cefb8515f6fdb38ca99a52c17ddd0216_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

cefb8515f6fdb38ca99a52c17ddd0216_JaffaCakes118
Size

904KB
MD5

cefb8515f6fdb38ca99a52c17ddd0216
SHA1

d617c4f6066e72ee557744cebdd58180e0539357
SHA256

37b77f0d125baf85e57f98c74eb21d3a64bc86fbb57fb32127d19c1d99159600
SHA512

293d09ea148e4ca66ee5ad95ccaa61f3c0e04eeba9ae4007730284dca8cc767da4591becf859381f260b6ea1f29563c6551dc1f610f440ab911d3bfed6b9cdd5
SSDEEP

24576:ZktjbXorsQvi6fgZge8AJmJx33Y68GO4gUy16Xut5L3F:Z2b/Qa6fgZge8e4HYLGO4gUy16Xut5LV

Score

1^/10

Malware Config

Signatures

Files

cefb8515f6fdb38ca99a52c17ddd0216_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dbc51c95b21d42cc9c1c5c323a6cd6d4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:18:6e:7b:8c:66:a5:6d:f6:f7:f8:e8:a1:e8:8b:57
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19-11-2010 00:00

Not After

18-11-2012 23:59

Subject

CN=DivX\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=DivX\, LLC,L=Wilmington,ST=Delaware,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e0:7c:ec:1e:f8:7f:25:ca:52:4a:72:d4:3f:f1:41:9e:a3:a0:71:40
Signer

Actual PE Digest

e0:7c:ec:1e:f8:7f:25:ca:52:4a:72:d4:3f:f1:41:9e:a3:a0:71:40

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\ac\divxinstallersrepository\divxinstallersetup-trunk\bin\win32vs05\releasestatic\divxsetup\DivXSetup.pdb

Imports

wininet

InternetOpenW
InternetOpenUrlW
InternetCloseHandle

kernel32

CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
WriteFile
RemoveDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
IsWow64Process
GetModuleFileNameA
GetCurrentProcessId
VirtualQuery
DuplicateHandle
SetUnhandledExceptionFilter
GetACP
InterlockedExchange
GetCommandLineW
GetDiskFreeSpaceExW
CompareStringW
CompareStringA
SetEndOfFile
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetFileType
SetHandleCount
HeapCreate
GetStdHandle
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
LCMapStringW
LCMapStringA
GetVersionExW
GetStringTypeW
GetStringTypeA
MoveFileA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetFileAttributesW
SetFileAttributesW
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetSystemInfo
GetModuleHandleA
VirtualProtect
IsDebuggerPresent
UnhandledExceptionFilter
ExitThread
GetThreadLocale
GetLocaleInfoA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetTempPathW
GetTickCount
CreateThread
PeekNamedPipe
ReadFile
OpenProcess
TerminateProcess
Process32FirstW
GetPriorityClass
Process32NextW
GetModuleHandleW
ReleaseMutex
GetProcAddress
CreateProcessW
VerSetConditionMask
LocalFree
CloseHandle
FormatMessageW
AllocConsole
SetConsoleTitleW
GetLongPathNameW
FreeLibrary
lstrcmpiW
VerifyVersionInfoW
IsValidCodePage
CopyFileW
LoadLibraryExW
LoadLibraryW
OpenMutexW
CreateMutexW
GetCurrentThreadId
LockResource
FlushInstructionCache
Sleep
FreeResource
GetModuleFileNameW
GlobalLock
SizeofResource
lstrlenW
GlobalFree
GlobalUnlock
GlobalAlloc
GetCurrentProcess
SetLastError
InterlockedIncrement
GlobalHandle
MultiByteToWideChar
FindResourceExW
lstrcmpW
InterlockedDecrement
CreatePipe
GetExitCodeProcess
WaitForMultipleObjects
TerminateThread
WideCharToMultiByte
SetFileTime
CreateFileA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileAttributesA
LocalAlloc
lstrcpynW
FindClose
GetTempFileNameW
MulDiv
lstrlenA
GetLastError
RaiseException
LoadResource
FindResourceW
WaitForSingleObject
LeaveCriticalSection
SetThreadLocale
GetUserDefaultLCID
SetThreadUILanguage
CreateEventW
SetEvent
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetEnvironmentVariableA
GetCPInfo
FindNextFileW
FindFirstFileW
ResetEvent

