b3d41aef55a7c304db21599544fda949_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b3d41aef55a7c304db21599544fda949_JaffaCakes118
Size

2.4MB
MD5

b3d41aef55a7c304db21599544fda949
SHA1

b3fc8134f882647b89154744fea2c3408204c2a2
SHA256

4892f19c94a2b5e6603de1f0fd2be887fde1ca4a86d62f2686d8f827135a6f3f
SHA512

c42318872f88cbc88627672ba458716b07495e34257cac000bd4f294d0bab62e20f5f01b87adbee3a8dfc1157050d9f6907eafcab4d44702f2f9cc75cbbaffe8
SSDEEP

49152:XTVMpEDD1LLiaRcWHE16uk/i/GJME7CZT6Ro:eaDZLLJJukUk9q

Score

1^/10

Malware Config

Signatures

Files

b3d41aef55a7c304db21599544fda949_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9de33b2a21a491488046788542da287a

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:5e:09:3a:8f:b3:27:45:99:e7:07:d8:45:d6:48:98
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

05/03/2009, 09:05

Not After

04/03/2012, 09:05

Subject

CN=Ongame Network Ltd,OU=Secure Application Development,O=Ongame Network Ltd,L=Gibraltar,ST=Gibraltar,C=GI

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0c:4e:5b:db:de:03:5e:b5:31:05:68:c5:95:29:96:99:8d:84:9f:2d
Signer

Actual PE Digest

0c:4e:5b:db:de:03:5e:b5:31:05:68:c5:95:29:96:99:8d:84:9f:2d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

ntohs

wininet

InternetOpenA
InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle

gdi32

GetPixel
SetPixel
Polyline
PolyBezier
TextOutW
SetROP2
GetCharABCWidthsW
GetTextExtentExPointW
SetWindowOrgEx
SetViewportOrgEx
SetWindowExtEx
SetViewportExtEx
SetMapMode
GetBkColor
GetTextColor
SelectClipRgn
Arc
Pie
Polygon
SetPolyFillMode
PolyPolygon
Rectangle
RoundRect
Ellipse
SetBrushOrgEx
CreateCompatibleBitmap
BitBlt
MaskBlt
StretchBlt
StretchDIBits
CreateBitmap
LineTo
DeleteObject
OffsetRgn
ExtCreateRegion
GetRegionData
CombineRgn
CreateRectRgnIndirect
RectInRegion
ExtFloodFill
GetRgnBox
EqualRgn
PtInRegion
PatBlt
CreateICW
CreateDIBSection
GetDIBits
CreateDIBitmap
GetDIBColorTable
GetSystemPaletteEntries
EnumFontFamiliesExW
GetEnhMetaFileW
CopyEnhMetaFileW
DeleteEnhMetaFile
SetAbortProc
EndDoc
StartPage
EndPage
StartDocW
CreateDCW
ExtSelectClipRgn
GetClipBox
SetTextColor
SetBkColor
SetStretchBltMode
DeleteDC
CreateCompatibleDC
GetObjectW
SaveDC
RestoreDC
SetBkMode
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePatternBrush
CreateSolidBrush
CreateHatchBrush
CreateFontIndirectW
ExcludeClipRect
CreateRectRgn
GetTextExtentPoint32W
SelectPalette
RealizePalette
GdiFlush
SelectObject
GetTextMetricsW
GetStockObject
CreatePen
ExtCreatePen
SetTextAlign
GetDeviceCaps
MoveToEx

