b74be471ab4665d360fb6fb9b228a9cd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b74be471ab4665d360fb6fb9b228a9cd_JaffaCakes118
Size

982KB
MD5

b74be471ab4665d360fb6fb9b228a9cd
SHA1

871f0789314f6afc3859010357ae3d002789b215
SHA256

1989b5ef475067cfe1cad1825977794268ed9614e682fc9b6e82161c63cfb970
SHA512

34d9a09879c38cd8bd9d62af4ad108a4a76d8602f16d987709e97c6e6e0861b755670b09a85087756cc29b7352aa2c16f05f7623efb75ad8345c55370f59cac5
SSDEEP

12288:9krPlOOrKB/De/z/Pu7DO93zblEOGSEzUWzblE4wEQRUTEcfv44IdmIKn1:L/S/z/Ui93+O2+bc34c1

Score

1^/10

Malware Config

Signatures

Files

b74be471ab4665d360fb6fb9b228a9cd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0e2ce52527128e46a49e053012f3d413

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:ee:2c:9d:ad:71:45:09:44:a1:13:71:a8:0c:00:69
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/03/2008, 00:00

Not After

23/04/2011, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ISWQL,O=Intel Corporation,L=Folsom,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:8e:bb:d6:8b:72:b1:c8:ea:7b:ac:fe:54:26:cc:95:49:b7:d5:ed
Signer

Actual PE Digest

7c:8e:bb:d6:8b:72:b1:c8:ea:7b:ac:fe:54:26:cc:95:49:b7:d5:ed

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\ccviews\autobuild1_br-0907-2926_5.2_snapshot\workingdirectory2\solinstaller\1.1.56\installer\mesol\release\Setup.pdb

Imports

setupapi

SetupDiSetClassInstallParamsW
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
SetupDiEnumDeviceInfo
SetupDiSetDeviceRegistryPropertyW
SetupDiOpenDevRegKey
SetupDiGetClassDevsW
SetupCloseInfFile
SetupFindNextLine
SetupGetLineTextW
SetupFindFirstLineW
SetupOpenInfFileW
SetupDiGetINFClassW
SetupGetStringFieldW
SetupDiGetDeviceInstanceIdW
CM_Reenumerate_DevNode
CM_Reenumerate_DevNode_Ex
CM_Locate_DevNodeW
SetupCopyOEMInfW
SetupDiGetDeviceRegistryPropertyW

difxapi

DriverPackageGetPathW
DriverPackagePreinstallW
DriverPackageInstallW
DriverPackageUninstallW
DIFXAPISetLogCallbackW

shlwapi

PathFindFileNameW
PathRemoveArgsW
PathStripPathW
SHDeleteEmptyKeyW
SHDeleteKeyW
PathAppendW
PathAddBackslashW
PathIsDirectoryEmptyW
PathIsRootW
PathRemoveFileSpecW
PathFileExistsW

kernel32

LocalFree
GetLastError
WriteProfileStringW
GetProfileStringW
lstrcpyW
SetLastError
CloseHandle
WaitForSingleObject
ReadFile
GetFileSize
CreateFileW
MultiByteToWideChar
LockResource
LoadResource
SizeofResource
FindResourceW
SetEvent
CreateEventW
CreateThread
VerifyVersionInfoW
VerSetConditionMask
FindNextFileW
FindClose
FindFirstFileW
GetLocalTime
GetCurrentProcess
GetProcAddress
GetModuleHandleW
GetSystemInfo
GetVersionExW
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
FreeLibrary
LoadLibraryW
GetSystemDirectoryW
GetFileAttributesW
WriteFile
CreateFileA
LocalAlloc
GetTempPathA
GetModuleFileNameW
GetWindowsDirectoryW
RemoveDirectoryW
MoveFileExW
DeleteFileW
SetFileAttributesW
Sleep
CopyFileW
ExitProcess
CreateProcessW
GetLocaleInfoW
SetFilePointer
GetExitCodeProcess
ConvertDefaultLocale
GetSystemDefaultLangID
EnumResourceLanguagesW
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetOEMCP
GetACP
HeapSize
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
GetProcessHeap
GetVersionExA
GetModuleHandleA
HeapAlloc
HeapFree
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
GetStdHandle
LoadLibraryA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetModuleFileNameA
UnhandledExceptionFilter
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte

user32

SetWindowPos
GetDlgItem
SendMessageW
wsprintfW
SetWindowTextW
SetDlgItemTextW
EndDialog
SendDlgItemMessageW
GetWindowModuleFileNameW
DialogBoxParamW
GetWindowThreadProcessId
LoadImageW
MapDialogRect
EnableWindow
ShowWindow
SetTimer
KillTimer
EnumWindows
LoadStringW
PostMessageW
MessageBoxW
MessageBoxIndirectW
ReleaseDC
GetDC
ExitWindowsEx
SetFocus
LoadIconW

gdi32

SelectObject
GetTextExtentPoint32W
SetTextColor
SetBkMode
GetStockObject
GetObjectW
DeleteObject
CreateFontW
CreateFontIndirectW

advapi32

RegDeleteValueW
RegCreateKeyExW
RegEnumValueW
CreateServiceW
ChangeServiceConfigW
ChangeServiceConfig2W
StartServiceW
QueryServiceStatus
QueryServiceConfigW
OpenSCManagerW
CloseServiceHandle
OpenServiceW
ControlService
DeleteService
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueExW
RegQueryValueExW
IsTextUnicode
RegCloseKey

shell32

ShellExecuteW
ShellExecuteA
SHGetFolderPathW
SHCreateDirectoryExW

ole32

OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExW
GetModuleBaseNameW

msports

ComDBReleasePort
ComDBOpen
ComDBClaimPort
ComDBClose
ComDBGetCurrentPortUsage

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 324KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 576KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e2ce52527128e46a49e053012f3d413

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

48:ee:2c:9d:ad:71:45:09:44:a1:13:71:a8:0c:00:69Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

7c:8e:bb:d6:8b:72:b1:c8:ea:7b:ac:fe:54:26:cc:95:49:b7:d5:edSigner

Headers

File Characteristics

PDB Paths

Imports

setupapi

difxapi

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

psapi

msports

version

Sections

.text Size: 324KB - Virtual size: 323KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 576KB - Virtual size: 572KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

48:ee:2c:9d:ad:71:45:09:44:a1:13:71:a8:0c:00:69
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

7c:8e:bb:d6:8b:72:b1:c8:ea:7b:ac:fe:54:26:cc:95:49:b7:d5:ed
Signer

.text
Size: 324KB - Virtual size: 323KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 576KB - Virtual size: 572KB