user32

CallWindowProcW
SendMessageW
GetWindowTextW
ClientToScreen
GetDlgItem
SetTimer
KillTimer
RegisterWindowMessageW
InvalidateRect
GetActiveWindow
ReleaseDC
SetCapture
SetFocus
DefWindowProcW
GetDesktopWindow
LoadCursorW
RedrawWindow
GetFocus
DestroyWindow
DestroyAcceleratorTable
SetWindowContextHelpId
MapDialogRect
GetSysColor
wsprintfW
UnregisterClassA
GetClassNameW
CreateAcceleratorTableW
InvalidateRgn
MoveWindow
GetClassInfoExW
SetDlgItemTextW
SendDlgItemMessageW
CreateWindowExW
GetClientRect
GetParent
IsWindow
EndDialog
EndPaint
FillRect
BeginPaint
MapWindowPoints
CreateDialogParamW
SetRect
UpdateWindow
LoadIconW
SetForegroundWindow
EnableMenuItem
GetSystemMenu
IsDlgButtonChecked
CheckDlgButton
SetCursor
ExitWindowsEx
TrackMouseEvent
PostMessageW
MessageBoxW
GetCursorPos
GetKeyState
SetWindowTextW
GetWindowTextLengthW
SystemParametersInfoW
DialogBoxParamW
ReleaseCapture
RegisterClassExW
SetWindowPos
GetWindow
ShowWindow
SetWindowLongW
IsDialogMessageW
GetWindowLongW
ScreenToClient
CharNextW
GetDC
GetWindowRect
IsChild

gdi32

ExtTextOutW
CreateDIBSection
TextOutW
SetDIBColorTable
SetBkMode
GetStockObject
CreateCompatibleDC
GetObjectW
DeleteDC
SetBkColor
DeleteObject
CreateCompatibleBitmap
CreateSolidBrush
SetTextColor
BitBlt
CreateFontIndirectW
SelectObject
GetDeviceCaps
GetTextExtentPoint32W

advapi32

AllocateAndInitializeSid
RegEnumValueW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
FreeSid
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
AdjustTokenPrivileges
CheckTokenMembership
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
LookupPrivilegeValueW
OpenProcessToken

shell32

SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
CommandLineToArgvW
SHCreateDirectoryExW
ShellExecuteW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoUninitialize
CoTaskMemRealloc
StringFromGUID2
OleLockRunning
CLSIDFromString
OleUninitialize
CoGetClassObject
CreateStreamOnHGlobal
OleInitialize
CLSIDFromProgID

oleaut32

VarUI4FromStr
DispCallFunc
VariantClear
VariantInit
SysAllocString
SysStringLen
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
SysStringByteLen
OleCreateFontIndirect
SysFreeString

cabinet

ord23
ord22
ord21
ord20

shlwapi

UrlCreateFromPathW
PathIsUNCW
PathIsFileSpecW
PathBuildRootW
StrFormatByteSizeW
PathRemoveBlanksW
PathStripToRootW
PathRemoveBackslashW
PathAppendW
PathFindFileNameW
UrlGetPartW
PathCombineW
PathGetDriveNumberW
PathIsNetworkPathW
PathIsRootW
PathSkipRootW
SHDeleteKeyW

comctl32

ImageList_Create
ImageList_Add
ImageList_GetImageCount
InitCommonControlsEx
CreatePropertySheetPageW
DestroyPropertySheetPage
PropertySheetW

gdiplus

GdipDeleteGraphics
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCloneImage
GdipGetImageGraphicsContext
GdipFree
GdipAlloc
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdiplusShutdown
GdipDrawImageI
GdipBitmapLockBits
GdipGetImagePixelFormat
GdipGetImageWidth
GdipDisposeImage
GdiplusStartup

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

urlmon

URLDownloadToFileW

crypt32

CryptMsgGetParam
CertFreeCertificateContext
CertFindCertificateInStore
CryptQueryObject
CertCloseStore
CertGetNameStringW
CryptMsgClose

Sections

.text
Size: 656KB - Virtual size: 656KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 24.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbc51c95b21d42cc9c1c5c323a6cd6d4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:18:6e:7b:8c:66:a5:6d:f6:f7:f8:e8:a1:e8:8b:57Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

e0:7c:ec:1e:f8:7f:25:ca:52:4a:72:d4:3f:f1:41:9e:a3:a0:71:40Signer

Headers

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

cabinet

shlwapi

comctl32

gdiplus

version

urlmon

crypt32

Sections

.text Size: 656KB - Virtual size: 656KB

.rdata Size: 137KB - Virtual size: 136KB

.data Size: 22KB - Virtual size: 24.1MB

.rsrc Size: 82KB - Virtual size: 82KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:18:6e:7b:8c:66:a5:6d:f6:f7:f8:e8:a1:e8:8b:57
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

e0:7c:ec:1e:f8:7f:25:ca:52:4a:72:d4:3f:f1:41:9e:a3:a0:71:40
Signer

.text
Size: 656KB - Virtual size: 656KB

.rdata
Size: 137KB - Virtual size: 136KB

.data
Size: 22KB - Virtual size: 24.1MB

.rsrc
Size: 82KB - Virtual size: 82KB