afec6f2f69d9a7b424711e347c671d57_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

afec6f2f69d9a7b424711e347c671d57_JaffaCakes118
Size

6.0MB
MD5

afec6f2f69d9a7b424711e347c671d57
SHA1

28be86b75c740255171b73ad0e77c0e534348465
SHA256

4d4209970a133f2e85b9a6f8feaf59acb0c20401d21054a497fc4f2ecce4b20f
SHA512

b6765a5e5ce818c978bbb687f9d7a7630ebb73b600dbfbf9f6a4d0342dedc361fc641eba79ef9049291731cd5bcf4d85b1a6482c9507d3527e216350e34624af
SSDEEP

98304:VetXJq09Bxk8BydzBg18kuwx3vFmBiQ7R4b+OpMM7rLQKIRxp5sIK4VF:VeR9BxLBydiuwxxEJOpT7rUR1sdEF

Score

1^/10

Malware Config

Signatures

Files

afec6f2f69d9a7b424711e347c671d57_JaffaCakes118
.exe windows:4 windows x86 arch:x86

594b9ee1486fd3c6c3ec979b0c1c1f43

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:bf:83:01:e5:57:fb:ae:b4:94:18:9a:b1:60:f0:5c
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14/03/2007, 00:16

Not After

13/03/2008, 00:16

Subject

CN=WildTangent Inc,OU=Product Development,O=WildTangent Inc,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime
PlaySoundA

dinput8

DirectInput8Create

kernel32

GetVolumeInformationA
HeapFree
HeapAlloc
IsBadReadPtr
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
FormatMessageA
LockFile
UnlockFile
lstrcpyA
EnumResourceLanguagesA
ConvertDefaultLocale
lstrcmpA
GlobalDeleteAtom
GlobalAddAtomA
lstrcmpW
lstrcatA
GlobalFindAtomA
GlobalGetAtomNameA
GlobalFlags
GlobalReAlloc
GlobalHandle
LocalReAlloc
TlsFree
SetErrorMode
GetFileTime
GetCPInfo
GetOEMCP
DeviceIoControl
ExitProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetSystemTimeAsFileTime
GetFileType
GetStartupInfoA
GetCommandLineA
GetDriveTypeA
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetHandleCount
GetStdHandle
SetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEnvironmentVariableA
SetLastError
WritePrivateProfileStringA
VirtualProtectEx
TlsAlloc
TlsSetValue
TlsGetValue
FlushFileBuffers
MoveFileA
GetFileAttributesExA
GetCurrentDirectoryA
GetCurrentThread
SetThreadAffinityMask
QueryPerformanceCounter
QueryPerformanceFrequency
GetWindowsDirectoryA
LocalAlloc
LocalFree
DuplicateHandle
GetPrivateProfileStringA
FileTimeToSystemTime
GetFileSize
SetEndOfFile
SetFilePointer
WriteFile
ReadFile
GetSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
TerminateThread
GetFullPathNameA
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
DosDateTimeToFileTime
CreateDirectoryA
FindNextFileA
FindFirstFileA
CopyFileA
CompareStringA
CompareStringW
GetVersion
EnumResourceNamesA
CreateThread
DeleteFileA
ReleaseMutex
CreateMutexA
ResumeThread
GetCurrentProcess
VirtualAllocEx
WriteProcessMemory
LoadLibraryA
CreateRemoteThread
VirtualFreeEx
GetCurrentProcessId
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FreeResource
MulDiv
LoadLibraryW
GetProcAddress
FindFirstFileW
FindNextFileW
FindClose
GetModuleFileNameW
GetFileAttributesW
GetNumberFormatW
GetDateFormatW
GetUserDefaultLCID
GetUserGeoID
GetUserDefaultUILanguage
GetSystemDefaultLangID
GetLocaleInfoW
EnterCriticalSection
LeaveCriticalSection
RaiseException
DeleteCriticalSection
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
GetLastError
MultiByteToWideChar
GetModuleFileNameA
lstrlenA
GetModuleHandleA
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
OpenProcess
OpenThread
GetExitCodeProcess
CreateEventA
TerminateProcess
ResetEvent
SetEvent
SetUnhandledExceptionFilter
IsDebuggerPresent
WaitForSingleObject
Sleep
WideCharToMultiByte
lstrlenW
CreateFileA
GetTickCount
GetCurrentThreadId
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
GetFileAttributesA
CreateProcessA
CloseHandle
RtlUnwind

