a5cf19207866ffbb59eb1fb063f71611_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a5cf19207866ffbb59eb1fb063f71611_JaffaCakes118
Size

14.6MB
MD5

a5cf19207866ffbb59eb1fb063f71611
SHA1

15cda8ccdcada2c91b28f04d1872a9050e22bf7e
SHA256

ac4012a5e9b667119188d00e1f386bdba2bc010b51e281e557b426553d69464b
SHA512

4582e1cc50d75278c913b3890bbef6dbceeb8125f76f94debde4d1c26d93d03c626138cde06ae051db377d6133f7308ee5d11e94e9ba07f27f8eaeb4f2aab769
SSDEEP

393216:XEw5qyTUYawOUjlBtHJKtWKVUYawOUjlBtHJKtWKffqkj:0ny3

Score

1^/10

Malware Config

Signatures

Files

a5cf19207866ffbb59eb1fb063f71611_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c3a7dfc1c8ace9532528ca3bda93fe01

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:ab:1e:e0:63:7a:b9:84:8e:94:42:83:64:1d:2e:24
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

15/11/2018, 00:00

Not After

15/11/2019, 23:59

Subject

CN=Nox Limited,OU=Core Product Department,O=Nox Limited,L=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:ab:1e:e0:63:7a:b9:84:8e:94:42:83:64:1d:2e:24
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

15/11/2018, 00:00

Not After

15/11/2019, 23:59

Subject

CN=Nox Limited,OU=Core Product Department,O=Nox Limited,L=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

fe:73:51:a6:0c:19:06:a4:55:66:d8:d5:c5:fa:01:f9:0b:f6:51:f4:01:d3:62:92:d2:5e:2d:72:af:0e:df:62
Signer

Actual PE Digest

fe:73:51:a6:0c:19:06:a4:55:66:d8:d5:c5:fa:01:f9:0b:f6:51:f4:01:d3:62:92:d2:5e:2d:72:af:0e:df:62

Digest Algorithm

sha256

PE Digest Matches

false

de:ae:9a:41:e0:cc:e9:f9:a2:c3:4c:3d:84:e9:09:f8:e2:dd:fb:9b
Signer

Actual PE Digest

de:ae:9a:41:e0:cc:e9:f9:a2:c3:4c:3d:84:e9:09:f8:e2:dd:fb:9b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

comctl32

ImageList_DragMove
InitializeFlatSB
ord17
ImageList_Write
ImageList_SetIconSize
ImageList_SetDragCursorImage
ImageList_SetBkColor
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

wininet

HttpOpenRequestA
InternetConnectA
InternetCloseHandle
HttpSendRequestExA
InternetWriteFile
InternetOpenA
FtpOpenFileA
FtpSetCurrentDirectoryA
InternetGetConnectedState

kernel32

lstrcpyA
lstrcpynA
lstrlenA
MapViewOfFile
MoveFileA
lstrcmpA
MultiByteToWideChar
OpenMutexA
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseMutex
ResetEvent
ResumeThread
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetLastError
SetThreadLocale
SetThreadPriority
SizeofResource
Sleep
SuspendThread
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
GetModuleHandleW
LockResource
LocalFree
LocalAlloc
LoadResource
LoadLibraryExA
LeaveCriticalSection
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
InitializeCriticalSection
GlobalUnlock
LoadLibraryA
GetVersion
GlobalSize
GlobalReAlloc
GlobalLock
GlobalHandle
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetWindowsDirectoryA
GetVersionExA
GetUserDefaultLCID
GetTimeZoneInformation
GetThreadLocale
GetTempPathA
GetTempFileNameA
GetSystemInfo
GetSystemDirectoryA
GetStringTypeExA
GetStdHandle
GetStartupInfoA
GetProfileStringA
GetProfileIntA
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetLocalTime
GetLocaleInfoA
GetLastError
GetFullPathNameW
GetFullPathNameA
GetFileSize
GetFileAttributesExA
GetFileAttributesA
GetExitCodeThread
GetDiskFreeSpaceA
GetDateFormatA
GetCPInfo
GetComputerNameA
GetCommandLineA
GetACP
FreeResource
FormatMessageW
FormatMessageA
FlushViewOfFile
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitThread
EnumCalendarInfoA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateThread
QueryPerformanceCounter
CreateMutexA
CreateFileW
CreateFileMappingA
CreateFileA
CreateEventA
CopyFileA
CompareStringW
CompareStringA
CloseHandle
ExitProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
MulDiv

