d1a3008405421c1b40d78fd5d69aabad_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d1a3008405421c1b40d78fd5d69aabad_JaffaCakes118
Size

21.4MB
MD5

d1a3008405421c1b40d78fd5d69aabad
SHA1

a66c3c62ed2ca2020aea258ccbdc09d168d18872
SHA256

1702f35ef9c6a02439efd7bcebc71ff67ae3cc740f00a55435e5fe1d5273723d
SHA512

168a524dd7bee91c9369806242164a81a289a8377c7090fb82c37440c41c0a8f05cb05445e74e4a73f707a135d2280324ba262b1a7672ebf16c788ea09579828
SSDEEP

393216:iVgnmjocx90NaWA71jV3o8DZAe78HgnwlRSZj2b6PzyMs7P1lBvcaMYz5G:BnMx9SaWA7Do4F8HgwlMvPBs7PxvL5G

Score

1^/10

Malware Config

Signatures

Files

d1a3008405421c1b40d78fd5d69aabad_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0b31255351b68654fe25bbe1b368a0e1

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:76:08:fc:40:f3:f9:2d:aa:a2:f6:27:23:44:44:41
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14/07/2006, 00:00

Not After

03/08/2007, 23:59

Subject

CN=WinSoftware Corporation\, Inc.,OU=ADMINISTRATIVE DEPARTMENT,O=WinSoftware Corporation\, Inc.,L=Roseau,ST=Roseau,C=DM

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetConnectA
HttpQueryInfoA
HttpSendRequestA
InternetOpenA
InternetCrackUrlA
InternetGetCookieA
HttpOpenRequestA
InternetCloseHandle

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shfolder

SHGetFolderPathW
SHGetFolderPathA

kernel32

SetEvent
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
CreateEventA
GlobalFree
GetCurrentThread
GetVersion
CompareStringA
CompareStringW
GetEnvironmentVariableA
WriteFile
GlobalHandle
lstrcatA
Sleep
GetExitCodeProcess
CreateProcessA
LocalFree
LocalUnlock
GetVolumeInformationA
GetWindowsDirectoryA
GetSystemDirectoryA
SetCurrentDirectoryA
ReleaseMutex
GetDriveTypeA
GetLogicalDriveStringsA
GetPrivateProfileStringA
GetLongPathNameA
FindNextFileA
FindClose
FindFirstFileA
MapViewOfFileEx
CreateFileMappingA
UnmapViewOfFile
GetFileAttributesExA
WritePrivateProfileSectionA
GetPrivateProfileSectionA
GetShortPathNameA
MoveFileExA
SetFileAttributesA
GetFileAttributesA
Module32Next
ResumeThread
Process32Next
Process32First
CreateToolhelp32Snapshot
GetTempFileNameA
ExpandEnvironmentStringsA
CreateDirectoryA
lstrcatW
lstrcpyW
lstrcmpW
CreateFileW
GetFileAttributesW
DeviceIoControl
LCMapStringA
ExitThread
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
ExitProcess
HeapSize
HeapReAlloc
HeapDestroy
lstrcpyA
GetLocalTime
FlushFileBuffers
WaitForSingleObject
ResetEvent
GetProcAddress
OpenProcess
TerminateProcess
GetTempPathA
DeleteFileA
TerminateThread
CreateThread
TlsSetValue
TlsGetValue
SetUnhandledExceptionFilter
GetOEMCP
GetStringTypeA
GetStringTypeW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetTickCount
OutputDebugStringA
FreeResource
LoadLibraryA
lstrcmpA
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
SetLastError
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
CreateMutexA
CreateFileA
GetFileSize
SetFilePointer
TlsFree
ReadFile
CloseHandle
IsDBCSLeadByte
lstrcpynA
lstrcmpiA
LoadLibraryExA
FreeLibrary
GetLastError
GetModuleFileNameA
MultiByteToWideChar
lstrlenW
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
WideCharToMultiByte
lstrlenA
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetModuleHandleA
LCMapStringW
GetCPInfo
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetLocaleInfoW
SetEndOfFile
QueryPerformanceCounter
GetCurrentProcessId
HeapCreate
VirtualFree
IsBadWritePtr
TlsAlloc
Module32First
LocalAlloc

