b72a06b3bf1a1f29f0bd4eb7e6a0189e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b72a06b3bf1a1f29f0bd4eb7e6a0189e_JaffaCakes118
Size

495KB
MD5

b72a06b3bf1a1f29f0bd4eb7e6a0189e
SHA1

6fe5b65e0beb14e626116515aac6fb9f9c95cb2f
SHA256

2f5026114420361d639490f55e2636bbc6af960aea292f6b2eb0b6c86fd8e79b
SHA512

aa3624fb26404930db3440530c8535f39aa48807d4f67319f682fe3f25cc0a5ec53b33733936e6f98fea5f4a7a874941220f3a17b942e4f930926134a158785a
SSDEEP

6144:L9wK6pgeIOc4kqPbklMe6w4zBDiCtTBjOZhGqszPO44:BwK6CXgkqBw6i8ThOZIL

Score

1^/10

Malware Config

Signatures

Files

b72a06b3bf1a1f29f0bd4eb7e6a0189e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e62fa2a57a6b59eb4d60f09aca71e512

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:e5:a6:55:bd:49:a7:cb:88:71:3b:ac:50:44:39:b6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

14/06/2007, 00:00

Not After

13/08/2010, 23:59

Subject

CN=Fiberlink Communications,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Security,O=Fiberlink Communications,L=Blue Bell,ST=Pennsylvania,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\e360\Project\e360\e360 UI\e360Skin\Release\e360.pdb

Imports

shfolder

SHGetFolderPathW

mfc80u

ord2832
ord2708
ord5562
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord3800
ord5579
ord2054
ord6274
ord3795
ord6272
ord4008
ord4032
ord425
ord2239
ord1121
ord3824
ord5113
ord5714
ord6075
ord6147
ord745
ord557
ord761
ord573
ord3249
ord605
ord356
ord3176
ord1611
ord4729
ord4206
ord3635
ord746
ord3812
ord5426
ord663
ord426
ord558
ord2167
ord1299
ord2155
ord1386
ord3590
ord3678
ord2366
ord760
ord5210
ord1393
ord5911
ord6721
ord572
ord380
ord3195
ord5489
ord629
ord1430
ord6284
ord384
ord664
ord5434
ord5427
ord427
ord3434
ord6061
ord5319
ord2897
ord630
ord2012
ord3050
ord2365
ord6140
ord5821
ord4334
ord6086
ord4112
ord602
ord1957
ord1270
ord347
ord4109
ord4573
ord4920
ord593
ord5119
ord334
ord5117
ord5120
ord2111
ord5621
ord4049
ord6206
ord911
ord2465
ord2299
ord3088
ord5873
ord3781
ord723
ord1000
ord531
ord3290
ord2984
ord2340
ord6282
ord5441
ord2265
ord5433
ord5327
ord6293
ord1571
ord3451
ord379
ord3452
ord1058
ord870
ord577
ord283
ord774
ord293
ord1590
ord1646
ord1647
ord2397
ord2409
ord2386
ord2390
ord2392
ord2394
ord2384
ord5229
ord5231
ord1542
ord4193
ord4664
ord4357
ord3058
ord6157
ord2812
ord776
ord4120
ord1605
ord6063
ord3927
ord864
ord899
ord6172
ord2311
ord280
ord2895
ord6161
ord4059
ord3015
ord5464
ord1479
ord6111
ord282
ord6700
ord1472
ord5398
ord2468
ord4026
ord5096
ord1007
ord2009
ord4320
ord566
ord5485
ord1476
ord2460
ord5711
ord5558
ord3990
ord1220
ord2261
ord278
ord2260
ord773
ord865
ord4060
ord290
ord1906
ord6173
ord6167
ord900
ord896
ord287
ord777
ord860
ord284
ord4101
ord2121
ord2696
ord2697
ord5083
ord5484
ord4074
ord268
ord4061
ord866
ord1198
ord3390
ord970
ord2266
ord6014
ord1002
ord3082
ord385
ord3756
ord2444
ord971
ord5466
ord4100
ord5524
ord3017
ord2740
ord2747
ord2744
ord1172
ord894
ord1455
ord6747
ord6165
ord6171
ord1457
ord4475
ord4255
ord3327
ord5425
ord662
ord757
ord1086
ord3634
ord2159
ord1049
ord4574
ord4119
ord2651
ord2560
ord1281
ord5844
ord2632
ord1975
ord2636
ord3894
ord3698
ord3706
ord5388
ord985
ord1384
ord2257
ord2723
ord2674
ord5511
ord4494
ord4361
ord2139
ord6253
ord3785
ord6083
ord2793
ord3930
ord1355
ord5178
ord4884
ord2011
ord1662
ord1661
ord6720
ord5908
ord1609
ord1608
ord3940
ord1392
ord4238
ord5148
ord1899
ord5067
ord6271
ord4179
ord5199
ord3397
ord4716
ord4276
ord1591
ord5956
ord920
ord925
ord929
ord927
ord931
ord2404
ord2388
ord2407
ord2402
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord5196
ord2531
ord2725
ord2829
ord4301
ord2856
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4480
ord4256
ord3175
ord350
ord530
ord604
ord722
ord1894
ord1079
ord1176
ord6001
ord3600
ord762
ord265
ord1908
ord266
ord1178
ord1182
ord764
ord5316
ord6133

