b1ede91e7c0e3574d3837755273e507c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b1ede91e7c0e3574d3837755273e507c_JaffaCakes118
Size

1.3MB
MD5

b1ede91e7c0e3574d3837755273e507c
SHA1

0406ba3c240c62cff84eb8d1a380844c54e2371e
SHA256

c4f6abd010c6720e72884bb0f697f559ae12c5fb5364bb3976fd0cc01060ba4b
SHA512

1337610de1b071510cfb08b1d55eb19c1cea5065af148cf8dbf6bf66a399819f4b18b03bde27cd73a420f21a588da60c5684d216a40a1c78599ebe6ccf042044
SSDEEP

12288:IQ30T7f5PNfrlAZRCZxuCD9nDotaE2KOlsbFD5uRU2Snco17ZIwZVF0Kzezbhu/b:MF16qZcIn

Score

1^/10

Malware Config

Signatures

Files

b1ede91e7c0e3574d3837755273e507c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c6a7b29cc0ac50e1b00b2659d18991b7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:2f:9c:58:b6:1e:1d:98:33:71:9f:44:9e:43:66:8a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18-05-2009 00:00

Not After

18-05-2010 23:59

Subject

CN=Canon Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Inkjet System Development Center,O=Canon Inc.,L=Kawasaki-shi,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ce:b7:e9:32:69:da:55:30:16:7b:46:51:6e:0c:f9:06:48:24:53:bf
Signer

Actual PE Digest

ce:b7:e9:32:69:da:55:30:16:7b:46:51:6e:0c:f9:06:48:24:53:bf

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\ijsd33\デスクトップ\SMEXb5\Source\SolutionMenuEX\Release\CNSEMAIN.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

mfc80u

ord1591
ord4206
ord4276
ord1118
ord4716
ord3397
ord4256
ord4480
ord5199
ord3943
ord4179
ord2638
ord6271
ord3703
ord5067
ord3713
ord1899
ord3204
ord3712
ord5148
ord2527
ord4238
ord2640
ord1392
ord2534
ord3940
ord2856
ord1608
ord2708
ord1611
ord4301
ord5908
ord2651
ord6063
ord1894
ord2159
ord3756
ord3983
ord6232
ord2155
ord1784
ord1883
ord2366
ord6086
ord1021
ord1922
ord1474
ord4092
ord2080
ord1538
ord6721
ord5911
ord1393
ord4228
ord5210
ord2985
ord4255
ord3165
ord760
ord572
ord591
ord1785
ord2893
ord4347
ord3829
ord1274
ord3590
ord4729
ord1066
ord1155
ord2365
ord1946
ord4094
ord2085
ord6140
ord3238
ord4098
ord6061
ord1156
ord2713
ord5710
ord530
ord722
ord3289
ord6001
ord5440
ord1386
ord6278
ord559
ord747
ord3168
ord6133
ord6167
ord1906
ord334
ord593
ord3249
ord5119
ord5113
ord5566
ord2239
ord3327
ord4475
ord2832
ord5562
ord5209
ord5226
ord4562
ord1299
ord3942
ord5222
ord5220
ord2925
ord1911
ord2167
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord4535
ord3677
ord566
ord757
ord3824
ord5971
ord5956
ord5231
ord5229
ord920
ord925
ord1271
ord929
ord927
ord605
ord931
ord4574
ord356
ord2384
ord2404
ord2388
ord3435
ord2394
ord2392
ord3635
ord2390
ord1925
ord2407
ord2402
ord2386
ord2409
ord2397
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5178
ord5171
ord4884
ord1955
ord2011
ord1647
ord1662
ord1646
ord1661
ord1590
ord1542
ord5196
ord3198
ord2531
ord2725
ord6720
ord2829
ord3383
ord6003
ord5713
ord755
ord564
ord5524
ord5558
ord1147
ord894
ord4101
ord6015
ord896
ord5485
ord2321
ord265
ord4100
ord3990
ord4027
ord284
ord4078
ord1086
ord2460
ord287
ord2261
ord1472
ord2461
ord5711
ord899
ord1178
ord1182
ord5712
ord745
ord557
ord266
ord6002
ord1523
ord6161
ord762
ord6700
ord282
ord1479
ord2311
ord5398
ord2468
ord1176
ord1079
ord1476
ord280
ord774
ord293
ord577
ord283
ord2121
ord776
ord764
ord1198
ord3678

msvcr80

_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
memcpy
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
memset
_CxxThrowException
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_exit
_cexit
__wgetmainargs
_amsg_exit
_wsetlocale
wcschr
swprintf_s
strcpy_s
sprintf_s
wcsncmp
__RTDynamicCast
_purecall
iswxdigit
iswdigit
isalnum
strnlen
_localtime64_s
_time64
_wcsdup
_resetstkoflw
malloc
_recalloc
free
calloc
memcpy_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
wcsstr
memmove_s
ceil
swscanf_s
wcscat_s
wcscpy_s
_wcsnicmp
_wtoi
_invalid_parameter_noinfo
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
wcsnlen
_wcsicmp
__CxxFrameHandler3
__p__commode

