d5727cedbee8c9b6828ce32a7b098771_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d5727cedbee8c9b6828ce32a7b098771_JaffaCakes118
Size

164KB
MD5

d5727cedbee8c9b6828ce32a7b098771
SHA1

115e7c8b382742061ba6e5e9d759db21e66faca7
SHA256

87699a6b076fc850df50fb72263c92fe68bbe25cc2fc1d2db53fdf1b61f201d1
SHA512

56ff92da85921d383ff0f71e12efad6e5c36d40367f776c0917702ef7805eee8a7090193c55dbf184d08f7c01746c8f27dd94010a742434a34b1967cf7273042
SSDEEP

3072:OWO7tAt4roccPllkhV9nMJm6JmLfYsUcx7grY9J3+:OWOJ8nPjkhXQyfYZclgrYL+

Score

1^/10

Malware Config

Signatures

Files

d5727cedbee8c9b6828ce32a7b098771_JaffaCakes118
.exe windows:2 windows x86 arch:x86

9a914583b49b7aa30985ec48261a1d44

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/09/2009, 00:00

Not After

01/10/2012, 23:59

Subject

CN=ArcaBit Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=ArcaBit,O=ArcaBit Ltd.,L=Warsaw,ST=Warsaw,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a8:fc:2c:51:4b:8e:1f:2d:32:4b:50:35:10:cf:e5:6e:56:87:c6:aa
Signer

Actual PE Digest

a8:fc:2c:51:4b:8e:1f:2d:32:4b:50:35:10:cf:e5:6e:56:87:c6:aa

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2help

WahCloseHandleHelper
WahOpenNotificationHandleHelper
WahEnumerateHandleContexts

oleaut32

VarI2FromCy
VarI2FromI4
OleLoadPicturePath
VarR4FromUI4
CreateTypeLib
VarUI4FromCy
VariantClear
LPSAFEARRAY_UserMarshal
VarUI2FromDate
VarEqv
VarPow
VarI1FromUI2
SetErrorInfo
VarR8FromUI8
VarUI2FromI4
VarUI1FromCy
VarI4FromR4
VarR4FromBool
VarI8FromR4
BSTR_UserFree
VarI1FromUI4
VarI2FromUI8
VarI4FromI1
VarInt
VarDateFromCy
GetRecordInfoFromTypeInfo
LPSAFEARRAY_UserSize
VarDecAbs
VarI4FromUI2
VarFormat
VarUI1FromDisp
VarI1FromI8
VarBstrFromBool
VarR8FromUI4
UnRegisterTypeLib
VarUI8FromDisp
VarUI4FromR4
VarCyNeg
VarBstrFromUI4
VarFormatDateTime
VarI8FromI2
VarDecFromR8
VarI4FromI2
VarCmp

cmpbk32

PhoneBookEnumCountries
PhoneBookGetPhoneCanonicalA
PhoneBookMatchFilter
PhoneBookGetPhoneDescA
PhoneBookGetPhoneDispA

dxtrans

DllRegisterServer

mciwave

DriverProc

dfsshlex

DllRegisterServer
DllCanUnloadNow
DllGetClassObject
DllUnregisterServer

samlib

SamRidToSid
SamGetDisplayEnumerationIndex
SamEnumerateUsersInDomain
SamEnumerateGroupsInDomain
SamTestPrivateFunctionsUser
SamGetGroupsForUser
SamCreateGroupInDomain
SamCreateAliasInDomain
SamQueryDisplayInformation
SamQueryInformationGroup

mmcbase

?s_dwMainThreadID@SC@mmcerror@@0KA

t2embed

TTEmbedFontEx
TTIsEmbeddingEnabledForFacename
TTDeleteEmbeddedFont

mstask

SetNetScheduleAccountInformation
ConvertAtJobsToTasks
DllGetClassObject
GetNetScheduleAccountInformation

shlwapi

PathFindExtensionW
PathIsURLW
SHCreateStreamOnFileEx
PathAddBackslashA
PathMatchSpecW
SHIsLowMemoryMachine
UrlUnescapeW
UrlCreateFromPathA
PathIsFileSpecA
PathQuoteSpacesW
PathFindOnPathW
SHRegDeleteUSValueW
SHRegCloseUSKey
StrCSpnIW
StrFormatByteSizeW
StrRetToBufA
StrFormatKBSizeW
SHDeleteOrphanKeyA
PathAppendW
SHRegWriteUSValueA
StrDupW
SHRegSetUSValueW
StrSpnA
SHSetValueA
PathIsURLA
SHRegQueryUSValueA
StrToIntExW
PathQuoteSpacesA
SHRegCreateUSKeyW
AssocQueryStringByKeyW
StrCmpNA
PathCanonicalizeW
SHRegGetBoolUSValueA
StrChrNW
StrPBrkW
SHRegEnumUSValueW
AssocQueryKeyA
PathRemoveArgsW
UrlIsOpaqueA
SHEnumKeyExA
StrCpyNW
PathRemoveExtensionA

