db92180ae3df89c7252182b10dda6961_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

db92180ae3df89c7252182b10dda6961_JaffaCakes118
Size

863KB
MD5

db92180ae3df89c7252182b10dda6961
SHA1

96248af92a6e66ea02e4f66a773bb78df8044967
SHA256

151c255ee0c9a1c3a91dc8e15f1b67d9a5490b2620ca215431029810ac3ba023
SHA512

7b88af8943320823553926a7b496ece440efb1dbb213ae4bbec13a7b78e2325d3ef7f5c77e3fdc12cdc6bfbd0bbc51a927861a758c0d87c511ebb2279ed8b3fc
SSDEEP

12288:hL+sWtuX1v9f9rkFId0s/2Dg9LVWZqaJ62oNJDZ6V3phDg1:Isd7rkFe0w2DMVWZqaQxN6Zi

Score

1^/10

Malware Config

Signatures

Files

db92180ae3df89c7252182b10dda6961_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ff042487574b14b48a411298370871b8

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:1c:07:e2:d4:16:e0:5d:50:07:84:5a:18:83:95:28
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

30-06-2009 00:00

Not After

10-07-2011 23:59

Subject

CN=Daishin Securities Co.\, Ltd.,OU=IS Business Team IT Group,O=Daishin Securities Co.\, Ltd.,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0e:c0:46:1a:7e:26:8a:38:02:d9:27:e9:22:45:4b:7e:37:b6:32:05
Signer

Actual PE Digest

0e:c0:46:1a:7e:26:8a:38:02:d9:27:e9:22:45:4b:7e:37:b6:32:05

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\work\d-cybos\_pdbim\coStarter.pdb

Imports

gdiplus

GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipDrawImageRectI
GdipGetImageHeight
GdipGetImageWidth
GdiplusStartup
GdiplusShutdown
GdipGetImageGraphicsContext
GdipTranslateWorldTransform
GdipDrawImage
GdipDrawImageI
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteFont
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipDrawString
GdipSetTextRenderingHint
GdipCloneBitmapAreaI
GdipSetStringFormatFlags
GdipBitmapLockBits
GdipCreateRegionRectI
GdipDeleteRegion
GdipCombineRegionRectI
GdipBitmapUnlockBits
GdipCreateBitmapFromFile
GdipGetRegionHRgn
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipCreateStringFormat
GdipFree

spednetmodule

ProcessCancel

kernel32

lstrlenW
CreateToolhelp32Snapshot
Process32First
Process32Next
lstrcpyA
MulDiv
FreeResource
GetVersionExA
lstrcmpW
CompareStringA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetModuleFileNameW
lstrcmpA
InterlockedExchange
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
FindNextFileA
FileTimeToLocalFileTime
GetThreadLocale
ReadFile
WriteFile
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
GetVolumeInformationA
GetFullPathNameA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
GetFileAttributesExA
GetFileSizeEx
GetModuleHandleW
InterlockedIncrement
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
UnhandledExceptionFilter
IsDebuggerPresent
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
HeapFree
ExitThread
GetTimeZoneInformation
GetCommandLineA
GetStartupInfoA
HeapReAlloc
RtlUnwind
RaiseException
ExitProcess
SetStdHandle
GetFileType
HeapSize
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
FindClose
LCMapStringW
GetStdHandle
VirtualFree
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetDriveTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
GetEnvironmentVariableA
CopyFileA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileTime
GetSystemDirectoryA
GetWindowsDirectoryA
QueryPerformanceFrequency
QueryPerformanceCounter
DeleteFileA
GetExitCodeThread
WaitForMultipleObjects
GetCurrentThread
SetEnvironmentVariableA
CreateDirectoryA
CreateThread
LoadLibraryExA
TerminateThread
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
CreateProcessA
GetVersion
GetCurrentDirectoryA
SetCurrentDirectoryA
lstrlenA
MultiByteToWideChar
WinExec
InterlockedDecrement
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
GetTickCount
IsBadWritePtr
LocalFree
Sleep
OpenProcess
FreeLibrary
SetLastError
WaitForSingleObject
CreateRemoteThread
GetExitCodeProcess
DuplicateHandle
GetLastError
CloseHandle
GetCurrentProcessId
GetCurrentThreadId
CreateFileA
GetProcAddress
LoadLibraryA
GetCurrentProcess
TerminateProcess
GetModuleFileNameA
VirtualQuery
GetModuleHandleA
FormatMessageA
SetUnhandledExceptionFilter
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
OutputDebugStringA
FindFirstFileA
GetFileAttributesA
LCMapStringA
GetProcessHeap
SetFilePointer

