4:fb
Signer

Actual PE Digest

55:29:76:85:d8:1c:23:b9:3e:64:e1:12:5b:bc:ca:d0:8d:10:d4:fb

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\VSE3\BUILD\vse\Release\McUpdate.pdb

Imports

shutil

REG_SetConfigSrcDest
CmaWrapCreate
OMP_NameValidateItem
OMP_NameIsUNCPath
OMP_NameHasDriveLetter
REG_OpenKeyEx
REG_CloseKey
REG_DeleteValue
REG_DeleteKey
OMP_NameStripServerNameFromUNCPath
REG_GetOpt
LoadSchedTaskData
REG_ConnectComputer
SaveSchedTaskData
REG_SetOpt
MID_WriteFlag
REG_QueryValueEx
GetGraphicsModuleHandle
UIP
PageLevelHtmlHelp
IsServerCore
DisplayCMASchedDialog
GetVSEEngineInfoA
GetASEEngineInfoA
GetModulesLicenseStrings
REG_SetValueEx
Sh_AddToRolledbackDATList
GetVSESoftwareID

vsevntui

GetAlertingSeverityLimit
?GetAlertingDestinations@@YGXPAGPA_N11@Z

lz32

LZSeek
LZClose
LZOpenFileW
LZRead

comctl32

ord17

kernel32

GetFileType
SetLastError
TlsFree
GetModuleFileNameA
ExitProcess
VirtualAlloc
QueryPerformanceCounter
GetCurrentProcessId
GetProcAddress
GetLocalTime
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
FreeLibrary
LoadLibraryExW
WaitForSingleObject
SetEvent
Sleep
CopyFileW
GetFileAttributesW
GetMailslotInfo
ReadFile
MultiByteToWideChar
CreateMailslotW
CreateFileMappingW
CreateEventW
OpenEventW
CloseHandle
DeleteFileW
CreateThread
ExpandEnvironmentStringsW
GetCommandLineW
CreateMutexW
CreateProcessW
GetCurrentProcess
OutputDebugStringW
LoadLibraryW
TerminateThread
GetModuleFileNameW
CreateFileW
DeviceIoControl
GetModuleHandleW
FindFirstFileW
FormatMessageW
FindClose
MulDiv
GetOEMCP
SetFilePointer
InterlockedIncrement
InterlockedDecrement
GetCPInfo
GetTickCount
GetSystemTimeAsFileTime
WriteFile
GetStdHandle
GetLastError
FindNextFileW
GetCurrentThreadId
WaitNamedPipeW
SetNamedPipeHandleState
GetCurrentThread
GetVersionExW
TlsGetValue
InitializeCriticalSection
TlsSetValue
LeaveCriticalSection
TerminateProcess
InterlockedExchange
EnterCriticalSection
DeleteCriticalSection
TlsAlloc
DebugBreak
GetUserDefaultLCID
FindFirstFileExW
GetSystemDefaultLCID
GetThreadLocale
VirtualFree
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapReAlloc
GetStartupInfoA
GetCommandLineA
HeapAlloc
HeapFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetACP
IsValidCodePage
LCMapStringW
LCMapStringA
RtlUnwind
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateFileA
RaiseException
HeapSize

user32

GetWindowRect
ScreenToClient
GetMenuItemCount
IsChild
GetParent
GetMenuItemInfoW
GetMenu
LoadStringW
SetMenuItemInfoW
DestroyWindow
GetMessageW
PostQuitMessage
KillTimer
LoadCursorW
FindWindowW
GetClassNameW
GetDesktopWindow
CreateWindowExW
RegisterClassW
DefWindowProcW
MsgWaitForMultipleObjects
DialogBoxParamW
SetFocus
TranslateMessage
LoadIconW
GetWindowLongW
GetWindowTextW
PeekMessageW
SetForegroundWindow
SetWindowLongW
EndDialog
SendDlgItemMessageW
EnumChildWindows
ShowWindow
GetDlgItemTextW
SetWindowPos
EnumWindows
SetDlgItemTextW
SendMessageW
UpdateWindow
SetWindowTextW
DispatchMessageW
SetTimer
wsprintfW
GetDlgItem
MessageBoxW
EnableWindow
PostMessageW
IsWindow
GetDC
ReleaseDC
LoadImageW
GetMenuStringW

gdi32

GetTextExtentPoint32W
GetTextMetricsW
CreateFontIndirectW
SelectObject
GetDeviceCaps

comdlg32

GetOpenFileNameW

advapi32

RegQueryValueExW
OpenThreadToken
GetTokenInformation
GetUserNameW
LookupAccountNameW
RegEnumValueW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
GetSidSubAuthority
RegSetValueExW
GetSidIdentifierAuthority
GetSidSubAuthorityCount

shell32

SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
CommandLineToArgvW

ole32

CoCreateInstance
CoInitializeEx
StringFromGUID2
CoCreateGuid
CoUninitialize

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57e927c38bfc7d4f3974e719ed4f8c5d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1Certificate

Extended Key Usages

Key Usages

55:29:76:85:d8:1c:23:b9:3e:64:e1:12:5b:bc:ca:d0:8d:10:d4:fbSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shutil

vsevntui

lz32

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 106KB - Virtual size: 106KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 5KB - Virtual size: 27KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 10KB - Virtual size: 9KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

56:4a:36:1e:16:8a:81:a8:f3:ef:aa:da:33:25:08:e1
Certificate

55:29:76:85:d8:1c:23:b9:3e:64:e1:12:5b:bc:ca:d0:8d:10:d4:fb
Signer

.text
Size: 106KB - Virtual size: 106KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 5KB - Virtual size: 27KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 10KB - Virtual size: 9KB