bf62eb931758371a89a28129fee11623_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bf62eb931758371a89a28129fee11623_JaffaCakes118
Size

464KB
MD5

bf62eb931758371a89a28129fee11623
SHA1

c52e42fad5ab7c24548f1477109bce8b65d93e6b
SHA256

00584f8b64aa4f97d9121d660d845bd1e96f7d16aa10802c84c754127412b381
SHA512

58df3e5b1bde5d645100c47a9d01d4763683e6fa3b9ddf3dd01c3c3f2651456122976be57b1ebbb34dae787b5e179c9798c286936edf34287a903490db3880e1
SSDEEP

6144:Kr8piHFtPxik0sSwJPslVkLGJHZIwM1gCX27za1HWYR3:AHXJzPsf26HOjdX2faBH

Score

1^/10

Malware Config

Signatures

Files

bf62eb931758371a89a28129fee11623_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a0dd8f4152aa405ada14046092092f8a

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

27:2a:7e:17:81:b1:a0:13:17:59:73:74:e8:64:12:57
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14/02/2008, 00:00

Not After

13/02/2009, 23:59

Subject

CN=Market Precision\, Inc.,OU=IT,O=Market Precision\, Inc.,L=Cambridge,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e0:5a:ab:68:34:d5:46:2e:26:eb:09:26:b5:a2:97:9a:9c:da:65:1a
Signer

Actual PE Digest

e0:5a:ab:68:34:d5:46:2e:26:eb:09:26:b5:a2:97:9a:9c:da:65:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
ExitThread
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
ExitProcess
HeapReAlloc
lstrlenW
RaiseException
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetProcessHeap
HeapAlloc
HeapFree
GetCommandLineA
FileTimeToLocalFileTime
WritePrivateProfileStringW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetFullPathNameW
GetFileAttributesW
GlobalGetAtomNameW
GlobalFlags
FileTimeToSystemTime
lstrlenA
SetErrorMode
ReleaseMutex
CreateMutexW
CreateEventW
SuspendThread
SetEvent
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetThreadLocale
GetCurrentProcessId
GlobalFree
FormatMessageW
MulDiv
GetModuleHandleA
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
GlobalAlloc
GlobalLock
GlobalUnlock
InterlockedIncrement
SetLastError
InterlockedDecrement
GetFileTime
FindFirstFileW
DeleteFileW
GetTempFileNameW
CreateDirectoryW
GetTempPathW
GetModuleFileNameW
LocalFree
GetLastError
GetCurrentProcess
Sleep
GetTickCount
GetCurrentThreadId
FindClose
MultiByteToWideChar
GetSystemTimeAsFileTime
WideCharToMultiByte
GetProcAddress
LoadLibraryW
GetModuleHandleW
GetVersionExW
FreeLibrary
ResumeThread
WaitForSingleObject
FindResourceW
LoadResource
LockResource
SizeofResource
CloseHandle
WriteFile
CreateFileW
IsValidCodePage

user32

LoadMenuW
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
SetRectEmpty
SetMenu
TranslateAcceleratorW
GetSysColorBrush
DestroyMenu
GetMenuItemInfoW
RegisterClipboardFormatW
UnregisterClassW
CreateDialogIndirectParamW
EndDialog
ShowOwnedPopups
GetMessageW
TranslateMessage
GetActiveWindow
ValidateRect
GetNextDlgTabItem
GetNextDlgGroupItem
PostQuitMessage
SetWindowContextHelpId
MapDialogRect
CharNextW
GetCursorPos
DrawIcon
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowThreadProcessId
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
GetMenuState
EndPaint
BeginPaint
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
ReuseDDElParam
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
PeekMessageW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetScrollRange
GetScrollRange
GetClientRect
CopyRect
UnregisterClassA
SendMessageW
LoadBitmapW
EnableWindow
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
UnhookWindowsHookEx
ReleaseCapture
SetFocus
SetWindowPos
GetFocus
UnpackDDElParam
CharUpperW
PostThreadMessageW
SetCapture
InvalidateRgn
GetWindowRect
GetCapture
PtInRect
InvalidateRect
KillTimer
SetWindowLongW
GetSysColor
IsWindow
FillRect
GetParent
SetCursor
GetDC
LoadCursorW
MessageBeep
CopyIcon
SetTimer
ReleaseDC
InflateRect
GetMessagePos
ScreenToClient
SetPropW
GetWindowDC
RemovePropW
LoadIconW
SetWindowRgn
GetDesktopWindow
SystemParametersInfoW
FindWindowW
GetSystemMetrics
BringWindowToTop
SetActiveWindow
PostMessageW
EnumChildWindows
IsWindowVisible
GetPropW
EqualRect
IntersectRect
OffsetRect
SetRect
IsRectEmpty
IsWindowEnabled
GetWindowLongW
CopyAcceleratorTableW
EnumWindows

gdi32

LPtoDP
Ellipse
GetBkColor
GetTextColor
CreateEllipticRgn
CreateCompatibleBitmap
GetDeviceCaps
CreateBitmap
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
GetMapMode
SetTextColor
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
DeleteObject
MoveToEx
LineTo
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
GetClipBox
GetRgnBox
CreateRectRgnIndirect
CreateRoundRectRgn
FrameRgn
GetTextExtentPoint32W
CreateFontIndirectW
CreateSolidBrush
GetStockObject
CreatePen
BitBlt
SelectObject
CreateCompatibleDC
GetObjectW
RectVisible

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

SetNamedSecurityInfoW
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegCloseKey
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

shell32

DragFinish
DragQueryFileW
ShellExecuteW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CLSIDFromString
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CoUninitialize
CoInitialize
CoCreateInstance
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantInit
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SafeArrayDestroy
SysAllocStringLen
VariantChangeType
OleCreateFontIndirect
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantCopy
VariantClear
SysFreeString
SysAllocString

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

Exports

Exports

CleanupToasterManager
CreateToasterWindow
GetToasterManager
InitToasterManager

Sections

.text
Size: 252KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0dd8f4152aa405ada14046092092f8a

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

27:2a:7e:17:81:b1:a0:13:17:59:73:74:e8:64:12:57Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

e0:5a:ab:68:34:d5:46:2e:26:eb:09:26:b5:a2:97:9a:9c:da:65:1aSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

oleacc

Exports

Exports

Sections

.text Size: 252KB - Virtual size: 250KB

.rdata Size: 72KB - Virtual size: 70KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 80KB - Virtual size: 77KB

.reloc Size: 40KB - Virtual size: 39KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

27:2a:7e:17:81:b1:a0:13:17:59:73:74:e8:64:12:57
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

e0:5a:ab:68:34:d5:46:2e:26:eb:09:26:b5:a2:97:9a:9c:da:65:1a
Signer

.text
Size: 252KB - Virtual size: 250KB

.rdata
Size: 72KB - Virtual size: 70KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 80KB - Virtual size: 77KB

.reloc
Size: 40KB - Virtual size: 39KB