user32

LoadCursorA
LoadIconA
LoadKeyboardLayoutA
LoadStringA
LockWindowUpdate
MapVirtualKeyA
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxA
MsgWaitForMultipleObjects
OemToCharA
OffsetRect
PeekMessageA
PostMessageA
PostMessageW
PostQuitMessage
PostThreadMessageA
PtInRect
RedrawWindow
RegisterClassA
RegisterClassW
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindowEx
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongA
SetClipboardData
SetCursorPos
SetFocus
SetForegroundWindow
SetKeyboardState
SetMenuItemInfoA
SetMenuItemInfoW
SetParent
SetPropA
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowsHookExA
SetWindowsHookExW
SetWindowTextA
SetWindowTextW
ShowCursor
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnionRect
UnregisterClassA
UnregisterClassW
UpdateWindow
ValidateRect
VkKeyScanW
WaitMessage
WindowFromPoint
IsWindowEnabled
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsClipboardFormatAvailable
IsChild
IsCharAlphaNumericA
IsCharAlphaA
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
HideCaret
GetWindowThreadProcessId
LoadBitmapA
GetWindowTextLengthW
GetWindowTextA
GetWindowRgn
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetMessageTime
GetMessagePos
GetMenuStringW
GetMenuStringA
GetMenuState
GetMenuItemInfoW
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetKeyState
GetKeyNameTextW
GetKeyNameTextA
GetKeyboardType
GetKeyboardState
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDesktopWindow
GetDCEx
GetCursorPos
GetClipboardData
GetClientRect
GetClassNameW
GetClassNameA
GetClassInfoW
GetClassInfoA
GetCaretPos
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EndPaint
EndDeferWindowPos
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextW
DrawTextA
DrawMenuBar
DrawIconEx
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DestroyAcceleratorTable
DeleteMenu
DefWindowProcW
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreateWindowExW
CreateWindowExA
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableA
CountClipboardFormats
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
KillTimer
IsZoomed
IsWindowVisible
GetWindowTextW
IsWindowUnicode
CharUpperBuffA
CharToOemA
CharNextA
CharLowerBuffA
CharLowerA
CallWindowProcW
CallWindowProcA
CallNextHookEx
BeginPaint
BeginDeferWindowPos
AdjustWindowRectEx
GetKeyboardLayoutList

gdi32

CreatePalette
CreateICA
CreateHalftonePalette
CreateFontIndirectA
CreateEnhMetaFileA
CreateDIBSection
CreatePatternBrush
CreatePenIndirect
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontsA
ExcludeClipRect
ExtCreatePen
ExtTextOutA
ExtTextOutW
GdiFlush
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDeviceCaps
GetDIBColorTable
CreateDIBitmap
GetEnhMetaFileBits
GetEnhMetaFileDescriptionA
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetMapMode
GetNearestColor
GetNearestPaletteIndex
GetObjectA
GetPaletteEntries
GetPixel
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentPointA
GetTextMetricsA
GetWindowOrgEx
GetWinMetaFileBits
IntersectClipRect
LineTo
LPtoDP
MaskBlt
MoveToEx
PatBlt
Pie
PlayEnhMetaFile
PolyBezier
Polygon
Polyline
PolyPolyline
RealizePalette
Rectangle
RectVisible
RemoveFontResourceA
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetEnhMetaFileBits
SetMapMode
SetPixel
SetROP2
SetStretchBltMode
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
SetWinMetaFileBits
StartDocA
StartPage
StretchBlt
StretchDIBits
TextOutA
UnrealizeObject
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CombineRgn
CloseEnhMetaFile
Chord
BitBlt
GetDIBits
Arc

winspool.drv

ClosePrinter
EnumPrintersA
DocumentPropertiesA
OpenPrinterA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
ChooseColorA
PrintDlgA

advapi32

RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegOpenKeyExW
RegFlushKey

shell32

DragAcceptFiles
DragQueryFileA
ShellExecuteA
DragFinish

ole32

OleLoad
OleInitialize
OleSetContainedObject
OleSetMenuDescriptor
OleUninitialize
ProgIDFromCLSID
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
StringFromCLSID
OleGetIconOfClass
OleDraw
OleCreateLinkToFile
OleCreateLinkFromData
OleCreateFromFile
OleCreateFromData
IsAccelerator
GetHGlobalFromILockBytes
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoRegisterClassObject
CoInitialize
CoGetClassObject
CoCreateInstance
CLSIDFromString
OleSave

oleaut32

VariantClear
VariantChangeType
SysReAllocStringLen
SysFreeString
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayCreate
SafeArrayAccessData
RegisterTypeLi
GetErrorInfo
LoadTypeLi
VariantCopyInd
VariantInit

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 29.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.elf0
Size: 647KB - Virtual size: 646KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3a7dfc1c8ace9532528ca3bda93fe01

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

0f:ab:1e:e0:63:7a:b9:84:8e:94:42:83:64:1d:2e:24Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

0f:ab:1e:e0:63:7a:b9:84:8e:94:42:83:64:1d:2e:24Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

fe:73:51:a6:0c:19:06:a4:55:66:d8:d5:c5:fa:01:f9:0b:f6:51:f4:01:d3:62:92:d2:5e:2d:72:af:0e:df:62Signer

de:ae:9a:41:e0:cc:e9:f9:a2:c3:4c:3d:84:e9:09:f8:e2:dd:fb:9bSigner

Headers

File Characteristics

Imports

msvcrt

comctl32

version

wininet

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 1KB - Virtual size: 29.9MB

.tls Size: 5KB - Virtual size: 4KB

.elf0 Size: 647KB - Virtual size: 646KB

.rsrc Size: 8.5MB - Virtual size: 8.5MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0f:ab:1e:e0:63:7a:b9:84:8e:94:42:83:64:1d:2e:24
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

0f:ab:1e:e0:63:7a:b9:84:8e:94:42:83:64:1d:2e:24
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

fe:73:51:a6:0c:19:06:a4:55:66:d8:d5:c5:fa:01:f9:0b:f6:51:f4:01:d3:62:92:d2:5e:2d:72:af:0e:df:62
Signer

de:ae:9a:41:e0:cc:e9:f9:a2:c3:4c:3d:84:e9:09:f8:e2:dd:fb:9b
Signer

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 1KB - Virtual size: 29.9MB

.tls
Size: 5KB - Virtual size: 4KB

.elf0
Size: 647KB - Virtual size: 646KB

.rsrc
Size: 8.5MB - Virtual size: 8.5MB