serwvdrv

DriverProc

imgutil

DllCanUnloadNow
DecodeImage

pngfilt

DllCanUnloadNow
DllGetClassObject

ddrawex

DllCanUnloadNow

kbdcz

KbdLayerDescriptor

kernel32

InterlockedPushEntrySList
FindActCtxSectionStringA
GlobalFindAtomW
WritePrivateProfileStringW
OutputDebugStringA
CreateTimerQueueTimer
DisableThreadLibraryCalls
FindFirstVolumeMountPointA
CreateMailslotW
GetProcessShutdownParameters
lstrcmp
SetConsoleMode
GetCurrencyFormatW
GetNumberOfConsoleInputEvents
GlobalDeleteAtom
OpenConsoleW
InterlockedCompareExchange
FindFirstChangeNotificationA
lstrcpynA
PrivCopyFileExW
DelayLoadFailureHook
ReadConsoleOutputA
GetProcAddress
LZDone
GlobalCompact
TlsFree
GetModuleHandleExW
LoadResource
DeleteVolumeMountPointA
IsDBCSLeadByte
GetSystemWindowsDirectoryW
GetNamedPipeInfo
GetConsoleCursorMode
GetTimeZoneInformation
GetConsoleInputExeNameA
FreeLibrary
IsValidCodePage
GetSystemWow64DirectoryW
LocalAlloc
SetCalendarInfoW
WaitForSingleObject
SetProcessWorkingSetSize
lstrlenW
SetHandleInformation
SetProcessPriorityBoost
FindFirstFileExA
FlushConsoleInputBuffer
ReplaceFileA
SetConsoleInputExeNameA
GetCurrentThreadId
SetCommTimeouts
GetCurrencyFormatA
CreateJobSet
GetConsoleCommandHistoryA
IsWow64Process
GetNextVDMCommand
GetConsoleAliasExesLengthW
SetFileValidData
GetProfileSectionA
WritePrivateProfileSectionA
GetTempFileNameA
ContinueDebugEvent
GetConsoleFontInfo
AllocateUserPhysicalPages
GetProfileIntW
VerifyConsoleIoHandle
SetCriticalSectionSpinCount
Thread32Next
WriteConsoleInputW
SetCommBreak
GetCurrentConsoleFont
Heap32Next
CreateJobObjectA
EnumDateFormatsA
TryEnterCriticalSection
WriteConsoleInputA
ReadConsoleInputExA
VirtualQuery
GetWindowsDirectoryW
GlobalGetAtomNameW
GetCPInfoExW
CreateMutexW
FreeEnvironmentStringsA
EnumDateFormatsExA
CreateThread
CreateEventA
EnumerateLocalComputerNamesW
SetTapeParameters
SetEnvironmentVariableW
ClearCommBreak
FreeLibraryAndExitThread
lstrcpyW
FlushFileBuffers
GetVolumePathNameA
HeapSetInformation
SetFilePointer
VDMConsoleOperation
VirtualUnlock
QueryDosDeviceA
BaseDumpAppcompatCache
InterlockedExchangeAdd
FindNextFileW
MapUserPhysicalPagesScatter
FillConsoleOutputAttribute
FindFirstVolumeW
GetFileSize
IsProcessInJob
GetLogicalDriveStringsW
SetInformationJobObject
SystemTimeToFileTime
FileTimeToLocalFileTime
GetTapeParameters
GetDateFormatA
GetProcessAffinityMask
BackupWrite
GetShortPathNameA
GetLocaleInfoA

shdocvw

DoPrivacyDlg
DllCanUnloadNow
DoAddToFavDlg

Sections

.edata
Size: 1024B - Virtual size: 995B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 161KB

IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a914583b49b7aa30985ec48261a1d44

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3dCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

a8:fc:2c:51:4b:8e:1f:2d:32:4b:50:35:10:cf:e5:6e:56:87:c6:aaSigner

Headers

DLL Characteristics

File Characteristics

Imports

ws2help

oleaut32

cmpbk32

dxtrans

mciwave

dfsshlex

samlib

mmcbase

t2embed

mstask

shlwapi

serwvdrv

imgutil

pngfilt

ddrawex

kbdcz

kernel32

shdocvw

Sections

.edata Size: 1024B - Virtual size: 995B

.rdata Size: 2KB - Virtual size: 1KB

.rdata Size: 2KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.edata Size: 21KB - Virtual size: 21KB

.rdata Size: 8KB - Virtual size: 7KB

.rdata Size: 3KB - Virtual size: 15KB

.data Size: 88KB - Virtual size: 161KB

.data Size: 10KB - Virtual size: 12KB

.data Size: 3KB - Virtual size: 30KB

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 3KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

11:b4:d9:2c:db:bc:4d:35:f7:96:eb:93:94:cb:f8:3d
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

a8:fc:2c:51:4b:8e:1f:2d:32:4b:50:35:10:cf:e5:6e:56:87:c6:aa
Signer

.edata
Size: 1024B - Virtual size: 995B

.rdata
Size: 2KB - Virtual size: 1KB

.rdata
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.edata
Size: 21KB - Virtual size: 21KB

.rdata
Size: 8KB - Virtual size: 7KB

.rdata
Size: 3KB - Virtual size: 15KB

.data
Size: 88KB - Virtual size: 161KB

.data
Size: 10KB - Virtual size: 12KB

.data
Size: 3KB - Virtual size: 30KB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 3KB - Virtual size: 4KB