cf323b787ef5e547e9e1add62854fb5d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cf323b787ef5e547e9e1add62854fb5d_JaffaCakes118
Size

648KB
MD5

cf323b787ef5e547e9e1add62854fb5d
SHA1

392a2b75a6c2afcb0f3e0ada73b69d2be706e653
SHA256

4069657a53af5b4a248c226c0955e59e495cbdc3cadc899c2e58eeeaa67a9aaf
SHA512

c070a1a42c0c3769d797467f18ac5d060ca83739d9ca9cec2545041207d2069f6453ccbfaba6e985b91441bbc850ff568c32b31258a1bf7e3b3310dbe365c25d
SSDEEP

12288:2R9fUUnA/1+W0Un4CzCnZw+2ZhBW3I4nCis3ic1sJd50CPDQ1Ty:S8U47r4+CZwlBl4n43ic6Jd508Di+

Score

1^/10

Malware Config

Signatures

Files

cf323b787ef5e547e9e1add62854fb5d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a39538d93834b8223c080afae2e71c70

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5f:ef:73:6a:62:71:21:bd:63:eb:e8:ea:f8:f9:df:db
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/02/2007, 00:00

Not After

07/02/2008, 23:59

Subject

CN=Beijing Rising Science and Technology Corporation Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Networking Department,O=Beijing Rising Science and Technology Corporation Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

27:60:ec:86:93:36:e5:f4:2c:ce:56:5b:29:55:e0:70:42:47:d7:62
Signer

Actual PE Digest

27:60:ec:86:93:36:e5:f4:2c:ce:56:5b:29:55:e0:70:42:47:d7:62

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\DistributedAutoLink\Temp\Setup.exe_N12203Release\setup\setupexe\CompileOutputDir\Setup.pdb

Imports

kernel32

GetCurrentProcess
GetVersionExA
SetCurrentDirectoryA
InterlockedIncrement
lstrcatA
lstrcpyA
WinExec
CreateProcessA
GetExitCodeProcess
WaitForSingleObject
GetShortPathNameA
GetDriveTypeA
GetLogicalDriveStringsA
GetSystemDirectoryA
LocalFree
LocalAlloc
CreateThread
EnterCriticalSection
LeaveCriticalSection
FlushInstructionCache
ResumeThread
SetThreadPriority
SuspendThread
GetDiskFreeSpaceA
MultiByteToWideChar
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
ReleaseMutex
CreateMutexA
GetCommandLineA
TerminateProcess
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
IsDBCSLeadByte
OpenMutexA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
CreateDirectoryA
SetStdHandle
FlushFileBuffers
IsValidCodePage
IsValidLocale
lstrcmpA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
IsBadCodePtr
IsBadReadPtr
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
LCMapStringW
LCMapStringA
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThread
TlsAlloc
HeapSize
IsBadWritePtr
FatalAppExitA
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapReAlloc
ExitProcess
GetSystemTimeAsFileTime
RtlUnwind
QueryPerformanceCounter
QueryPerformanceFrequency
GetTempPathA
SetEndOfFile
GetFileAttributesA
FindClose
GetTickCount
OutputDebugStringA
GetCurrentProcessId
GetFileSize
lstrcpynA
SetFileAttributesA
DeleteFileA
MoveFileA
SetFilePointer
GetVersion
MoveFileExA
CopyFileA
Sleep
WideCharToMultiByte
lstrcmpiA
SetLastError
FindNextFileA
RemoveDirectoryA
EnumSystemLocalesA
FindFirstFileA
lstrlenW
GetLocalTime
GetCurrentThreadId
LoadLibraryA
GetModuleFileNameA
FreeLibrary
InterlockedDecrement
WritePrivateProfileStringA
GetPrivateProfileIntA
GetWindowsDirectoryA
WritePrivateProfileSectionA
GetPrivateProfileStringA
WriteFile
ReadFile
CreateFileA
CloseHandle
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetLastError
GetProcessHeap
HeapAlloc
GetModuleHandleA
GetProcAddress
SetConsoleCtrlHandler
HeapFree

user32

DefWindowProcA
DialogBoxParamA
UnregisterClassA
CharNextA
CharUpperA
CallNextHookEx
IsDialogMessageA
wsprintfW
IsWindowEnabled
RedrawWindow
ExitWindowsEx
EnableMenuItem
GetSystemMenu
GetSystemMetrics
GetCursorPos
PeekMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
InvalidateRect
GetFocus
EndDialog
GetWindowTextA
DestroyWindow
PostQuitMessage
IsDlgButtonChecked
CheckDlgButton
GetMessageA
ReleaseDC
GetDC
ScreenToClient
LoadBitmapA
SetFocus
SetForegroundWindow
EnableWindow
KillTimer
SetTimer
IsWindowVisible
SetWindowTextA
DestroyIcon
CreateDialogParamA
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetDlgItem
GetParent
SetDlgItemTextA
ShowWindow
GetWindowLongA
SetWindowLongA
wvsprintfA
LoadImageA
PostMessageA
CharLowerA
LoadStringA
FindWindowA
SendMessageA
wsprintfA
UnhookWindowsHookEx
SetWindowsHookExA
GetActiveWindow
IsWindow

gdi32

CreateCompatibleBitmap
BitBlt
DeleteDC
CreateCompatibleDC
GetObjectA
DeleteObject
GetTextExtentPoint32A
CreateFontIndirectA
SelectObject
CreateSolidBrush

comdlg32

GetSaveFileNameA

advapi32

RegDeleteKeyA
RegSetValueExA
RegCreateKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetFileSecurityA
SetFileSecurityA
RegOpenKeyA
LookupAccountNameA
RegQueryInfoKeyA
RegGetKeySecurity
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAce
AddAccessAllowedAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
RegSetKeySecurity
RegQueryValueA
RegCreateKeyExA
RegEnumKeyExA
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueA

shell32

SHBrowseForFolderA
ShellExecuteExA
ShellExecuteA
Shell_NotifyIconA
SHGetPathFromIDListA
SHGetMalloc

ole32

CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc

oleaut32

GetErrorInfo
CreateErrorInfo
VariantChangeType
SetErrorInfo
VariantClear
VariantInit
SysAllocString
SysFreeString
VarUI4FromStr

shlwapi

PathSkipRootA
PathFileExistsA

comctl32

ImageList_AddMasked
ImageList_Create
InitCommonControlsEx

Sections

.text
Size: 352KB - Virtual size: 351KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a39538d93834b8223c080afae2e71c70

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

5f:ef:73:6a:62:71:21:bd:63:eb:e8:ea:f8:f9:df:dbCertificate

Extended Key Usages

Key Usages

27:60:ec:86:93:36:e5:f4:2c:ce:56:5b:29:55:e0:70:42:47:d7:62Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Sections

.text Size: 352KB - Virtual size: 351KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 8KB - Virtual size: 25KB

.rsrc Size: 228KB - Virtual size: 227KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

5f:ef:73:6a:62:71:21:bd:63:eb:e8:ea:f8:f9:df:db
Certificate

27:60:ec:86:93:36:e5:f4:2c:ce:56:5b:29:55:e0:70:42:47:d7:62
Signer

.text
Size: 352KB - Virtual size: 351KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 8KB - Virtual size: 25KB

.rsrc
Size: 228KB - Virtual size: 227KB