user32

PostThreadMessageW
EnumDisplaySettingsW
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
LoadStringW
PeekMessageW
ChangeDisplaySettingsW
ShowCursor
SetClipboardData
RegisterClipboardFormatW
DrawStateW
DrawEdge
GetMessagePos
MapWindowPoints
GetMenuStringW
DefMDIChildProcW
TranslateMDISysAccel
DefFrameProcW
ChildWindowFromPoint
InsertMenuItemW
GetSubMenu
CreateMenu
AppendMenuW
InsertMenuW
RemoveMenu
DestroyMenu
CreatePopupMenu
SetMenuItemInfoW
UnionRect
ModifyMenuW
CheckMenuRadioItem
CheckMenuItem
GetMenuState
DestroyCursor
TranslateAcceleratorW
CreateAcceleratorTableW
DestroyAcceleratorTable
ValidateRect
GetMessageW
HideCaret
OpenClipboard
IsClipboardFormatAvailable
CloseClipboard
keybd_event
SetTimer
KillTimer
GetForegroundWindow
OffsetRect
DrawFocusRect
DrawTextW
CopyRect
CreateDialogIndirectParamW
UnregisterClassW
FlashWindow
SetWindowRgn
AdjustWindowRectEx
GetSystemMenu
EnableMenuItem
DrawMenuBar
GetDesktopWindow
IsIconic
IsZoomed
BringWindowToTop
GetUpdateRect
DrawIcon
SetMenu
SetForegroundWindow
GetWindowTextLengthW
GetWindowTextW
GetClassNameW
LoadImageW
DestroyIcon
LoadBitmapW
LoadIconW
CreateIconIndirect
GetIconInfo
DrawIconEx
DrawFrameControl
BeginPaint
GetWindowDC
EndPaint
GetDlgItem
CreateDialogParamW
InflateRect
GetUpdateRgn
GetSysColor
SetWindowsHookExW
IsDialogMessageW
TrackPopupMenu
IsWindow
PtInRect
GetCapture
UnhookWindowsHookEx
UnregisterHotKey
RegisterHotKey
CallNextHookEx
GetActiveWindow
GetMenuItemCount
GetMenuItemInfoW
SystemParametersInfoW
GetMessageTime
GetWindow
BeginDeferWindowPos
EndDeferWindowPos
InvalidateRect
SetWindowTextW
GetFocus
IsWindowEnabled
IsWindowVisible
CallWindowProcW
DeferWindowPos
MoveWindow
ClientToScreen
ScreenToClient
UpdateWindow
RedrawWindow
SetParent
GetCursorPos
WindowFromPoint
GetParent
ScrollWindow
SetScrollInfo
GetScrollInfo
SetCursorPos
ReleaseCapture
SetCapture
ShowWindow
EnableWindow
SetFocus
SetWindowPos
SetWindowLongW
GetWindowLongW
FillRect
GetClientRect
GetWindowRect
GetKeyState
GetSystemMetrics
GetAsyncKeyState
GetDC
ReleaseDC
DispatchMessageW
TranslateMessage
PostQuitMessage
DdePostAdvise
DdeConnect
DdeNameService
DdeCreateStringHandleW
DdeClientTransaction
DdeDisconnect
DdeInitializeW
DdeGetLastError
DdeCreateDataHandle
DdeGetData
DdeFreeDataHandle
DdeUninitialize
DdeQueryStringW
DdeFreeStringHandle
DestroyWindow
DefWindowProcW
SendMessageW
LoadCursorW
SetCursor
PostMessageW
RegisterClassW
MessageBeep
CreateWindowExW

comdlg32

ChooseFontW
CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW
PrintDlgW
PageSetupDlgW
ChooseColorW

advapi32

RegisterEventSourceA
DeregisterEventSource
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ReportEventA

comctl32

ord17
CreateStatusWindowW
ImageList_GetIconSize
ImageList_Draw
ImageList_GetImageCount
ImageList_Destroy
ImageList_EndDrag
ImageList_DragMove
ImageList_DragEnter
ImageList_DragLeave
ImageList_SetDragCursorImage
ImageList_ReplaceIcon
ImageList_Create
ImageList_BeginDrag
ImageList_Add

shell32

ExtractIconW
DragQueryFileW
DragFinish
ExtractIconExW
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListW
DragQueryPoint
SHGetFolderPathW
SHGetMalloc
ShellExecuteExW

ole32

RegisterDragDrop
CoLockObjectExternal
OleUninitialize
CoCreateInstance
RevokeDragDrop
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
ReleaseStgMedium
OleGetClipboard
OleInitialize

