cf2a8730a5b8b1eb000f52fb022e8df7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cf2a8730a5b8b1eb000f52fb022e8df7_JaffaCakes118
Size

18.0MB
MD5

cf2a8730a5b8b1eb000f52fb022e8df7
SHA1

297f8800d288c115e7f51c607774bf457b343196
SHA256

05aaecae8dde63399e35c96dca9cb8b210a974090c5eecfecad896578032eb79
SHA512

c847c143322eb5314f01ef335a23347b8fc80eab6ffeff7417c0a96774d20856ec89683c0e8c9eb702a72548cd70539ee154d57eca85db2a65c942f2b79e1afd
SSDEEP

393216:HAwapLEBJDiO0Hx4+8rgHAqdWBDBc0XI/rBEMm4fIAWTJRt9YE0:gwMCAO0m+8rOrWXTI/N/TmTTs/

Score

1^/10

Malware Config

Signatures

Files

cf2a8730a5b8b1eb000f52fb022e8df7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

13928567fcbc79b6024eb6cd5922368c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

06/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/12/2015, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:d8:b4:28:61:cd:63:87:11:80:a8:ec:d6:35:69:a8:96:9c:b6:ef:8a:b3:e8:1a:bf:b1:4a:03:43:03:f8:51
Signer

Actual PE Digest

3f:d8:b4:28:61:cd:63:87:11:80:a8:ec:d6:35:69:a8:96:9c:b6:ef:8a:b3:e8:1a:bf:b1:4a:03:43:03:f8:51

Digest Algorithm

sha256

PE Digest Matches

true

85:b2:ce:13:3c:46:8b:0c:2c:1d:45:a6:7f:f3:b4:9f:7d:c5:2e:5d
Signer

Actual PE Digest

85:b2:ce:13:3c:46:8b:0c:2c:1d:45:a6:7f:f3:b4:9f:7d:c5:2e:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\workspace\pc\trunk_Setup\Build\x86\Setup.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

LoadLibraryW
DeviceIoControl
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrcatW
InitializeCriticalSection
FreeLibrary
DeleteCriticalSection
WritePrivateProfileStringW
DeleteFileA
DeleteFileW
MoveFileExW
MoveFileW
GetPrivateProfileStringW
CreateThread
InterlockedIncrement
InterlockedDecrement
SetLastError
LoadLibraryExW
TerminateThread
ReadFile
GetStdHandle
SetFileTime
SetFileAttributesW
RemoveDirectoryW
GetWindowsDirectoryW
GetSystemDirectoryW
GetShortPathNameW
GetFullPathNameW
GetCurrentDirectoryW
SearchPathW
GetTempFileNameW
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileW
FindNextFileW
GetLogicalDriveStringsW
GetFileInformationByHandle
SetEndOfFile
CompareFileTime
FileTimeToSystemTime
CreateMutexA
ReleaseMutex
GetTempPathW
CreateProcessW
DeleteAtom
FindAtomW
AddAtomW
OpenThread
GetAtomNameW
CreateMutexW
GetSystemTime
LocalFree
FormatMessageW
OutputDebugStringW
GetFileSizeEx
GetExitCodeProcess
LocalFileTimeToFileTime
SystemTimeToFileTime
lstrcmpiA
lstrcmpA
FreeResource
SetEnvironmentVariableA
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateFileA
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
InterlockedExchange
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringA
GetStartupInfoA
GetFileType
SetHandleCount
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
LCMapStringW
GetModuleFileNameA
ExitProcess
FatalAppExitA
HeapCreate
GetCurrentThread
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoW
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetFileAttributesW
ExpandEnvironmentStringsW
CreateDirectoryW
OpenProcess
GetLastError
TerminateProcess
WaitForSingleObject
lstrcmpiW
GetLocalTime
GetModuleFileNameW
CreateFileW
GetFileSize
SetFilePointer
GetCurrentThreadId
GetCurrentProcessId
WriteFile
FlushFileBuffers
GetDiskFreeSpaceExW
CompareStringW
lstrlenW
lstrcpyW
CloseHandle
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetModuleHandleW
FlushInstructionCache
VirtualAlloc
VirtualFree
lstrlenA
GetTickCount
Sleep
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleA
GetProcAddress
GetCurrentProcess
GetVersionExW
FindResourceExW
HeapDestroy
FindResourceW
LoadResource
LockResource
SizeofResource
SetFilePointerEx