kernel32

EnterCriticalSection
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
MoveFileExW
DeleteFileW
lstrcmpW
HeapAlloc
HeapFree
GetProcessHeap
GetLastError
LoadLibraryW
FreeLibrary
GetProcAddress
FindClose
FindNextFileW
FindFirstFileW
InterlockedDecrement
GetSystemDirectoryW
LoadResource
MulDiv
LockResource
GetLocalTime
GetShortPathNameW
CreateFileW
GetFileSize
HeapReAlloc
HeapSize
SetFileAttributesW
WriteFile
SetEndOfFile
GetFileAttributesW
ReadFile
Sleep
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
InterlockedExchange
lstrlenW
GetCurrentThread
GetCurrentProcess
VerifyVersionInfoW
GetDiskFreeSpaceExW
LocalAlloc
GetVersionExW
GetModuleFileNameW
LocalFree
CloseHandle
VerSetConditionMask
GetModuleHandleW
CopyFileW
GetCurrentProcessId
GetCurrentThreadId
WideCharToMultiByte
GetSystemDefaultLangID
GetTickCount
ResumeThread
WaitForSingleObject
SuspendThread
TerminateThread
TerminateProcess
SetProcessWorkingSetSize
DeleteCriticalSection
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSection
GetWindowsDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
ReleaseMutex
GetUserDefaultUILanguage
FindResourceW

user32

GetForegroundWindow
GetWindowThreadProcessId
GetMessagePos
BeginDeferWindowPos
EndDeferWindowPos
ScreenToClient
GetSubMenu
GetCursorPos
RegisterWindowMessageW
DestroyMenu
IsIconic
AppendMenuW
CreateMenu
CreatePopupMenu
DeleteMenu
InvalidateRect
GetDlgItem
IsDlgButtonChecked
IsWindowVisible
WaitForInputIdle
GetParent
KillTimer
SetTimer
SendMessageW
EnableWindow
SetRect
DestroyIcon
DrawIconEx
ReleaseDC
ReleaseCapture
GetMenuItemCount
GetWindowRect
ShowWindowAsync
DeferWindowPos
OpenClipboard
EmptyClipboard
GetSystemMetrics
GetDC
CloseClipboard
LoadCursorW
TrackMouseEvent
UpdateLayeredWindow
SetWindowLongW
WindowFromPoint
GetWindow
LoadIconW
SetCapture
AttachThreadInput
MessageBoxW
IsWindow
SetForegroundWindow
PostMessageW
SendMessageTimeoutW
FindWindowW
SetMenuItemInfoW
EnableMenuItem
IsRectEmpty
OffsetRect
SystemParametersInfoW
CheckDlgButton
SetCursor
SetRectEmpty

gdi32

ExtEscape
CreateDCW
CreateRectRgn
PtInRegion
CombineRgn
DeleteObject
DeleteDC
SelectObject
CreateCompatibleDC
GetObjectW
CreateDIBSection
SetDIBColorTable
SetDIBits
GetObjectA
CreateFontW
GetDIBits

msimg32

AlphaBlend

winspool.drv

ord203
OpenPrinterW
GetPrinterDriverW
ClosePrinter
EnumPrintersW
GetPrinterW

advapi32

InitializeSecurityDescriptor
InitializeAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
FreeSid
RegQueryValueExW
RegCloseKey
AccessCheck
RegOpenKeyExW
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
OpenThreadToken
OpenProcessToken
DuplicateToken
AllocateAndInitializeSid
GetLengthSid
AddAccessAllowedAce

shell32

ExtractIconW
ShellExecuteW
Shell_NotifyIconW
ShellExecuteExW
SHGetFolderPathW
SHCreateDirectoryExW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathAddBackslashW
PathAppendW
PathRemoveFileSpecW
SHDeleteKeyW
PathFileExistsW
PathIsDirectoryW

ole32

OleRun
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantTimeToSystemTime
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString
SysStringLen
SystemTimeToVariantTime
GetErrorInfo

gdiplus

GdipGetImageHeight
GdipCreateSolidFill
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipDeleteFontFamily
GdipBitmapUnlockBits
GdipCreatePath
GdipFillRectangleI
GdipAlloc
GdipDeletePath
GdipBitmapLockBits
GdipCloneImage
GdipSetPenMode
GdipCreateStringFormat
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipFree
GdipDrawRectangleI
GdipSetClipRectI
GdipDeleteFont
GdipSetStringFormatLineAlign
GdipDeleteBrush
GdipSetSmoothingMode
GdipSetStringFormatFlags
GdipCloneBrush
GdipGetFamily
GdipAddPathStringI
GdipGetImagePalette
GdipGetFontSize
GdipGetFontStyle
GdipCreatePen2
GdipDeletePen
GdipDrawPath
GdiplusShutdown
GdipCreateBitmapFromFile
GdipGetImagePaletteSize
GdipFillPath
GdiplusStartup
GdipGetPathWorldBounds
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipAddPathString
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawImageI
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImagePixelFormat

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

Sections

.text
Size: 696KB - Virtual size: 695KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 300KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nrdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c6a7b29cc0ac50e1b00b2659d18991b7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

44:2f:9c:58:b6:1e:1d:98:33:71:9f:44:9e:43:66:8aCertificate

Extended Key Usages

Key Usages

ce:b7:e9:32:69:da:55:30:16:7b:46:51:6e:0c:f9:06:48:24:53:bfSigner

Headers

File Characteristics

PDB Paths

Imports

version

mfc80u

msvcr80

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

msvcp80

winmm

Sections

.text Size: 696KB - Virtual size: 695KB

.rdata Size: 144KB - Virtual size: 141KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 300KB - Virtual size: 298KB

.nrdata Size: 72KB - Virtual size: 72KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

44:2f:9c:58:b6:1e:1d:98:33:71:9f:44:9e:43:66:8a
Certificate

ce:b7:e9:32:69:da:55:30:16:7b:46:51:6e:0c:f9:06:48:24:53:bf
Signer

.text
Size: 696KB - Virtual size: 695KB

.rdata
Size: 144KB - Virtual size: 141KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 300KB - Virtual size: 298KB

.nrdata
Size: 72KB - Virtual size: 72KB