user32

GetClassInfoExA
MapDialogRect
SetWindowContextHelpId
GetDlgItem
CopyRect
SendMessageA
FillRect
ClientToScreen
IsWindowEnabled
OffsetRect
DrawFocusRect
SetCursor
InvalidateRect
GetSysColor
CallWindowProcA
GetParent
GetWindow
LoadMenuA
TrackPopupMenu
IsMenu
GetSubMenu
SystemParametersInfoA
GetClientRect
MapWindowPoints
SendDlgItemMessageA
ScreenToClient
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
EndDialog
FindWindowA
MsgWaitForMultipleObjects
SetForegroundWindow
CharNextA
SetWindowTextA
LoadIconA
LoadCursorA
RegisterClassExA
IsRectEmpty
GetMessageA
PeekMessageA
LoadImageA
GetCursor
GetWindowThreadProcessId
EnumWindows
DialogBoxIndirectParamA
GetActiveWindow
PostThreadMessageA
ReleaseCapture
GetDesktopWindow
SetFocus
IsChild
GetFocus
IsWindow
GetClassNameA
CreateAcceleratorTableA
wsprintfA
DestroyMenu
IsWindowVisible
SetTimer
KillTimer
EnableWindow
SetRect
PtInRect
PostMessageA
GetCapture
MoveWindow
IntersectRect
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
GetWindowLongA
DefWindowProcA
BeginPaint
EndPaint
RedrawWindow
SetWindowLongA
GetKeyState
UnregisterClassA
GetWindowDC
GetCursorPos
SetCapture
GetDC
ReleaseDC
GetWindowRect
DrawTextA
LoadStringA
DestroyWindow
DestroyAcceleratorTable
PostQuitMessage
LoadBitmapA
GetSystemMetrics
SetWindowPos
SetWindowRgn
GetScrollInfo
CreateWindowExA
ValidateRect
wvsprintfA
DispatchMessageW
GetMessageW
IsWindowUnicode
ShowWindow
InvalidateRgn

gdi32

CreateEllipticRgn
CombineRgn
CreateRectRgn
GetClipRgn
SelectClipRgn
CreateFontA
GetPixel
SetPixel
SetStretchBltMode
StretchBlt
CreateSolidBrush
CreateCompatibleBitmap
GetDIBits
SaveDC
SetBkColor
ExtTextOutA
RestoreDC
GetDeviceCaps
GetStockObject
SetBkMode
SetTextColor
CreateFontIndirectA
DeleteObject
CreatePolygonRgn
GetObjectA
DeleteDC
BitBlt
CreateCompatibleDC
SelectObject

advapi32

RegCloseKey
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegGetKeySecurity
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
StartServiceA
DeleteService
CreateServiceA
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
CryptCreateHash
CryptGetHashParam
CryptHashData
CryptAcquireContextA
CryptReleaseContext
RegSaveKeyA
RegEnumValueA
RegEnumKeyA
GetUserNameA
RegQueryValueExA
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CryptDestroyHash
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
CloseServiceHandle

shell32

SHGetSpecialFolderPathA
SHFileOperationA
ShellExecuteA

ole32

CoTaskMemRealloc
CoTaskMemFree
OleInitialize
OleUninitialize
StringFromGUID2
CreateStreamOnHGlobal
CoTaskMemAlloc
CoCreateInstance
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
StgCreateDocfileOnILockBytes
OleRun
CreateILockBytesOnHGlobal
StringFromCLSID
CoUninitialize
CoInitialize
CoCreateGuid

oleaut32

SysAllocStringByteLen
GetErrorInfo
OleLoadPicture
LoadTypeLi
LoadRegTypeLi
VariantInit
VariantClear
OleCreateFontIndirect
SysStringByteLen
SysAllocString
SysStringLen
SysAllocStringLen
VarUI4FromStr
SysFreeString

shlwapi

StrStrIA
StrRChrA
SHCreateStreamOnFileA
PathIsDirectoryA
PathUnquoteSpacesA
SHDeleteValueA
PathRemoveFileSpecA
PathCanonicalizeA
PathMatchSpecA
PathAppendA
PathAddBackslashA
PathStripPathA
SHDeleteKeyA
PathCombineA
StrChrA
StrToIntA
PathFileExistsA
StrStrA
PathFindExtensionA

comctl32

_TrackMouseEvent
ImageList_DrawEx
ImageList_Add
ImageList_Create
ImageList_AddMasked
ImageList_Draw
ImageList_GetIconSize
ImageList_Destroy

msimg32

TransparentBlt

Sections

.text
Size: 436KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20.8MB - Virtual size: 20.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b31255351b68654fe25bbe1b368a0e1

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

54:76:08:fc:40:f3:f9:2d:aa:a2:f6:27:23:44:44:41Certificate

Extended Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

wininet

iphlpapi

version

shfolder

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

Sections

.text Size: 436KB - Virtual size: 432KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 40KB - Virtual size: 59KB

.rsrc Size: 20.8MB - Virtual size: 20.8MB

01
Certificate

0a
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

54:76:08:fc:40:f3:f9:2d:aa:a2:f6:27:23:44:44:41
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

.text
Size: 436KB - Virtual size: 432KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 40KB - Virtual size: 59KB

.rsrc
Size: 20.8MB - Virtual size: 20.8MB