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

GetCommandLineA
WriteConsoleW
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FormatMessageA
MoveFileW
CreateDirectoryW
DeleteFileW
RemoveDirectoryW
GetFullPathNameW
GetCurrentDirectoryA
CreateFileA
GetStartupInfoA
InterlockedExchange
InterlockedCompareExchange
FlushConsoleInputBuffer
GetVersionExA
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetVersion
HeapSize
GlobalFree
GlobalSize
GlobalAlloc
GlobalUnlock
GlobalLock
SetErrorMode
GetCommandLineW
LocalAlloc
SetLastError
ExpandEnvironmentStringsW
CreateThread
ReadFile
RaiseException
WriteFile
FindNextFileW
FreeLibrary
GetThreadLocale
SetCurrentDirectoryW
CopyFileW
GetFileAttributesW
GetFileType
GetWindowsDirectoryW
TerminateProcess
GetModuleFileNameW
GlobalMemoryStatus
SetEnvironmentVariableW
IsValidCodePage
GetCPInfo
GetEnvironmentVariableW
GetCurrentProcessId
IsValidLocale
GetACP
GetTempFileNameW
FindFirstFileW
FindClose
GetTempPathW
SystemTimeToFileTime
CreateFileW
GetStdHandle
FormatMessageW
LocalFree
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
TlsAlloc
TlsSetValue
TlsFree
TlsGetValue
ResumeThread
InterlockedDecrement
InterlockedIncrement
ReleaseMutex
LoadLibraryW
Sleep
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetEvent
ReleaseSemaphore
HeapFree
GetProcessHeap
HeapAlloc
CompareStringW
GetSystemTimeAsFileTime
CloseHandle
DuplicateHandle
CreateSemaphoreA
CreateEventA
OutputDebugStringW
GetSystemInfo
GetModuleHandleW
GetProcAddress
HeapReAlloc
GetModuleHandleA
GetCurrentProcess
GetUserDefaultLCID
GetLocaleInfoW
GetCurrentDirectoryW
GetVersionExW
ExitThread
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
GetTimeZoneInformation
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeFormatA
GetDateFormatA
GetDriveTypeA
GetLocaleInfoA
EnumSystemLocalesA
WriteConsoleA
GetConsoleOutputCP
SetEndOfFile
GetLastError
WaitForSingleObject
GetExitCodeProcess
SetEnvironmentVariableA
CreateMutexA
ResetEvent
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerW
GetStringTypeExW
CompareStringA

Exports

Exports

root_suite

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 560KB - Virtual size: 559KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9de33b2a21a491488046788542da287a

Code Sign

0aCertificate

Extended Key Usages

Key Usages

6c:5e:09:3a:8f:b3:27:45:99:e7:07:d8:45:d6:48:98Certificate

Extended Key Usages

0c:4e:5b:db:de:03:5e:b5:31:05:68:c5:95:29:96:99:8d:84:9f:2dSigner

Headers

File Characteristics

Imports

wsock32

wininet

gdi32

user32

comdlg32

advapi32

comctl32

shell32

ole32

version

kernel32

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 560KB - Virtual size: 559KB

.data Size: 100KB - Virtual size: 262KB

.tls Size: 4KB - Virtual size: 2B

.rsrc Size: 4KB - Virtual size: 452B

0a
Certificate

6c:5e:09:3a:8f:b3:27:45:99:e7:07:d8:45:d6:48:98
Certificate

0c:4e:5b:db:de:03:5e:b5:31:05:68:c5:95:29:96:99:8d:84:9f:2d
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 560KB - Virtual size: 559KB

.data
Size: 100KB - Virtual size: 262KB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 4KB - Virtual size: 452B