d62c1f3be643cd2063b3a9db65f24162_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d62c1f3be643cd2063b3a9db65f24162_JaffaCakes118
Size

276KB
MD5

d62c1f3be643cd2063b3a9db65f24162
SHA1

ebae1926118ae86406f53136e88edfd560a2a9b9
SHA256

47ee13efbdb58bc3a211b12159794b1f50cc40205172ddb02dc0ff46d494ddbf
SHA512

8ff3cc633d858690a7df130a224868b156e3d608629de5851e3d748e8659c70388a558488a83a9ca8040d43175295fade82a133bab9cfc6076bbccd5e2dc760d
SSDEEP

3072:o4UU/yUyEAc1PBhxFpfDFxcu3GqSSk9QAM5vsh+Kbr8jKVOOnyrlP3RJrfkr9pn:8UFpZ3jFpffcu3bSSolt98XMr

Score

1^/10

Malware Config

Signatures

Files

d62c1f3be643cd2063b3a9db65f24162_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8d61ae0051e8c4b2c3a461cbdae26001

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:c0:ef:6b:ed:03:1e:e3:34:c6:09:ae:d6:dd:60:82
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

11/02/2009, 00:00

Not After

11/02/2011, 23:59

Subject

CN=FAVORIT NETWORK S.L.,OU=Secure Application Development,O=FAVORIT NETWORK S.L.,L=BARCELONA,ST=BARCELONA,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

1f:ee:6c:33:31:34:59:c6:4f:54:e8:6b:77:bd:19:56:ef:50:b2:9d
Signer

Actual PE Digest

1f:ee:6c:33:31:34:59:c6:4f:54:e8:6b:77:bd:19:56:ef:50:b2:9d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
MulDiv
GetFileAttributesA
SetErrorMode
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
TlsGetValue
GlobalFlags
WritePrivateProfileStringA
GetProcessVersion
SizeofResource
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapAlloc
HeapReAlloc
HeapFree
GetStartupInfoA
GetCommandLineA
GlobalFindAtomA
GetACP
SetStdHandle
GetFileType
HeapSize
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
GetProfileStringA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
FileTimeToLocalFileTime
lstrcmpiA
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
WideCharToMultiByte
GetEnvironmentVariableA
GetTempPathW
lstrcatW
FindFirstFileW
MoveFileW
MoveFileA
DeleteFileW
CreateFileW
SetLastError
FindFirstFileA
FindClose
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
DeleteFileA
WriteFile
GetFileSize
GetTempPathA
LoadLibraryA
GetProcAddress
GetModuleHandleA
LocalAlloc
LocalReAlloc
FreeLibrary
GetCurrentProcess
lstrcmpA
GetVersionExA
lstrcatA
FormatMessageA
LocalFree
CreateDirectoryA
lstrcpyA
MultiByteToWideChar
TerminateProcess
CreateEventA
SetFilePointer
ReadFile
GetFileTime
FileTimeToSystemTime
GetDateFormatA
CreateFileA
SetEvent
GetExitCodeThread
TerminateThread
GetUserDefaultLangID
GetModuleFileNameA
SystemTimeToTzSpecificLocalTime
GetTickCount
CreateThread
ResumeThread
WaitForSingleObject
CloseHandle
GetLastError
InterlockedDecrement
InterlockedIncrement
lstrlenA
LeaveCriticalSection
DeleteCriticalSection
InterlockedExchange
InitializeCriticalSection
Sleep
ExitProcess
EnterCriticalSection

user32

PostThreadMessageA
GetNextDlgGroupItem
SetRect
CopyAcceleratorTableA
CharNextA
GetSysColorBrush
PtInRect
GetClassNameA
LoadCursorA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
CopyRect
RegisterClipboardFormatA
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
CreateWindowExA
DestroyMenu
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
PostMessageA
IsWindow
DispatchMessageA
TranslateMessage
PeekMessageA
MessageBoxA
UnregisterClassA
SetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
OffsetRect
IntersectRect
GetWindowPlacement
GetWindowRect
MapDialogRect
GetWindow
SetWindowContextHelpId
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
InflateRect
InvalidateRect
GetFocus
GetNextDlgTabItem
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
GetTopWindow
LoadStringA
SystemParametersInfoA
GetSystemMetrics
wsprintfA
ScreenToClient
ClientToScreen
LoadIconA
SetTimer
SetWindowPos
SendMessageA
DrawIcon
GetClientRect
IsIconic
KillTimer
EnableWindow
GetDesktopWindow
CharUpperA
UnhookWindowsHookEx
PostQuitMessage
SetCursor
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetCursorPos
GetClassLongA
MessageBeep
GetMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible

gdi32

ExtTextOutA
Escape
GetTextColor
GetBkColor
DPtoLP
TextOutA
GetMapMode
PatBlt
RectVisible
PtVisible
CreateSolidBrush
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
DeleteObject
LPtoDP
CreateBitmap
IntersectClipRect
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateDIBitmap
SetTextColor
GetClipBox

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegSetValueExA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA

shell32

ShellExecuteA
ShellExecuteW

comctl32

ord17

oledlg

ord8

ole32

CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CLSIDFromProgID
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString

olepro32

ord253

oleaut32

SysFreeString
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysAllocString
SysAllocStringLen
VariantTimeToSystemTime
VariantCopy
VariantChangeType
GetErrorInfo
SysStringLen

wininet

InternetCloseHandle
InternetReadFile
HttpSendRequestA
InternetQueryOptionA
InternetSetOptionA
HttpOpenRequestA
InternetConnectA
InternetSetStatusCallback
InternetOpenA
HttpQueryInfoA
InternetCrackUrlA
InternetCanonicalizeUrlA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ws2_32

WSAStartup
gethostbyname
WSACleanup
inet_addr
send
select
socket
bind
listen
accept
shutdown
recv
closesocket
htons
gethostname

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d61ae0051e8c4b2c3a461cbdae26001

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

23:c0:ef:6b:ed:03:1e:e3:34:c6:09:ae:d6:dd:60:82Certificate

Extended Key Usages

1f:ee:6c:33:31:34:59:c6:4f:54:e8:6b:77:bd:19:56:ef:50:b2:9dSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wininet

version

ws2_32

Sections

.text Size: 180KB - Virtual size: 179KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 20KB - Virtual size: 36KB

.rsrc Size: 28KB - Virtual size: 27KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

23:c0:ef:6b:ed:03:1e:e3:34:c6:09:ae:d6:dd:60:82
Certificate

1f:ee:6c:33:31:34:59:c6:4f:54:e8:6b:77:bd:19:56:ef:50:b2:9d
Signer

.text
Size: 180KB - Virtual size: 179KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 20KB - Virtual size: 36KB

.rsrc
Size: 28KB - Virtual size: 27KB