msvcr80

_invoke_watson
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_controlfp_s
_wchdir
_wutime64
_mktime64
qsort
strncmp
getc
fputc
ferror
feof
calloc
isalpha
_wtof
_vswprintf
realloc
fwrite
fseek
ftell
fread
memmove
wcsstr
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_waccess
_wsplitpath
_localtime64_s
__CxxFrameHandler3
free
memset
_wcsicmp
memcpy_s
memmove_s
wcsftime
_purecall
malloc
wcsncpy_s
_recalloc
fclose
_time64
fflush
fwprintf
_wfopen
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
ceil
wcsncpy
_wtoi
_wtol
wcschr
wcsncmp
_crt_debugger_hook
_wcsnicmp
strerror
_errno
memcpy

kernel32

GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
lstrlenW
GetThreadLocale
IsValidLocale
DeleteAtom
GlobalGetAtomNameW
LocalAlloc
FormatMessageW
Sleep
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalAlloc
OutputDebugStringW
GlobalFree
GlobalReAlloc
DeleteFileW
GetTempFileNameW
GetTempPathW
RaiseException
GetLocaleInfoW
GetSystemDefaultLangID
LocalFree
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetCurrentDirectoryW
SetFileAttributesW
GetDriveTypeW
MoveFileW
GetDiskFreeSpaceW
SetVolumeLabelW
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
GetLastError
OpenMutexW
GetVersionExW
FreeLibrary
GetProcAddress
LoadLibraryW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
SetEvent
MultiByteToWideChar
WaitForSingleObject
lstrlenA
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
GlobalAddAtomW
ReleaseMutex
CreateMutexW
CreateEventW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CreateFileW
GetCurrentProcess
GetACP
GetLocaleInfoA
GetVersionExA
HeapDestroy
SetProcessWorkingSetSize

user32

TranslateMessage
DispatchMessageW
wsprintfW
KillTimer
SetTimer
PostMessageW
PeekMessageW
CharNextW
PostQuitMessage
GetDC
AnimateWindow
GetSystemMetrics
EnableWindow
CloseClipboard
SetClipboardData
MessageBoxW
EmptyClipboard
SetRect
PtInRect
EnableMenuItem
UnregisterClassA
OpenClipboard
GetDesktopWindow
LoadImageW
LoadIconW
GetClientRect
IsIconic
SendMessageW
GetSystemMenu
SetWindowRgn
GetWindowRect
ClientToScreen
UpdateWindow
GetActiveWindow
SetCapture
GetFocus
SetForegroundWindow
GetForegroundWindow
CharToOemBuffA
OemToCharBuffA
GetClassNameW
GetWindowThreadProcessId
AttachThreadInput
GetParent
GetCursorPos
ReleaseCapture
ReleaseDC
GetAsyncKeyState
IsWindowVisible

gdi32

PatBlt
CreateCompatibleDC
GetObjectW
CreateDIBSection
SelectObject
StretchBlt
GetCurrentObject
GetPixel
ExtCreateRegion
CombineRgn
DeleteDC
DeleteObject
GetDeviceCaps
CreateDIBitmap

advapi32

RegDeleteKeyW
IsTextUnicode
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegEnumKeyExW
RegQueryInfoKeyW
GetUserNameW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW

shell32

ShellExecuteW

comctl32

ord17

shlwapi

PathFindExtensionW
PathFileExistsW
UrlUnescapeW

ole32

CoInitialize
CoGetClassObject
CoInitializeSecurity
CLSIDFromProgID
OleUninitialize
CoTaskMemFree
CoCreateInstance
OleRun
CLSIDFromString
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType
VariantCopy
SysAllocString
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
VarUdateFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
LoadTypeLi
LoadRegTypeLi
SysStringLen
DispCallFunc
VariantClear
VariantInit
SysFreeString
GetErrorInfo

urlmon

FindMimeFromData
CoInternetGetSession

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Sections

.text
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shrd
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e62fa2a57a6b59eb4d60f09aca71e512

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

0e:e5:a6:55:bd:49:a7:cb:88:71:3b:ac:50:44:39:b6Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

shfolder

mfc80u

msvcr80

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

urlmon

msvcp80

Sections

.text Size: 340KB - Virtual size: 339KB

.rdata Size: 128KB - Virtual size: 126KB

.data Size: 8KB - Virtual size: 6KB

.shrd Size: 4KB - Virtual size: 4B

.rsrc Size: 8KB - Virtual size: 5KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

0e:e5:a6:55:bd:49:a7:cb:88:71:3b:ac:50:44:39:b6
Certificate

.text
Size: 340KB - Virtual size: 339KB

.rdata
Size: 128KB - Virtual size: 126KB

.data
Size: 8KB - Virtual size: 6KB

.shrd
Size: 4KB - Virtual size: 4B

.rsrc
Size: 8KB - Virtual size: 5KB