ac787b29663bc627d65a4efbaaee0b2a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ac787b29663bc627d65a4efbaaee0b2a_JaffaCakes118
Size

1.3MB
MD5

ac787b29663bc627d65a4efbaaee0b2a
SHA1

ddebcd520d5c8e4fb14b0b5d28ab24ed3982d10e
SHA256

3fc52d9d7c79884dedf8a0c70596477890b5b76aa9d4b969632ef81c8460430e
SHA512

60060f957d6999fbc09427614604a2c0c192c3caa3edf2ff36b775266ae85ce10d8b4faf703b2de8f1a89e266a05ef2dc2f18dd3cae556ff76e339da8f5eb1b3
SSDEEP

24576:ELG8Fg+7hGibNVzlEP0xCiwm1nZ/ERaVukUSwc3px5Sr:+JEPBm1ZfASwcZur

Score

1^/10

Malware Config

Signatures

Files

ac787b29663bc627d65a4efbaaee0b2a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d10c9c75b804450ec8854da84386be8f

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:75:5d:01:68:68:5a:2f:99:74:67:05:73:06:8d:75
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

05/04/2006, 00:00

Not After

05/04/2007, 23:59

Subject

CN=Nous-Tech Solutions Ltd.,OU=Secure Application Development,O=Nous-Tech Solutions Ltd.,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

fc:30:4a:b8:80:3f:25:41:8c:15:6c:6e:d8:f2:ad:85:e8:2c:a5:73
Signer

Actual PE Digest

fc:30:4a:b8:80:3f:25:41:8c:15:6c:6e:d8:f2:ad:85:e8:2c:a5:73

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\My Projects\Asw2\Skins\UltimateDefender.com\App\Demo-Release\App.pdb

Imports

wininet

InternetGetConnectedState
InternetCanonicalizeUrlA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA
HttpOpenRequestA
InternetConnectA
HttpSendRequestExA
HttpEndRequestA
HttpSendRequestA
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
HttpQueryInfoA
InternetQueryDataAvailable
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
FindCloseUrlCache

kernel32

FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
lstrcpyA
GetFullPathNameA
SuspendThread
EnterCriticalSection
LeaveCriticalSection
EnumResourceLanguagesA
ConvertDefaultLocale
lstrcmpA
GlobalFlags
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetCPInfo
GetOEMCP
SetErrorMode
GetCurrentDirectoryA
GetTickCount
ExitProcess
RtlUnwind
GetDateFormatA
IsBadReadPtr
HeapFree
HeapAlloc
HeapReAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
GetStartupInfoA
ExitThread
HeapSize
SetStdHandle
GetFileType
SetUnhandledExceptionFilter
GetTimeZoneInformation
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStringTypeA
GetStringTypeW
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEnvironmentVariableA
GetLocaleInfoW
GetFileTime
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
SetLastError
FormatMessageA
lstrcpynA
Module32Next
SetFilePointerEx
SearchPathA
GetSystemInfo
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
LocalAlloc
LocalFree
FindFirstChangeNotificationA
FindNextChangeNotification
FindCloseChangeNotification
ReleaseMutex
CreateMutexA
MoveFileExA
CreateMailslotA
WritePrivateProfileStringA
Module32First
TerminateProcess
GetFileInformationByHandle
GetVolumeInformationA
GetCommandLineA
ExpandEnvironmentStringsA
InterlockedDecrement
InterlockedIncrement
DeviceIoControl
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemDirectoryA
RemoveDirectoryA
CreateDirectoryA
SetFileAttributesA
GetFileAttributesA
CompareStringW
CompareStringA
lstrcmpiA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentThreadId
GlobalAddAtomA
GetVersion
ResumeThread
GetCurrentProcess
SetFilePointer
GetFileSize
SetEndOfFile
GetCurrentThread
GetTempPathA
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
CancelWaitableTimer
LocalFileTimeToFileTime
SetThreadPriority
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetWindowsDirectoryA
MulDiv
FreeResource
GlobalLock
GlobalFree
GlobalUnlock
GlobalAlloc
CreateThread
TerminateThread
ReadFile
MoveFileA
GetCurrentProcessId
CreateEventA
CreateProcessA
GetSystemTime
Sleep
WaitForSingleObject
ResetEvent
SetEvent
GetLogicalDrives
GetDriveTypeA
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
GlobalDeleteAtom
lstrlenA
SetCurrentDirectoryA
DeleteFileA
GetLastError
GetModuleFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
GetFileAttributesExA
CreateFileA
WriteFile
CloseHandle
FindResourceExA
GetModuleHandleA
WideCharToMultiByte
FindNextFileA
FindFirstFileA
FindClose
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetTimeFormatA
GetProcessHeap

