a67f37f45654a1d755eab97cfa2dfdfa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a67f37f45654a1d755eab97cfa2dfdfa_JaffaCakes118
Size

417KB
MD5

a67f37f45654a1d755eab97cfa2dfdfa
SHA1

2ca19a57412d712337d544350dec605966943951
SHA256

2fd154510f7c2e5a2239cc2d25935012010c7aec1591c0db03e0adbd6ee52ac8
SHA512

786abcfc03458045a0ce77a88613dd9987f323a0ee6c6271b0cc0336f7d9da37d47d5bd416054f56f715ab590e9028aa32584252e894cb09ee07692501b489de
SSDEEP

12288:cm+MtB9Azzq9Oie/KvQXejATWIFLwxUKbiwdU:cm+Mbe/5ejse/O

Score

1^/10

Malware Config

Signatures

Files

a67f37f45654a1d755eab97cfa2dfdfa_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fe1f59ac8f0172df808eb2d82c316461

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:57:2d:47:62:fc:6c:6a:b0:c3:2e:86:2c:30:2b:8f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

05/09/2007, 00:00

Not After

25/09/2008, 23:59

Subject

CN=Acronis\, Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarter,O=Acronis\, Inc,L=South San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a2:6d:9b:73:38:3a:e4:fa:9d:cf:d1:17:06:45:09:4c:34:6e:fa:f5
Signer

Actual PE Digest

a2:6d:9b:73:38:3a:e4:fa:9d:cf:d1:17:06:45:09:4c:34:6e:fa:f5

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\bs\co\ti11rc\exe\vs\release\schedul2.pdb

Imports

rpcrt4

NdrConformantArrayMarshall
I_RpcGetBuffer
NdrConformantArrayBufferSize
NdrConformantArrayUnmarshall
NdrConvert
NdrServerInitializeNew
RpcServerUnregisterIf
RpcRaiseException
RpcServerUseProtseqEpA
RpcServerRegisterIf
RpcServerListen
RpcImpersonateClient
RpcRevertToSelf

advapi32

GetSidSubAuthority
SetSecurityDescriptorOwner
StartServiceA
RegOpenKeyExW
RegEnumKeyExW
SetThreadToken
GetFileSecurityW
GetSecurityDescriptorOwner
SetFileSecurityW
GetUserNameW
RegEnumValueW
RegSetValueExA
RegDeleteValueA
RegQueryValueExA
AllocateAndInitializeSid
FreeSid
LookupAccountSidW
RegSetKeySecurity
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
OpenThreadToken
GetUserNameA
RegQueryValueExW
GetTokenInformation
AllocateLocallyUniqueId
RegSetValueExW
RevertToSelf
ImpersonateLoggedOnUser
LogonUserW
CreateProcessAsUserW
SetTokenInformation
SetKernelObjectSecurity
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RegCreateKeyExW
RegDeleteValueW
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
OpenProcessToken
IsValidSid
AdjustTokenPrivileges
LookupPrivilegeValueA
CopySid
GetLengthSid
LookupPrivilegeNameW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
QueryServiceConfigW
QueryServiceStatus
OpenServiceW
RegDeleteKeyA
RegDeleteKeyW

