d57e4f90f5342581529497bdc67d3f1a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d57e4f90f5342581529497bdc67d3f1a_JaffaCakes118
Size

128KB
MD5

d57e4f90f5342581529497bdc67d3f1a
SHA1

46ea785eb84073079a498f2789b1c73fe8d5d890
SHA256

a56df055188fc7fb58995da8eb4194f3804cf2a1d9fa9e2a8d589d711d8747e0
SHA512

2ab4beda163320b6a4d4873fae6629c1dbdecfb29ec2fd02c1a75e24db7ce73887b7df41c56adb4ed700bd96b01e6ab850e953119bd11a87813c60c88c3a7cdd
SSDEEP

3072:QJSo/9O6NITW+6N5Xt3NxQ23jM4Pi9CT+6kO:Q4ollNBfNe49+9O

Score

1^/10

Malware Config

Signatures

Files

d57e4f90f5342581529497bdc67d3f1a_JaffaCakes118
.exe windows:0 windows x86 arch:x86

254341286e93d5c80f0c4278477e6010

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:01:58:55:22:e8:fa:61:13:8a:ef:a4:f6:27:ee:a8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-03-2010 00:00

Not After

02-03-2011 23:59

Subject

CN=Comodo Security Solutions\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Comodo Security Solutions\, Inc.,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

42:03:0f:36:14:c3:9d:72:60:5f:ff:89:70:d5:85:6c:c2:30:79:00
Signer

Actual PE Digest

42:03:0f:36:14:c3:9d:72:60:5f:ff:89:70:d5:85:6c:c2:30:79:00

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleScreenBufferInfo
GetDiskFreeSpaceExW
WriteProfileSectionA
GetConsoleDisplayMode
GetProcessWorkingSetSize
LZClose
ScrollConsoleScreenBufferA
GlobalCompact
GetProcAddress
lstrcatW
ReadConsoleInputW
GetTickCount
LockResource
LZCloseFile
MulDiv
LockFile
LocalShrink
LZInit
GetUserDefaultUILanguage
VerLanguageNameW
HeapCreate
IsBadHugeReadPtr
CreateFileA
MoveFileWithProgressW
DebugActiveProcess
AddConsoleAliasW
QueryActCtxW
SetFirmwareEnvironmentVariableA
EnumerateLocalComputerNamesW
SetConsoleTitleA
CreateTimerQueueTimer
CopyFileExW
LeaveCriticalSection
TransactNamedPipe
BindIoCompletionCallback
FindVolumeClose
GlobalMemoryStatus
EnumResourceTypesW
GetDiskFreeSpaceW
WritePrivateProfileStringA
FindResourceExW
FreeUserPhysicalPages
GlobalLock
GetProcessIoCounters
TransmitCommChar
GetThreadContext
GetConsoleCursorInfo
GetThreadLocale
SetVolumeMountPointW
SetLocaleInfoW
OpenProfileUserMapping

