bf721f1766ba755c60bafb5a6eca4d74_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bf721f1766ba755c60bafb5a6eca4d74_JaffaCakes118
Size

546KB
MD5

bf721f1766ba755c60bafb5a6eca4d74
SHA1

695ec7b74e45ee3aa8d68f830399221df27a8b8f
SHA256

e064df1562e06adf55e97960e0a5f4b373e6551aaa97d8f00fbc95fc14da34ed
SHA512

6fb3ef3778b942299553031a3d6ade48706724a2c46bd475b8f8f6f9d46e9f75e8ec7a38e5e51b6fd96595d4ed4dc1a4f13450cd51d99a3730c4e91539d1ea36
SSDEEP

12288:+l15wqCHA8MYD8JLTx2c4ShJ74QRR0IA+Emk3usqEPQz:+l1Q/bD8J3xESX0IA+EBvkz

Score

1^/10

Malware Config

Signatures

Files

bf721f1766ba755c60bafb5a6eca4d74_JaffaCakes118
.exe windows:4 windows x86 arch:x86

600898bba3b4a4d5b0e1658185f14b1e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4d:11:69:65:8d:9d:5f:57:78:b1:8a:36:19:c6:0b:57
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

16/05/2013, 23:59

Subject

CN=Conexant Systems\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Universal & Voice Access,O=Conexant Systems\, Inc.,L=Newport Beach,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:67:27:4a:87:4d:6e:12:7e:aa:b2:d7:86:c9:33:1d:b2:f7:1d:e2
Signer

Actual PE Digest

01:67:27:4a:87:4d:6e:12:7e:aa:b2:d7:86:c9:33:1d:b2:f7:1d:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\iag\temp\rad87612_tsaij1\release\CAudioFilterAgentXP.pdb

Imports

winmm

mixerOpen
mixerGetDevCapsA
mixerClose
mixerGetLineInfoA
mixerGetLineControlsA
mixerGetControlDetailsA
mixerSetControlDetails
waveOutOpen
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutClose
waveOutPause
waveOutWrite
waveOutRestart
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInUnprepareHeader
waveInReset
waveInClose
waveInAddBuffer
waveInStart
waveOutReset
waveInStop
mixerGetNumDevs

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
CM_Get_DevNode_Status
SetupDiOpenDevRegKey

kernel32

GlobalFree
GlobalAddAtomA
GetCurrentProcessId
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GlobalFlags
InterlockedIncrement
GetVersionExA
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
GetThreadLocale
WriteFile
SetFilePointer
FlushFileBuffers
GetCurrentProcess
SetErrorMode
GetCPInfo
GetOEMCP
HeapAlloc
HeapFree
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RaiseException
RtlUnwind
ExitProcess
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
GetStdHandle
GetACP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GlobalUnlock
FormatMessageA
InterlockedDecrement
GetModuleFileNameW
WritePrivateProfileStringA
GetCurrentThread
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
GetProcAddress
SetLastError
GetVersion
CompareStringA
InterlockedExchange
MultiByteToWideChar
lstrlenA
GetCurrentThreadId
GetModuleHandleA
LocalAlloc
LocalFree
OutputDebugStringA
DeviceIoControl
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
VirtualFree
VirtualAlloc
Sleep
GetLastError
CreateFileA
CloseHandle
CreateEventA
MulDiv
ReadFile

user32

GetForegroundWindow
IsWindow
RemovePropA
GetPropA
SetPropA
GetClassLongA
WinHelpA
RegisterWindowMessageA
ShowWindow
GetSysColorBrush
DestroyMenu
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetMenu
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetSysColor
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
GetCapture
ClientToScreen
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetMessageA
GetActiveWindow
IsWindowVisible
SendMessageA
GetKeyState
GetCursorPos
ValidateRect
PostMessageA
SetWindowsHookExA
CallNextHookEx
UnhookWindowsHookEx
PeekMessageA
MsgWaitForMultipleObjects
PostQuitMessage
DefWindowProcA
DispatchMessageA
TranslateMessage
CreateWindowExA
GetClientRect
GetDesktopWindow
RegisterClassExA
LoadCursorA
LoadIconA
ReleaseDC
GetDC
UnregisterClassA
GetMenuState

gdi32

SetMapMode
GetClipBox
PtVisible
RectVisible
TextOutA
DeleteDC
SetTextColor
ScaleWindowExtEx
SetWindowExtEx
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetStockObject
CreateFontA
GetDeviceCaps
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
DeleteObject
Escape
ExtTextOutA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA
RegCloseKey
RegQueryValueExA

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA
PathFindFileNameA

ole32

CoUninitialize
CoInitialize

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 332KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

600898bba3b4a4d5b0e1658185f14b1e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

4d:11:69:65:8d:9d:5f:57:78:b1:8a:36:19:c6:0b:57Certificate

Extended Key Usages

Key Usages

01:67:27:4a:87:4d:6e:12:7e:aa:b2:d7:86:c9:33:1d:b2:f7:1d:e2Signer

Headers

File Characteristics

PDB Paths

Imports

winmm

setupapi

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

shlwapi

ole32

oleaut32

Sections

.text Size: 156KB - Virtual size: 153KB

.rdata Size: 332KB - Virtual size: 328KB

.data Size: 8KB - Virtual size: 40KB

.rsrc Size: 40KB - Virtual size: 36KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

4d:11:69:65:8d:9d:5f:57:78:b1:8a:36:19:c6:0b:57
Certificate

01:67:27:4a:87:4d:6e:12:7e:aa:b2:d7:86:c9:33:1d:b2:f7:1d:e2
Signer

.text
Size: 156KB - Virtual size: 153KB

.rdata
Size: 332KB - Virtual size: 328KB

.data
Size: 8KB - Virtual size: 40KB

.rsrc
Size: 40KB - Virtual size: 36KB