user32

CreateWindowExW
GetClientRect
SetWindowLongW
GetWindowLongW
SetWindowTextW
GetMenu
SetWindowPos
ShowWindow
GetDlgItem
EndDialog
SendMessageW
UnregisterClassA
CharToOemW
CharUpperW
GetActiveWindow
GetSysColor
GetFocus
SetCursor
FillRect
DrawFocusRect
SetFocus
EndPaint
BeginPaint
PtInRect
ReleaseCapture
GetCapture
GetDlgCtrlID
SetCapture
IsWindowEnabled
UpdateWindow
ClientToScreen
CallWindowProcW
DialogBoxParamW
CreateDialogParamW
SetRectEmpty
DestroyCursor
DefWindowProcW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
wsprintfW
FindWindowW
GetWindowThreadProcessId
LoadImageW
CreateCursor
OffsetRect
CharNextW
GetCursorPos
ExitWindowsEx
LoadStringW
GetClassNameW
PostQuitMessage
DrawTextW
SetWindowRgn
MessageBoxW
ChildWindowFromPoint
SetDlgItemTextW
GetDlgItemTextW
EnableWindow
KillTimer
SetTimer
InvalidateRect
ReleaseDC
GetWindowDC
GetDC
ScreenToClient
GetWindowTextLengthW
GetWindowTextW
PostMessageW
DestroyWindow
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
MapWindowPoints
IsWindow
AdjustWindowRectEx
IsDialogMessageW

gdi32

CreateRoundRectRgn
CreateFontIndirectW
SetTextColor
DeleteDC
DeleteObject
GetObjectW
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetBkMode
StretchBlt
SetStretchBltMode
CreateDIBSection
BitBlt

advapi32

RegOpenKeyExW
ChangeServiceConfigW
RegOpenKeyExA
RegEnumKeyExA
QueryServiceConfigW
StartServiceW
QueryServiceStatusEx
CloseServiceHandle
OpenServiceW
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
GetTokenInformation
AllocateAndInitializeSid
FreeSid
IsValidSid
EqualSid
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegQueryValueExA
RegCloseKey
OpenSCManagerW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHFileOperationW
SHCreateDirectoryExW
SHChangeNotify
ShellExecuteW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoTaskMemRealloc

oleaut32

SysAllocStringByteLen
VariantInit
SysAllocString
VariantCopy
VariantClear
SysFreeString
VarUI4FromStr

shlwapi

PathFileExistsA
PathIsDirectoryW
PathCombineW
StrStrIW
PathRemoveBackslashW
PathRemoveFileSpecW
PathFileExistsW
StrCmpIW
SHSetValueA
SHGetValueA
StrToIntExW
PathFindFileNameW

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_Destroy
ImageList_GetIconSize

setupapi

SetupIterateCabinetW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

wininet

InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle
HttpQueryInfoW

netapi32

Netbios

msimg32

AlphaBlend

Sections

.text
Size: 565KB - Virtual size: 565KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17.3MB - Virtual size: 17.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13928567fcbc79b6024eb6cd5922368c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9eCertificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

3f:d8:b4:28:61:cd:63:87:11:80:a8:ec:d6:35:69:a8:96:9c:b6:ef:8a:b3:e8:1a:bf:b1:4a:03:43:03:f8:51Signer

85:b2:ce:13:3c:46:8b:0c:2c:1d:45:a6:7f:f3:b4:9f:7d:c5:2e:5dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

setupapi

wintrust

crypt32

wininet

netapi32

msimg32

Sections

.text Size: 565KB - Virtual size: 565KB

.rdata Size: 109KB - Virtual size: 108KB

.data Size: 15KB - Virtual size: 28KB

.rsrc Size: 17.3MB - Virtual size: 17.3MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

26:27:9f:0f:2f:11:97:0d:cc:f6:3e:ba:88:f2:d4:c4
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

23:38:91:61:e4:5a:21:8b:d2:4e:6e:85:9a:e1:11:53
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

3f:d8:b4:28:61:cd:63:87:11:80:a8:ec:d6:35:69:a8:96:9c:b6:ef:8a:b3:e8:1a:bf:b1:4a:03:43:03:f8:51
Signer

85:b2:ce:13:3c:46:8b:0c:2c:1d:45:a6:7f:f3:b4:9f:7d:c5:2e:5d
Signer

.text
Size: 565KB - Virtual size: 565KB

.rdata
Size: 109KB - Virtual size: 108KB

.data
Size: 15KB - Virtual size: 28KB

.rsrc
Size: 17.3MB - Virtual size: 17.3MB