user32

IMPGetIMEW
DialogBoxIndirectParamW
GetAncestor
CheckMenuItem
CharToOemW
DdeQueryStringW
EnumWindowStationsA
IsWindow
VkKeyScanExW
CreateSystemThreads
IsCharAlphaW
LoadImageA
DefFrameProcW
ExcludeUpdateRgn
GetGUIThreadInfo
SetDlgItemTextW
EnumDesktopsW
DdeQueryStringA
SetMenu
FreeDDElParam
ChangeDisplaySettingsW
SetWindowsHookExW
FillRect
GetInputState
GetWindowThreadProcessId
SetParent
GetClassWord
MapVirtualKeyExA
DdeReconnect
SetRect
AdjustWindowRect
CheckMenuRadioItem
GetDoubleClickTime
SwitchDesktop
CreateDialogIndirectParamAorW
PrivateExtractIconsW
UnregisterClassW
EnumWindowStationsW
SetUserObjectSecurity
KillTimer
ModifyMenuW
GetClassNameW
EnumClipboardFormats
GetMenuItemRect
DdeConnectList
GetCursor
GetScrollPos
DdeCreateStringHandleW
HiliteMenuItem
GetClassLongW
UnregisterHotKey
GetWindowLongW
MonitorFromWindow
GrayStringA
InitializeLpkHooks
GetShellWindow
UserHandleGrantAccess
TranslateAcceleratorW
DestroyWindow
RecordShutdownReason
SetCapture
GetAppCompatFlags
GetWindowTextA
SetInternalWindowPos
DrawAnimatedRects
GetPropW
DrawTextExA
MapVirtualKeyA
IsDialogMessageW
GetMenuStringA
CopyRect
SetSysColorsTemp
SetDoubleClickTime
GetClipboardFormatNameW
CopyImage
RegisterUserApiHook
UnhookWindowsHook
CheckRadioButton
LoadMenuIndirectW
GetWindowTextW
DdeClientTransaction
MapDialogRect
LookupIconIdFromDirectoryEx
CalcMenuBar
DrawStateA
IsWinEventHookInstalled
BroadcastSystemMessageExW
GetKeyboardLayout
InSendMessage

gdi32

GetGlyphIndicesA
GdiEntry15
SetRelAbs
XFORMOBJ_iGetXform
LPtoDP
CloseMetaFile
EngCopyBits
SetTextCharacterExtra
PolyDraw
GetGlyphOutlineW
LineDDA
PlayMetaFileRecord
GdiConvertToDevmodeW
CLIPOBJ_cEnumStart
DeleteColorSpace
SetROP2
FONTOBJ_pQueryGlyphAttrs
PATHOBJ_bEnum
SetDIBits
GetEnhMetaFilePixelFormat
BeginPath
Arc
GetHFONT
GdiCreateLocalMetaFilePict
GetNearestPaletteIndex
CreateDIBSection
GetViewportOrgEx
GetTextFaceAliasW
SelectBrushLocal
OffsetRgn
GdiIsMetaPrintDC
GetROP2
ScaleViewportExtEx
DdEntry40
RemoveFontResourceA

shell32

StrCmpNIW
StrChrIA
SHCreateDirectoryExA

shlwapi

PathIsRootW

comctl32

MenuHelp
ImageList_DrawIndirect
ImageList_Duplicate
ImageList_LoadImageA

comdlg32

GetFileTitleA
ChooseFontW
ReplaceTextW
FindTextA
GetSaveFileNameA
GetSaveFileNameW
GetOpenFileNameW
FindTextW
PrintDlgExW
PageSetupDlgA
PageSetupDlgW

oleaut32

SafeArrayUnaccessData
SafeArrayCopyData
VarR4FromUI2
VarCyFromStr
GetVarConversionLocaleSetting

version

VerLanguageNameW
GetFileVersionInfoSizeA
GetFileVersionInfoW

ws2_32

getpeername
shutdown
htonl
WSAEnumNetworkEvents
WSARecvDisconnect
getprotobynumber
getservbyname
recvfrom

wininet

UpdateUrlCacheContentPath
InternetCrackUrlA
InternetGetCookieA
ShowX509EncodedCertificate
GetUrlCacheHeaderData
FtpDeleteFileW
InternetCanonicalizeUrlA
GetUrlCacheConfigInfoA
FtpGetFileSize
IsUrlCacheEntryExpiredA
InternetAutodialHangup
RunOnceUrlCache
FtpRenameFileA
InternetGetCookieExA
InternetTimeToSystemTime

inetcomm

MimeOleSMimeCapGetEncAlg
MimeOleSMimeCapInit
MimeOleAlgStrengthFromSMimeCap
HrDoAttachmentVerb
MimeOleParseRfc822Address
MimeGetAddressFormatW
HrGetAttachIcon
DllGetClassObject
MimeOleGetCodePageCharset
MimeEditIsSafeToRun
MimeOleObjectFromMoniker
MimeOleCreateMessage

