dc5cc070ea662794f72b8558bddf60f9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dc5cc070ea662794f72b8558bddf60f9_JaffaCakes118
Size

5.8MB
MD5

dc5cc070ea662794f72b8558bddf60f9
SHA1

ac7ff04ac89320a84be6f853191432a707d8181a
SHA256

3863361341fb271b432545c1806ea5444408bee164e18402b7b0d153c5cd4710
SHA512

152a317c81ec450a95781f74bc16563b2f9c564c3778f3b2cf9418cb7906da310647a84855d160af3069171336bb287a0b19c3d9b24038e2352762f61036ae5a
SSDEEP

98304:VanGfmTCkplMq4lAyurFzSyjjksnldSQmT4PU7MHT4PU7M9gN/YhGdwf:VanjALurZSyS/gN/IGOf

Score

1^/10

Malware Config

Signatures

Files

dc5cc070ea662794f72b8558bddf60f9_JaffaCakes118
.exe windows:6 windows x86 arch:x86

0e28e13d678a234a7b0c784e85c51882

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

12:9e:a2:18:d6:79:e2:60:19:5f:64:97:5e:15:bd:08
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

01-07-2019 00:00

Not After

30-06-2020 23:59

Subject

CN=KRONA\, OOO,O=KRONA\, OOO,L=St. Petersburg,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

15:34:b0:eb:6a:f6:ef:d7:26:78:9f:49:2a:57:19:e6:a7:93:0d:ef
Signer

Actual PE Digest

15:34:b0:eb:6a:f6:ef:d7:26:78:9f:49:2a:57:19:e6:a7:93:0d:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\User\JOB\chistilka\cleaner-app\build\bin\cleaner-util.pdb

Imports

kernel32

HeapValidate
UnlockFileEx
SetEndOfFile
GetFullPathNameA
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
HeapCreate
AreFileApisANSI
InitializeCriticalSection
TryEnterCriticalSection
GetSystemFirmwareTable
QueryDosDeviceW
TerminateProcess
VirtualAlloc
VirtualFree
ReadProcessMemory
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetEnvironmentVariableW
GetDriveTypeW
GetLogicalDrives
GetWindowsDirectoryW
GetNativeSystemInfo
IsWow64Process
DeviceIoControl
ResumeThread
FreeResource
VerSetConditionMask
lstrcpynW
VerifyVersionInfoW
FindFirstFileA
FindNextFileA
lstrcmpiA
GetCurrentDirectoryW
LocalFileTimeToFileTime
SetFileTime
GetFileInformationByHandle
GetLocalTime
CreateMutexW
QueryPerformanceCounter
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
SetConsoleCtrlHandler
CreatePipe
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetStdHandle
PeekNamedPipe
CreateEventW
GetTempPathA
ExitProcess
RtlUnwind
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
GetDiskFreeSpaceA
SetProcessAffinityMask
VirtualProtect
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
ChangeTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
GetProcessTimes
CreateSemaphoreW
ReleaseSemaphore
GetModuleFileNameA
CreateFileMappingA
GetStartupInfoW
UnhandledExceptionFilter
LCMapStringW
CompareStringW
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetFilePointerEx
RtlCaptureStackBackTrace
GetModuleHandleExW
QueueUserWorkItem
CreateHardLinkW
CreateDirectoryExW
GetDiskFreeSpaceExW
FindFirstFileExW
GetExitCodeThread
SwitchToThread
DuplicateHandle
GetStringTypeW
LoadLibraryExA
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetFileSizeEx
ExpandEnvironmentStringsA
VerifyVersionInfoA
GetModuleHandleA
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
WTSGetActiveConsoleSessionId
FormatMessageW
GetFileAttributesA
lstrcmpW
MulDiv
GlobalHandle
SetCurrentDirectoryW
CreateNamedPipeW
DisconnectNamedPipe
ConnectNamedPipe
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
VirtualQuery
GetCurrentThread
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
GetSystemInfo
HeapCompact
UnlockFile
LockFileEx
SystemTimeToFileTime
GetSystemTime
FormatMessageA
ReadDirectoryChangesW
LocalAlloc
GetComputerNameW
GetSystemDirectoryW
GetVolumeInformationW
DeleteTimerQueueTimer
CreateTimerQueueTimer
InterlockedFlushSList
TerminateThread
lstrcmpiW
LoadLibraryW
FreeLibrary
LoadLibraryExW
GetCurrentThreadId
ExitThread
GetCurrentProcessId
ResetEvent
SetEvent
GetCommandLineW
GetTickCount
Sleep
WideCharToMultiByte
MultiByteToWideChar
OutputDebugStringW
FlushFileBuffers
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetPrivateProfileStringW
MoveFileExW
MoveFileW
CopyFileW
lstrlenW
SetLastError
SetFileAttributesW
RemoveDirectoryW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
GetFileTime
SetUnhandledExceptionFilter
GetLocaleInfoW
LocalFree
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleFileNameW
FindResourceExW
GetVersionExW
OpenProcess
GetCurrentProcess
GetTempPathW
DecodePointer
GetTempFileNameW
DeleteFileW
GetLongPathNameW
WaitForMultipleObjects
GetProcAddress
GetModuleHandleW
WriteFile
SetFilePointer
ReadFile
GetFileSize
CreateFileW
GetSystemTimeAsFileTime
CreateDirectoryW
lstrcpyW
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
CloseHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileAttributesExW
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
GetFileType