user32

PostThreadMessageA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
SetRect
IsRectEmpty
GetSysColorBrush
DestroyMenu
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
IsChild
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
UpdateWindow
GetMenu
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
CopyRect
RegisterWindowMessageA
RegisterClipboardFormatA
SetWindowContextHelpId
MapDialogRect
SetMenuItemBitmaps
ModifyMenuA
CheckMenuItem
GetMenuCheckMarkDimensions
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
MessageBoxA
GetLastActivePopup
UnhookWindowsHookEx
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetMenuState
GetSubMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
EndDialog
GetWindowTextA
GetFocus
SetWindowPos
IsWindowEnabled
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
GetWindowLongA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GetWindow
ChangeDisplaySettingsA
EnumDisplaySettingsA
GetDC
ReleaseDC
CharUpperA
EnableWindow
EnableMenuItem
SetWindowRgn
GetClientRect
IsIconic
DrawIcon
InvalidateRect
SendMessageA
SetTimer
GetSystemMenu
InsertMenuA
GetMenuItemCount
LoadIconA
LoadStringW
MessageBoxW
CharLowerBuffA
OffsetRect
SetCapture
ReleaseCapture
LoadCursorA
SetCursor
IsWindow
GetCursorPos
PtInRect
LoadBitmapA
CharLowerBuffW
UnregisterClassA
CharNextA
PostQuitMessage
wsprintfA
FindWindowExA
SetWindowPlacement
WaitForInputIdle
SystemParametersInfoA
MoveWindow
GetClassNameA
PostMessageA
ShowWindow
GetWindowPlacement
SendInput
GetLastInputInfo
GetForegroundWindow
AttachThreadInput
SetForegroundWindow
SetFocus
FindWindowA
EnumWindows
GetWindowThreadProcessId
IsWindowVisible
GetWindowRect
GetSystemMetrics
IntersectRect
GetParent
GetMenuItemID

gdi32

ScaleViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetRgnBox
GetTextColor
GetBkColor
GetMapMode
CreateRectRgnIndirect
GetStockObject
CreateBitmap
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
CreateCompatibleDC
SetViewportExtEx
GetObjectA
GetWindowExtEx
GetViewportExtEx
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateRectRgn
CreateRoundRectRgn
BitBlt
GetDeviceCaps
SetWindowExtEx

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegCloseKey
GetUserNameA
RegSetKeySecurity
ImpersonateSelf
RevertToSelf

shell32

SHGetSpecialFolderPathA
ShellExecuteExA
SHGetFileInfoA
SHFileOperationA

comctl32

ord17

shlwapi

PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathFileExistsA
PathFindFileNameA

oledlg

ord8

ole32

StgCreateDocfileOnILockBytes
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance
CoRevokeClassObject
StringFromCLSID
CoCreateGuid
CLSIDFromString
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoTaskMemRealloc

oleaut32

DispCallFunc
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopy
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
SysAllocStringLen
SysAllocString
OleLoadPicture
SysStringLen
LoadTypeLi
LoadRegTypeLi
SysFreeString
VarUI4FromStr
VariantClear
VariantInit

urlmon

URLDownloadToCacheFileA

ws2_32

WSAStartup
gethostname
gethostbyname
WSACleanup
ntohl

wininet

HttpOpenRequestA
InternetGetLastResponseInfoA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
HttpAddRequestHeadersA
HttpQueryInfoA
HttpSendRequestA
InternetQueryOptionA

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 600KB - Virtual size: 597KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pecode
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pccode
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.phs
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

594b9ee1486fd3c6c3ec979b0c1c1f43

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

10:bf:83:01:e5:57:fb:ae:b4:94:18:9a:b1:60:f0:5cCertificate

Extended Key Usages

Signer

Headers

File Characteristics

Imports

winmm

dinput8

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

ws2_32

wininet

iphlpapi

Sections

.text Size: 600KB - Virtual size: 597KB

.pecode Size: 56KB - Virtual size: 54KB

.pccode Size: 8KB - Virtual size: 4KB

.rdata Size: 160KB - Virtual size: 156KB

.data Size: 16KB - Virtual size: 39KB

.phs Size: 4KB - Virtual size: 1KB

.rsrc Size: 52KB - Virtual size: 51KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

10:bf:83:01:e5:57:fb:ae:b4:94:18:9a:b1:60:f0:5c
Certificate

.text
Size: 600KB - Virtual size: 597KB

.pecode
Size: 56KB - Virtual size: 54KB

.pccode
Size: 8KB - Virtual size: 4KB

.rdata
Size: 160KB - Virtual size: 156KB

.data
Size: 16KB - Virtual size: 39KB

.phs
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 52KB - Virtual size: 51KB