c234c5ea8dd599fc614894e4b6e5c21f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c234c5ea8dd599fc614894e4b6e5c21f_JaffaCakes118
Size

536KB
MD5

c234c5ea8dd599fc614894e4b6e5c21f
SHA1

11bdc86668e53deaca8951449854e1145c503744
SHA256

a7dfceec2fa5c9a1d15ae16b779c1f4bc3d7dc95ed3bd585a02839bde4bf4011
SHA512

2aded141807b492865a23d23f45a28804b73c13933eb3531c1927fee34ba45bd1316570c933bf93bbeb4a0b69d1b4a3cb40b4e0535d73e47aff0e9874c182253
SSDEEP

12288:8HIJyiov3zyTwBgeELWqfFyjZMrA4pn9X5E9T8snD/a:8HIJyiouw8WqtyFMrA419X5E9T80DS

Score

1^/10

Malware Config

Signatures

Files

c234c5ea8dd599fc614894e4b6e5c21f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

da3408a3e9ec6b601949bded8fcd8ecc

Code Sign

16:4e:c6:23:3b:6c:10:3d:18:9c:ea:22:1c:18:f5:70
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

20/04/2011, 00:00

Not After

10/05/2013, 23:59

Subject

CN=SuperAdBlocker.com,OU=SECURE APPLICATION DEVELOPMENT,O=SuperAdBlocker.com,L=Eugene,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:60:b9:dc:6f:39:de:b3:25:5a:fd:11:1d:a1:ef:9b:7c:f7:41:5c
Signer

Actual PE Digest

1a:60:b9:dc:6f:39:de:b3:25:5a:fd:11:1d:a1:ef:9b:7c:f7:41:5c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\SUPERAdBlocker Projects\SUPERAdBlocker\SUPER Ad Blocker Update\SuperAntiSpyware_Release\SSUpdate.pdb

Imports

kernel32

WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
CreateFileA
DeviceIoControl
GetLocalTime
lstrcatA
FreeLibrary
GetProcAddress
LoadLibraryA
Sleep
GetTickCount
lstrlenA
CreateFileW
ReadFile
WriteFile
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindClose
GetFileSize
SetFilePointer
DeleteFileA
DeleteFileW
CopyFileA
CopyFileW
CreateDirectoryA
CreateDirectoryW
GetFileAttributesA
GetFileAttributesW
SetFileAttributesA
SetFileAttributesW
MoveFileExA
MoveFileExW
GetFileTime
GetShortPathNameA
GetShortPathNameW
GetOverlappedResult
RemoveDirectoryA
RemoveDirectoryW
BackupRead
BackupSeek
FlushFileBuffers
GetTempFileNameA
GetTempFileNameW
CreateEventA
CreateEventW
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Toolhelp32ReadProcessMemory
ReadProcessMemory
Module32First
Module32FirstW
Module32Next
Module32NextW
Process32First
Process32FirstW
Process32Next
Process32NextW
SetPriorityClass
GetPriorityClass
GetVersionExA
lstrlenW
HeapFree
HeapAlloc
GetProcessHeap
MultiByteToWideChar
LocalFree
SetNamedPipeHandleState
WaitNamedPipeA
SetLastError
lstrcpynA
lstrcpyA
UnmapViewOfFile
MulDiv
lstrcmpiA
SystemTimeToFileTime
GetSystemInfo
GetModuleHandleA
GetTempPathA
GetWindowsDirectoryA
GetCurrentDirectoryA
ResetEvent
CreateThread
GetExitCodeThread
SetEvent
GlobalAddAtomA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
GetStdHandle
ExitProcess
HeapSize
InterlockedDecrement
InterlockedIncrement
GetSystemTime
GetCurrentProcessId
GetCurrentThreadId
TlsGetValue
TlsSetValue
TlsFree
DeleteCriticalSection
CloseHandle
TlsAlloc
WideCharToMultiByte
InitializeCriticalSection
GetModuleHandleW
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetCommandLineA
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
InterlockedExchange
LocalAlloc
GetModuleFileNameA
GetLastError

user32

IsWindow
EndPaint
DrawTextA
GetWindowRect
DrawEdge
BeginPaint
CallWindowProcA
SetCursor
LoadCursorA
GetSystemMetrics
MoveWindow
CreateWindowExA
SendMessageA
ExitWindowsEx
GetClientRect
InflateRect
GetSysColor
FillRect
SetDlgItemTextA
MessageBoxA
GetDlgItem
GetParent
SetForegroundWindow
SetWindowPos
LoadIconA
RegisterClassA
ShowWindow
DispatchMessageA
TranslateMessage
KillTimer
PostQuitMessage
DefWindowProcA
SetTimer
FindWindowA
RegisterWindowMessageA
SystemParametersInfoA
GetDC
ReleaseDC
PostMessageA
EnumChildWindows
GetClassNameA
SetWindowLongA
DestroyWindow
GetWindowLongA
GetWindowTextA
GetMessageA

gdi32

SetBkMode
SelectObject
SetTextColor
DeleteObject
SetGraphicsMode
ModifyWorldTransform
SetViewportOrgEx
SetWindowOrgEx
GetDeviceCaps
CreateFontIndirectA
CreateSolidBrush

shell32

ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteExA

ole32

OleUninitialize
OleInitialize

oleaut32

SysAllocString
VarBstrCat
SysFreeString
SysStringByteLen
SysStringLen
SysAllocStringLen

shlwapi

SHDeleteKeyA
SHDeleteKeyW
SHDeleteValueA
SHDeleteValueW
SHCopyKeyA
SHCopyKeyW
PathAppendA
PathFindFileNameA
StrCpyW
StrStrIA
PathRemoveBackslashA
StrStrA
SHSetValueW
SHSetValueA
SHGetValueW
SHGetValueA
PathRemoveFileSpecA
PathFindNextComponentA
PathFileExistsA
PathAddBackslashA
PathFileExistsW
PathIsDirectoryA
PathIsDirectoryW

comctl32

CreatePropertySheetPageA
InitCommonControlsEx
PropertySheetA

wininet

InternetOpenA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle

version

GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da3408a3e9ec6b601949bded8fcd8ecc

Code Sign

16:4e:c6:23:3b:6c:10:3d:18:9c:ea:22:1c:18:f5:70Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

1a:60:b9:dc:6f:39:de:b3:25:5a:fd:11:1d:a1:ef:9b:7c:f7:41:5cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

shlwapi

comctl32

wininet

version

Sections

.text Size: 176KB - Virtual size: 176KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 6KB - Virtual size: 26KB

.rsrc Size: 160KB - Virtual size: 159KB

16:4e:c6:23:3b:6c:10:3d:18:9c:ea:22:1c:18:f5:70
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

1a:60:b9:dc:6f:39:de:b3:25:5a:fd:11:1d:a1:ef:9b:7c:f7:41:5c
Signer

.text
Size: 176KB - Virtual size: 176KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 6KB - Virtual size: 26KB

.rsrc
Size: 160KB - Virtual size: 159KB