user32

EmptyClipboard
DispatchMessageW
PeekMessageW
PostThreadMessageW
PostQuitMessage
DestroyWindow
ShowWindow
BringWindowToTop
CreateDialogParamW
CharNextW
GetKeyState
GetSystemMetrics
GetForegroundWindow
SetForegroundWindow
GetClientRect
GetWindowLongW
SetWindowLongW
IsWindow
IsWindowVisible
DialogBoxParamW
SwitchToThisWindow
GetDesktopWindow
MessageBoxW
RegisterWindowMessageW
DefWindowProcW
CallWindowProcW
RegisterClassExW
GetClassInfoExW
SetClipboardData
IsChild
MoveWindow
SetWindowPos
DialogBoxIndirectParamW
GetDlgItem
SetFocus
GetFocus
SetCapture
ReleaseCapture
CreateAcceleratorTableW
DestroyAcceleratorTable
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
InvalidateRgn
RedrawWindow
GetMessageW
GetWindowTextW
GetWindowTextLengthW
ClientToScreen
ScreenToClient
GetSysColor
FillRect
GetParent
LoadCursorW
EndDialog
wsprintfW
GetWindowRect
MapWindowPoints
MonitorFromWindow
GetMonitorInfoW
GetActiveWindow
SetWindowContextHelpId
LoadImageW
MapDialogRect
GetDlgCtrlID
EnableWindow
SetCursor
GetClassLongW
SetParent
SendDlgItemMessageW
SetTimer
KillTimer
CloseClipboard
OpenClipboard
SendMessageW
ExitWindowsEx
LoadStringW
GetWindow
GetWindowThreadProcessId
GetCursorPos
RegisterClassW
UpdateWindow
LoadIconW
FindWindowW
LoadMenuW
DestroyMenu
GetSubMenu
TrackPopupMenu
SetActiveWindow
GetTopWindow
GetClassNameW
PostMessageW
UnregisterClassW
TranslateMessage
SetWindowTextW
CreateWindowExW
GetWindowDC
FindWindowA
CreateDialogIndirectParamW
MonitorFromPoint

gdi32

SetBkColor
GetTextExtentPoint32W
SetTextColor
SetBkMode
DPtoLP
CreateFontIndirectW
GetStockObject
GetDeviceCaps
CreateSolidBrush
CreateCompatibleBitmap
BitBlt
DeleteObject
GetObjectW
SetDIBColorTable
CreateDIBSection
SelectObject
CreateCompatibleDC
AddFontResourceW
DeleteDC
ExtTextOutW

shell32

CommandLineToArgvW
ShellExecuteExW
ShellExecuteW
SHFileOperationW
SHGetFolderPathW
SHGetMalloc
SHGetDesktopFolder
Shell_NotifyIconW

ole32

CoCreateGuid
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
StringFromCLSID
CLSIDFromString
CLSIDFromProgID
StringFromGUID2
OleInitialize
OleUninitialize
OleLockRunning
CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity
OleRun
CoGetClassObject

oleaut32

DispCallFunc
SysAllocStringByteLen
VariantChangeType
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysStringByteLen
VariantInit
SysStringLen
SysAllocStringLen
SysAllocString
VarUI4FromStr
SysFreeString
CreateErrorInfo
VariantCopy
VariantClear
GetErrorInfo
SetErrorInfo