user32

BringWindowToTop
SetMenu
GetDesktopWindow
TranslateAcceleratorA
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
IsWindowEnabled
ShowWindow
MoveWindow
IsDialogMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
IsWindowVisible
GetMenu
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
GetDlgCtrlID
InsertMenuItemA
GetWindowLongA
SetWindowLongA
IsIconic
GetWindowPlacement
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CharNextA
OpenClipboard
EmptyClipboard
CloseClipboard
UnregisterClassA
CharUpperA
RegisterClassExA
CreateWindowExA
GetMessageA
DispatchMessageA
TranslateMessage
CreatePopupMenu
AppendMenuA
TrackPopupMenu
DestroyMenu
DefWindowProcA
MessageBoxA
SetForegroundWindow
ExitWindowsEx
SystemParametersInfoA
CopyIcon
GetCursorPos
IsWindow
FrameRect
DestroyCursor
ShowCaret
HideCaret
SetCaretPos
CreateCaret
IntersectRect
GetSysColor
FillRect
GetWindowRect
OffsetRect
InflateRect
SetWindowPos
GetKeyState
GrayStringA
LoadAcceleratorsA
ReuseDDElParam
UnpackDDElParam
GetActiveWindow
LoadMenuA
wsprintfA
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamA
ValidateRect
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
DrawTextExA
TabbedTextOutA
SetRectEmpty
ReleaseCapture
SetCapture
GetDlgItem
SetWindowTextA
RegisterWindowMessageA
LoadImageA
PostThreadMessageA
RegisterHotKey
GetSysColorBrush
RegisterClipboardFormatA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
CallWindowProcA
SetRect
VkKeyScanA
LoadBitmapA
PostQuitMessage
GetSystemMetrics
AdjustWindowRect
LoadIconA
KillTimer
SetTimer
UpdateWindow
ScreenToClient
CopyRect
LoadCursorA
DrawTextA
SetCursor
InvalidateRect
ReleaseDC
GetDC
GetClientRect
PtInRect
SendMessageA
EnableWindow
GetParent
PostMessageA
IsRectEmpty
GetMenuItemInfoA
DeferWindowPos

gdi32

CreateFontIndirectA
GetTextExtentPoint32A
GetTextColor
GetRgnBox
RestoreDC
SaveDC
GetClipBox
CreateRectRgnIndirect
SetPixel
GetPixel
MoveToEx
LineTo
CreatePen
GetObjectA
CreateBitmap
SetMapMode
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
ExcludeClipRect
CreateCompatibleBitmap
CreateFontA
CreatePolygonRgn
SetBkMode
SetTextColor
SelectObject
SetBkColor
SetDIBits
CreateDCA
GetDeviceCaps
StretchBlt
CreateSolidBrush
DeleteObject
GetStockObject
CreateICA
DeleteDC
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
BitBlt
LPtoDP
DPtoLP
GetWindowExtEx
GetViewportExtEx
GetMapMode
GetBkColor
CreateCompatibleDC

msimg32

TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegNotifyChangeKeyValue
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
GetUserNameA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AdjustTokenPrivileges
LookupPrivilegeValueA
RegQueryValueA
RegOpenKeyA
RegDeleteValueA
RegEnumKeyA
RegDeleteKeyA
OpenProcessToken

shell32

ShellExecuteA
SHChangeNotify
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHEmptyRecycleBinA
DragFinish
DragQueryFileA
Shell_NotifyIconA

comctl32

_TrackMouseEvent
ImageList_Add
ImageList_Create
ImageList_Destroy
ord17
ImageList_Draw
ImageList_GetImageInfo

shlwapi

SHCopyKeyA
PathUnquoteSpacesA
PathMatchSpecA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
SHDeleteKeyA
PathFindFileNameA

oledlg

ord8

ole32

CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoRegisterMessageFilter
OleInitialize
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoFreeUnusedLibraries

oleaut32

OleCreateFontIndirect
SysAllocString
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
SysAllocStringByteLen
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysFreeString
OleLoadPicture

ws2_32

WSCEnumProtocols
WSCGetProviderPath
WSCDeinstallProvider
WSAStartup

netapi32

Netbios

rasapi32

RasHangUpA
RasConnectionNotificationA
RasEnumEntriesA
RasGetEntryPropertiesA
RasEnumConnectionsA

Sections

.text
Size: 924KB - Virtual size: 923KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d10c9c75b804450ec8854da84386be8f

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

3e:75:5d:01:68:68:5a:2f:99:74:67:05:73:06:8d:75Certificate

Extended Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

fc:30:4a:b8:80:3f:25:41:8c:15:6c:6e:d8:f2:ad:85:e8:2c:a5:73Signer

Headers

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

netapi32

rasapi32

Sections

.text Size: 924KB - Virtual size: 923KB

.rdata Size: 212KB - Virtual size: 209KB

.data Size: 56KB - Virtual size: 77KB

.rsrc Size: 136KB - Virtual size: 133KB

01
Certificate

0a
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

3e:75:5d:01:68:68:5a:2f:99:74:67:05:73:06:8d:75
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

fc:30:4a:b8:80:3f:25:41:8c:15:6c:6e:d8:f2:ad:85:e8:2c:a5:73
Signer

.text
Size: 924KB - Virtual size: 923KB

.rdata
Size: 212KB - Virtual size: 209KB

.data
Size: 56KB - Virtual size: 77KB

.rsrc
Size: 136KB - Virtual size: 133KB