kernel32

LCMapStringW
GetStringTypeA
GetStringTypeW
CreateEventA
CloseHandle
SetEvent
GetVersion
Sleep
TerminateProcess
GetCurrentProcess
WaitForMultipleObjects
TerminateThread
WaitForSingleObject
GetLastError
lstrcmpiW
ReadProcessMemory
OpenProcess
lstrcmpiA
GetCurrentThread
FreeLibrary
GetProcAddress
LoadLibraryA
GetDiskFreeSpaceExA
SetLastError
GetExitCodeProcess
GetComputerNameW
CreateProcessA
GetTimeZoneInformation
LocalFree
FormatMessageW
FormatMessageA
FindClose
FindNextFileA
FindFirstFileA
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
CreateProcessW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ResetEvent
LocalAlloc
GetTickCount
CreateFileW
HeapFree
HeapAlloc
GetProcessHeap
FindNextFileW
FindFirstFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetTempPathW
GetTempFileNameW
GetLogicalDriveStringsW
GetDriveTypeW
GetSystemDirectoryW
GetWindowsDirectoryW
QueryPerformanceCounter
CreateDirectoryW
RemoveDirectoryW
GetFileAttributesW
SetFileAttributesW
DeleteFileW
CopyFileW
MoveFileW
MoveFileExW
GetFullPathNameW
OutputDebugStringW
ExpandEnvironmentStringsW
LoadLibraryW
LoadLibraryExW
GetStartupInfoW
SetComputerNameW
GetModuleFileNameW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
WriteConsoleW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetSystemInfo
WriteConsoleA
GetConsoleOutputCP
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateFileA
GetTempPathA
GetTempFileNameA
GetLogicalDriveStringsA
GetDriveTypeA
GetSystemDirectoryA
GetWindowsDirectoryA
GetShortPathNameA
CreateDirectoryA
RemoveDirectoryA
GetFileAttributesA
SetFileAttributesA
DeleteFileA
CopyFileA
MoveFileA
GetFullPathNameA
OutputDebugStringA
ExpandEnvironmentStringsA
LoadLibraryExA
GetStartupInfoA
GetModuleFileNameA
GetComputerNameA
GetLocaleInfoA
GetTimeFormatA
GetDateFormatA
GetNumberFormatA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetLogicalDrives
SetFileApisToANSI
SetErrorMode
GetCurrentThreadId
FindCloseChangeNotification
FindNextChangeNotification
ReadFile
WriteFile
FlushFileBuffers
SetFilePointer
SetEndOfFile
LockFileEx
UnlockFileEx
SetProcessWorkingSetSize
GetProcessWorkingSetSize
DeviceIoControl
SetFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
CompareStringW
FindFirstChangeNotificationW
GetVolumeInformationW
GetDiskFreeSpaceW
GetCompressedFileSizeW
GetFileInformationByHandle
CompareStringA
FindFirstChangeNotificationA
GetDiskFreeSpaceA
GetVolumeInformationA
WritePrivateProfileStringA
EnumResourceLanguagesW
LockResource
LoadResource
FindResourceExW
ExitThread
GetSystemDefaultLangID
EnumResourceNamesW
GetSystemTimeAsFileTime
BackupRead
BackupWrite
GetFileTime
LCMapStringA
VirtualProtect
SetStdHandle
IsBadCodePtr
GetCPInfo
GetOEMCP
GetACP
IsBadWritePtr
VirtualAlloc
VirtualQuery
InterlockedExchange
HeapSize
HeapReAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
IsBadReadPtr
CreateThread
ExitProcess
RaiseException
RtlUnwind
GetVersionExA
GetCommandLineA
GetCurrentProcessId
CreateSemaphoreA
ReleaseSemaphore
GetShortPathNameW
SetComputerNameA

user32

VkKeyScanW
VkKeyScanExW
WinHelpW
SendNotifyMessageA
CreateDialogIndirectParamA
SystemParametersInfoW
CharUpperBuffA
CharUpperBuffW
VkKeyScanExA
VkKeyScanA
WinHelpA
GetClipboardFormatNameA
SystemParametersInfoA
SetWindowTextA
ModifyMenuA
AppendMenuA
RegisterClassExA
RegisterClipboardFormatA
PeekMessageA
CharUpperA
SetWindowTextW
ModifyMenuW
AppendMenuW
GetClipboardFormatNameW
RegisterClipboardFormatW
DispatchMessageW
PeekMessageW
CreateDialogIndirectParamW
PostMessageW
SendNotifyMessageW
SendMessageW
SetWindowLongW
GetWindowLongW
DefWindowProcW
RegisterClassExW
PostMessageA
wsprintfW
KillTimer
PostQuitMessage
RegisterClassA
CreateWindowExA
SetWindowLongA
GetMessageA
TranslateMessage
DispatchMessageA
SetTimer
SendMessageA
GetWindowLongA
DefWindowProcA

gdi32

EnumFontFamiliesExA
CreateFontIndirectA
GetTextMetricsA
EnumFontFamiliesExW
CreateFontIndirectW
GetTextMetricsW

shell32

Shell_NotifyIconA
SHGetPathFromIDListA
ShellExecuteA
SHGetFileInfoA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteExW
ShellExecuteW
ShellExecuteExA

comdlg32

GetSaveFileNameW
GetOpenFileNameA
GetSaveFileNameA
GetOpenFileNameW

mpr

WNetCancelConnection2W
WNetEnumResourceW
WNetOpenEnumW
WNetGetUniversalNameW
WNetAddConnection3W
WNetGetUniversalNameA
WNetAddConnection3A
WNetCloseEnum

ole32

CoInitialize
OleInitialize
CoCreateInstance
OleUninitialize
CoUninitialize

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe1f59ac8f0172df808eb2d82c316461

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

06:57:2d:47:62:fc:6c:6a:b0:c3:2e:86:2c:30:2b:8fCertificate

Extended Key Usages

Key Usages

a2:6d:9b:73:38:3a:e4:fa:9d:cf:d1:17:06:45:09:4c:34:6e:fa:f5Signer

Headers

File Characteristics

PDB Paths

Imports

rpcrt4

advapi32

kernel32

user32

gdi32

shell32

comdlg32

mpr

ole32

version

Sections

.text Size: 312KB - Virtual size: 311KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 26KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

06:57:2d:47:62:fc:6c:6a:b0:c3:2e:86:2c:30:2b:8f
Certificate

a2:6d:9b:73:38:3a:e4:fa:9d:cf:d1:17:06:45:09:4c:34:6e:fa:f5
Signer

.text
Size: 312KB - Virtual size: 311KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 26KB