b0a3529727a518e6883ee9c172ba466e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b0a3529727a518e6883ee9c172ba466e_JaffaCakes118
Size

888KB
MD5

b0a3529727a518e6883ee9c172ba466e
SHA1

d97157423d185c7400dcff9a4d10c5ba1366a6c2
SHA256

3b4ba989d96419576bda4f1d5f611ef11279b2d78ea68528dd565754ed0feeb9
SHA512

5a93e2d28bd17e1dcb0efdfda060f22e20212bd0ca6d053305566f3ad6d1bafde4fa80f301475236a335ffe74d327bceb52e0ddfa86caae2f8589631ac9359e4
SSDEEP

12288:H0J0rMzAQCrxWmTX4t8qE/OsLKszxZ9dE9olGmn+p:rqDcxuwOsLzx/dE9olGw+p

Score

1^/10

Malware Config

Signatures

Files

b0a3529727a518e6883ee9c172ba466e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

37c6b332e3c19f5cbe9737cbf4bd4d37

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:9e:69:da:6c:26:93:e3:29:7b:6f:e4:5d:78:eb:e1
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

23/06/2009, 00:00

Not After

03/08/2011, 23:59

Subject

CN=Lexmark International\, Inc.,OU=PS&SD BUSINESS SOFTWARE & SOLUTIONS,O=Lexmark International\, Inc.,L=Lexington,ST=Kentucky,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

06:f7:5a:2a:ec:55:6a:6b:5d:cf:1a:3f:55:b4:cd:d8:c6:ee:54:a6
Signer

Actual PE Digest

06:f7:5a:2a:ec:55:6a:6b:5d:cf:1a:3f:55:b4:cd:d8:c6:ee:54:a6

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

w:\sources\xfiles_nf_pp_svn\xfiles_nf_pp_svn_3_9_2010_GetCachePrinter_FWUpdater_fix\1\xfiles\xfiles\Release\pswx.pdb

Imports

kernel32

GetPrivateProfileIntA
GetWindowsDirectoryA
CreateFileA
ReadFile
GetFileSize
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
WriteFile
PeekNamedPipe
WaitForSingleObject
SetEvent
CreateEventA
GetFileType
SystemTimeToFileTime
GetSystemTime
GetVersionExA
GetSystemDirectoryA
ProcessIdToSessionId
FormatMessageA
GetComputerNameA
ExitThread
WritePrivateProfileStringA
GlobalAlloc
GlobalFree
CreateThread
CloseHandle
Sleep
LeaveCriticalSection
EnterCriticalSection
OpenMutexA
CreateMutexA
ReleaseMutex
OpenEventA
ResetEvent
DeleteFileA
SetThreadPriority
GetExitCodeThread
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
OpenFile
_lclose
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
DeleteCriticalSection
GetCurrentProcess
TerminateProcess
InitializeCriticalSection
GetModuleHandleA
GetModuleFileNameA
lstrcpyA
ExpandEnvironmentStringsA
lstrcpynA
CreateDirectoryA
GetLastError
LoadLibraryA
GetProcAddress
lstrcatA
lstrlenA
lstrcmpA
FreeLibrary
_lread
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapFree
HeapAlloc
ExitProcess
GetCommandLineA
GetProcessHeap
GetStartupInfoA
LCMapStringA
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
HeapSize
SetHandleCount
GetStdHandle
GetACP
GetOEMCP
IsValidCodePage
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
VirtualAlloc
HeapReAlloc
SetConsoleCtrlHandler
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
CreateFileW

user32

CharUpperBuffA
CharLowerA
DispatchMessageA
TranslateMessage
PeekMessageA
SendMessageA
FindWindowA
wsprintfA
PostMessageA
SetWindowTextA
GetMessageA
SetTimer
DefWindowProcA
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
ShowWindow
UpdateWindow
CharNextA
SetWindowPos
IsWindow
KillTimer
PostQuitMessage

gdi32

GetStockObject

winspool.drv

GetPrinterDriverDirectoryA
EndDocPrinter
EndPagePrinter
WritePrinter
StartPagePrinter
StartDocPrinterA
ClosePrinter
GetPrinterA
OpenPrinterA
GetPrinterDataA
SetJobA
GetJobA
EnumPrintersA

advapi32

RegSetValueExA
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
IsValidSid
GetLengthSid
GetAce
AllocateAndInitializeSid
InitializeSecurityDescriptor
FreeSid
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCreateKeyA
RegSetValueA
RegCloseKey
RegFlushKey
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
RegEnumValueA
SetSecurityInfo
GetSecurityDescriptorDacl
SetKernelObjectSecurity

Sections

.text
Size: 732KB - Virtual size: 728KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37c6b332e3c19f5cbe9737cbf4bd4d37

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

37:9e:69:da:6c:26:93:e3:29:7b:6f:e4:5d:78:eb:e1Certificate

Extended Key Usages

06:f7:5a:2a:ec:55:6a:6b:5d:cf:1a:3f:55:b4:cd:d8:c6:ee:54:a6Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

Sections

.text Size: 732KB - Virtual size: 728KB

.rdata Size: 120KB - Virtual size: 117KB

.data Size: 12KB - Virtual size: 26KB

.idata Size: 8KB - Virtual size: 6KB

.rsrc Size: 8KB - Virtual size: 6KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

37:9e:69:da:6c:26:93:e3:29:7b:6f:e4:5d:78:eb:e1
Certificate

06:f7:5a:2a:ec:55:6a:6b:5d:cf:1a:3f:55:b4:cd:d8:c6:ee:54:a6
Signer

.text
Size: 732KB - Virtual size: 728KB

.rdata
Size: 120KB - Virtual size: 117KB

.data
Size: 12KB - Virtual size: 26KB

.idata
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 6KB