user32

IsRectEmpty
LoadCursorA
SetCursor
WindowFromPoint
PostQuitMessage
MapDialogRect
SetWindowContextHelpId
ValidateRect
TranslateMessage
GetMessageA
ShowOwnedPopups
GetMenuItemInfoA
DestroyMenu
CharUpperA
GetSysColorBrush
CopyAcceleratorTableA
InvalidateRgn
TranslateAcceleratorA
BringWindowToTop
CreatePopupMenu
InsertMenuItemA
LoadAcceleratorsA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
CharNextA
UnregisterClassA
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
MoveWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
ShowScrollBar
GetClassInfoExA
AdjustWindowRectEx
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
CallWindowProcA
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowTextLengthA
GetScrollPos
SetScrollPos
GetWindow
GetLastActivePopup
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetWindowLongA
CreateWindowExA
RegisterClassA
GetClassInfoA
DestroyWindow
GetDlgItem
GetDC
UpdateWindow
DrawFocusRect
WinHelpA
RegisterWindowMessageA
DefWindowProcA
TrackMouseEvent
OffsetRect
GetFocus
SetRectEmpty
DrawIcon
MessageBoxA
ExitWindowsEx
AppendMenuA
GetSystemMenu
SetFocus
SetActiveWindow
SetWindowPos
IsWindowVisible
GetWindowThreadProcessId
GetWindowTextA
SetForegroundWindow
ShowWindow
IsIconic
ReleaseDC
GetWindowDC
GetSystemMetrics
IsWindowEnabled
GetSysColor
GetDesktopWindow
GetCursorPos
InflateRect
CopyRect
GetWindowLongA
PostThreadMessageA
SetTimer
KillTimer
wsprintfA
SetWindowRgn
PtInRect
SetRect
GetParent
LoadImageA
FillRect
GetClientRect
InvalidateRect
ReleaseCapture
EqualRect
SetCapture
ScreenToClient
PostMessageA
IsWindow
GetWindowRect
EnableWindow
SendMessageA
GetMenu
WaitMessage
LoadIconA

gdi32

ExtTextOutA
SetBkColor
GetTextExtentPoint32A
CreateRectRgnIndirect
GetTextMetricsA
SaveDC
RestoreDC
SetBkMode
SetTextColor
SetMapMode
GetClipBox
LineTo
MoveToEx
ExtSelectClipRgn
DeleteDC
SetPixel
CreatePatternBrush
CreateBitmap
GetStockObject
SelectPalette
SelectObject
GetMapMode
DPtoLP
CreateEllipticRgn
LPtoDP
Ellipse
GetRgnBox
GetBkColor
GetTextColor
ScaleWindowExtEx
CreateBrushIndirect
SetWindowExtEx
ScaleViewportExtEx
CreateCompatibleBitmap
RoundRect
CreateRoundRectRgn
CreatePen
CreatePalette
GetDIBColorTable
CreateHalftonePalette
BitBlt
RealizePalette
GetDeviceCaps
CreateCompatibleDC
Arc
CreateFontIndirectA
GetObjectA
DeleteObject
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateSolidBrush
SelectClipRgn

msimg32

GradientFill

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyA
RegDeleteValueA
RegCloseKey
RegQueryValueA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA

shell32

DragFinish
SHGetFolderPathA
SHFileOperationA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
DragQueryFileA
ShellExecuteA

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
SHCreateStreamOnFileW
UrlUnescapeA

oledlg

ord8

ole32

CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoFreeUnusedLibraries

oleaut32

VarDateFromStr
SafeArrayGetLBound
VariantInit
VariantClear
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayCopy
SafeArrayDestroy
SafeArrayLock
SafeArrayUnlock
SysFreeString
SysAllocString
SysAllocStringLen
DispCallFunc
SysStringLen
SysAllocStringByteLen
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantCopy

wsock32

WSASetLastError
sendto
recvfrom
WSAAsyncSelect
getsockname
inet_ntoa
setsockopt
recv
send
select
accept
bind
htonl
closesocket
connect
socket
htons
shutdown
WSACleanup
WSAStartup
WSAAsyncGetHostByName
inet_addr
WSAGetLastError
gethostbyname
ioctlsocket

msi

ord67

wininet

InternetOpenUrlA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetCloseHandle
InternetQueryDataAvailable
InternetQueryOptionA
InternetCrackUrlA
InternetOpenA
InternetCanonicalizeUrlA

Sections

.text
Size: 434KB - Virtual size: 433KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff042487574b14b48a411298370871b8

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

08:1c:07:e2:d4:16:e0:5d:50:07:84:5a:18:83:95:28Certificate

Extended Key Usages

0e:c0:46:1a:7e:26:8a:38:02:d9:27:e9:22:45:4b:7e:37:b6:32:05Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

spednetmodule

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wsock32

msi

wininet

Sections

.text Size: 434KB - Virtual size: 433KB

.rdata Size: 127KB - Virtual size: 126KB

.data Size: 20KB - Virtual size: 37KB

.rsrc Size: 277KB - Virtual size: 277KB

01
Certificate

0a
Certificate

08:1c:07:e2:d4:16:e0:5d:50:07:84:5a:18:83:95:28
Certificate

0e:c0:46:1a:7e:26:8a:38:02:d9:27:e9:22:45:4b:7e:37:b6:32:05
Signer

.text
Size: 434KB - Virtual size: 433KB

.rdata
Size: 127KB - Virtual size: 126KB

.data
Size: 20KB - Virtual size: 37KB

.rsrc
Size: 277KB - Virtual size: 277KB