b79a6b76fcb301bcf8fd081c45b15ec3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b79a6b76fcb301bcf8fd081c45b15ec3_JaffaCakes118
Size

821KB
MD5

b79a6b76fcb301bcf8fd081c45b15ec3
SHA1

2135ecf8c28e59047b1bbf108caf783cc5d5cca7
SHA256

ba37582b3fc7d84ea0b522ca291105c591bbeb8e74bfc69530dce8e44bfd78e5
SHA512

3fde5a34cd99adf1d402c2d0034e86f19acc9f194f236b9c03f7c38268d3486f88b8f15c9bf01fc53ef94c535a4ecb5e801144aa1118aa74e1ef47d2921ce9c2
SSDEEP

12288:wkm5HLZ7QpYom1UM1jhSL26licf1EjunSOgH3nSsNh2DTVIfOVDrldcBo1Kiav:wkm5r5GohL6ltYuWIDTefOVDrfcBo18v

Score

1^/10

Malware Config

Signatures

Files

b79a6b76fcb301bcf8fd081c45b15ec3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f0e143752b8ac24d1f1b86c8a7a756c7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:d0:31:17:41:69:a1:cc:35:7d:78:a1:44:bf:a9:03
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/06/2010, 00:00

Not After

17/06/2011, 23:59

Subject

CN=NCsoft,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=NCsoft,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:e6:73:6e:47:c1:69:b4:fc:e0:68:d9:d5:0d:18:1e:ba:b3:09:93
Signer

Actual PE Digest

78:e6:73:6e:47:c1:69:b4:fc:e0:68:d9:d5:0d:18:1e:ba:b3:09:93

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Depot\core\ncdepot\nctools\tools\GameAdvisor\bin\win32_vc8\GameAdvisor.pdb

Imports

kernel32

Process32Next
CreateToolhelp32Snapshot
Module32Next
Process32First
GetFileSize
SetFilePointer
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetVersionExA
lstrcpyA
lstrlenA
GlobalAddAtomA
DeleteAtom
GlobalUnlock
GlobalLock
LoadResource
MulDiv
GlobalAlloc
GetModuleHandleA
LockResource
FindResourceA
SizeofResource
GetCommandLineA
GetTickCount
Sleep
MoveFileA
GetSystemDefaultLangID
GetACP
ResetEvent
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
Module32First
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetConsoleMode
GetConsoleCP
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
HeapSize
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
IsValidCodePage
GetOEMCP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
DeleteFileA
GetTempFileNameA
GetLastError
GetTempPathA
CreateEventA
ReadFile
TerminateProcess
CreateProcessA
CloseHandle
SetEvent
WriteFile
CreateFileA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
ExitProcess
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
RaiseException
GetStartupInfoA
GetProcessHeap
HeapAlloc
HeapFree
CreateThread
ResumeThread
ExitThread
CreatePipe
GetWindowsDirectoryA
WaitForSingleObject
InitializeCriticalSection
WaitForMultipleObjects

user32

SetPropA
DrawFocusRect
GetDC
GetClientRect
RemovePropA
GetParent
GetPropA
SetCapture
LoadCursorA
CallWindowProcA
GetWindowRect
ScreenToClient
SetWindowLongA
SetCursor
SetWindowTextA
EndDialog
KillTimer
SetTimer
CheckMenuItem
ModifyMenuA
LoadIconA
DialogBoxParamA
UpdateWindow
DispatchMessageA
PostQuitMessage
GetWindowLongA
ReleaseDC
MessageBoxA
GetDlgItem
ReleaseCapture
TranslateMessage
LoadBitmapA
SetDlgItemTextA
EndPaint
BeginPaint
GetWindowTextA
IsDialogMessageA
CreateDialogParamA
GetMenu
EnableMenuItem
TranslateAcceleratorA
DefWindowProcA
LoadAcceleratorsA
ShowWindow
DestroyWindow
DrawMenuBar
RemoveMenu
GetMessageA
SendMessageA

gdi32

GetObjectA
SetTextColor
CreateFontIndirectA
DeleteObject
GetDeviceCaps

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegEnumValueA

shell32

ShellExecuteExA
SHGetSpecialFolderPathA

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

wininet

InternetCloseHandle
InternetOpenUrlA
InternetReadFile
HttpQueryInfoA
InternetOpenA

ws2_32

gethostbyaddr
ioctlsocket
closesocket
WSASetLastError
connect
getservbyname
inet_ntoa
WSACleanup
getservbyport
ntohs
htons
WSAGetLastError
select
htonl
inet_addr
gethostbyname
WSAStartup
socket
__WSAFDIsSet

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

comctl32

ImageList_Add
ImageList_Destroy
ImageList_Create
ImageList_SetOverlayImage

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 628KB - Virtual size: 626KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0e143752b8ac24d1f1b86c8a7a756c7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1c:d0:31:17:41:69:a1:cc:35:7d:78:a1:44:bf:a9:03Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

78:e6:73:6e:47:c1:69:b4:fc:e0:68:d9:d5:0d:18:1e:ba:b3:09:93Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

ws2_32

version

comctl32

Sections

.text Size: 100KB - Virtual size: 98KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 628KB - Virtual size: 626KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1c:d0:31:17:41:69:a1:cc:35:7d:78:a1:44:bf:a9:03
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

78:e6:73:6e:47:c1:69:b4:fc:e0:68:d9:d5:0d:18:1e:ba:b3:09:93
Signer

.text
Size: 100KB - Virtual size: 98KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 628KB - Virtual size: 626KB