oledlg

OleUICanConvertOrActivateAs
OleUIChangeSourceA
OleUIAddVerbMenuA
OleUIBusyW
OleUIPromptUserA
OleUIObjectPropertiesW
OleUIChangeIconA

sqlunirl

_GetObject@12
_GetCompressedFileSize_@8
_CreateDialogParam_@20
_FreeEnvironmentStrings@4
_ttof
AllocConvertMultiSZNameToAEx
_GetVolumeInformation_@32
_NDdeGetShareSecurity_@24
_GetTextExtentPoint32@16

wsock32

gethostbyname
htons
getnetbyname
GetAcceptExSockaddrs
WSAUnhookBlockingHook
inet_ntoa
SetServiceA
WSAAsyncGetServByName
ioctlsocket
select
s_perror

d3dim

PaletteAssociateNotify
FlushD3DDevices
Direct3DCreateDevice

crtdll

_CIcos
vfprintf
_osmode_dll
_osversion_dll
vswprintf
_spawnlp
_strdec
_mbstrlen
_mbctombb

loadperf

BackupPerfRegistryToFileW
SetServiceAsTrustedA
UnloadPerfCounterTextStringsA

msvcirt

??0logic_error@@QAE@ABQBD@Z
?floatfield@ios@@2JB
?is_open@ofstream@@QBEHXZ
??4ios@@IAEAAV0@ABV0@@Z
?underflow@stdiobuf@@UAEHXZ
?lockptr@streambuf@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
?text@filebuf@@2HB
??_Dostrstream@@QAEXXZ
?pptr@streambuf@@IBEPADXZ
?seekoff@streambuf@@UAEJJW4seek_dir@ios@@H@Z

mfcsubs

?AllocBeforeWrite@CString@@IAEXH@Z
??_7CCriticalSection@@6B@
?FreeAssoc@CMapStringToPtr@@IAEXPAUCAssoc@1@@Z
?AssignCopy@CString@@IAEXHPBG@Z
?FreeExtra@CString@@QAEXXZ
??4CString@@QAEABV0@D@Z
??_FCMapStringToPtr@@QAEXXZ
?Format@CString@@QAAXPBGZZ
?GetCount@CMapStringToPtr@@QBEHXZ
?RemoveAll@CStringArray@@QAEXXZ
??1CMapStringToPtr@@UAE@XZ
??9@YG_NABVCString@@PBG@Z

Sections

.LZAa
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.K
Size: 2KB - Virtual size: 42KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.FlfYjO
Size: 72KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

254341286e93d5c80f0c4278477e6010

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

2c:01:58:55:22:e8:fa:61:13:8a:ef:a4:f6:27:ee:a8Certificate

Extended Key Usages

Key Usages

42:03:0f:36:14:c3:9d:72:60:5f:ff:89:70:d5:85:6c:c2:30:79:00Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

shlwapi

comctl32

comdlg32

oleaut32

version

ws2_32

wininet

inetcomm

oledlg

sqlunirl

wsock32

d3dim

crtdll

loadperf

msvcirt

mfcsubs

Sections

.LZAa Size: 19KB - Virtual size: 18KB

.rdata Size: 9KB - Virtual size: 9KB

.K Size: 2KB - Virtual size: 42KB

.data Size: 6KB - Virtual size: 7KB

.FlfYjO Size: 72KB - Virtual size: 125KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 3KB - Virtual size: 4KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

2c:01:58:55:22:e8:fa:61:13:8a:ef:a4:f6:27:ee:a8
Certificate

42:03:0f:36:14:c3:9d:72:60:5f:ff:89:70:d5:85:6c:c2:30:79:00
Signer

.LZAa
Size: 19KB - Virtual size: 18KB

.rdata
Size: 9KB - Virtual size: 9KB

.K
Size: 2KB - Virtual size: 42KB

.data
Size: 6KB - Virtual size: 7KB

.FlfYjO
Size: 72KB - Virtual size: 125KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 3KB - Virtual size: 4KB