advapi32

CryptAcquireContextW
EnumDependentServicesW
StartServiceW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
SetNamedSecurityInfoW
IsValidSid
InitializeSid
InitializeAcl
GetSidSubAuthority
GetSidLengthRequired
GetLengthSid
CopySid
AddAce
RegSetValueExW
RegOpenKeyExW
LookupPrivilegeValueW
GetTokenInformation
DuplicateTokenEx
AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
MapGenericMask
GetFileSecurityW
AccessCheck
EqualSid
LookupAccountSidW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
ConvertSidToStringSidW
RegQueryValueExW
CreateProcessAsUserW
ImpersonateLoggedOnUser
SetTokenInformation
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
LookupAccountNameW
SystemFunction036
GetAclInformation
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
MakeAbsoluteSD
SetSecurityDescriptorDacl
RegEnumValueW
SetSecurityInfo
GetAce
GetNamedSecurityInfoW
EnumServicesStatusExW
QueryServiceConfigW
QueryServiceConfig2W
FreeSid
ConvertStringSidToSidW
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
EnumServicesStatusW
QueryServiceStatus
CryptAcquireContextA
CryptGenRandom

comctl32

_TrackMouseEvent
InitCommonControlsEx

uxtheme

SetWindowTheme

gdiplus

GdipImageGetFrameDimensionsCount
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipDrawString
GdipGetFontSize
GdipGetFontStyle
GdipGetFamily
GdipDeleteFont
GdipCreateFont
GdiplusShutdown
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipFillPath
GdipFillRectangleI
GdipGraphicsClear
GdipDrawPath
GdipDrawRectangleI
GdipSetSmoothingMode
GdipCreateBitmapFromGraphics
GdipLoadImageFromStream
GdipSetPenColor
GdipDeletePen
GdipCreatePen1
GdipCreateLineBrushFromRectI
GdipSetSolidFillColor
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAddPathArcI
GdipClosePathFigure
GdipStartPathFigure
GdipDeletePath
GdipCreatePath
GdipDrawImageRectI
GdipCreateFromHDC
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipGetFamilyName
GdipLoadImageFromFileICM
GdipLoadImageFromStreamICM
GdipLoadImageFromFile
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetGetCookieW
InternetSetCookieW

userenv

UnloadUserProfile
CreateEnvironmentBlock

dbghelp

SymFunctionTableAccess64
SymGetModuleBase64
SymCleanup
ImageNtHeader
SymGetOptions
SymSetOptions
MakeSureDirectoryPathExists
SymInitialize
StackWalk64

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

crypt32

CryptMsgGetParam
CertCloseStore
CryptQueryObject
CertOpenStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
CertAddCertificateContextToStore
CertGetNameStringA
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptMsgClose

imagehlp

MapAndLoad
UnMapAndLoad

winhttp

WinHttpSetOption
WinHttpCrackUrl
WinHttpSetStatusCallback
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpWriteData
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpQueryHeaders

ws2_32

gethostbyname
WSAStartup
closesocket
inet_ntoa
htons
inet_addr
recv
send
connect
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
bind
getpeername
getsockname
getsockopt
ntohs
setsockopt
WSAIoctl
WSACleanup
getaddrinfo
freeaddrinfo
ioctlsocket
socket

iphlpapi

GetAdaptersInfo

psapi

GetProcessImageFileNameW
GetDeviceDriverBaseNameW
EnumDeviceDrivers
GetProcessMemoryInfo

mpr

WNetGetProviderNameA

shlwapi

PathFileExistsW

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 768KB - Virtual size: 768KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e28e13d678a234a7b0c784e85c51882

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

12:9e:a2:18:d6:79:e2:60:19:5f:64:97:5e:15:bd:08Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

15:34:b0:eb:6a:f6:ef:d7:26:78:9f:49:2a:57:19:e6:a7:93:0d:efSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

comctl32

uxtheme

gdiplus

version

wininet

userenv

dbghelp

rpcrt4

crypt32

imagehlp

winhttp

ws2_32

iphlpapi

psapi

mpr

shlwapi

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 82KB - Virtual size: 104KB

.rsrc Size: 768KB - Virtual size: 768KB

.reloc Size: 153KB - Virtual size: 152KB

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

12:9e:a2:18:d6:79:e2:60:19:5f:64:97:5e:15:bd:08
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

15:34:b0:eb:6a:f6:ef:d7:26:78:9f:49:2a:57:19:e6:a7:93:0d:ef
Signer

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 82KB - Virtual size: 104KB

.rsrc
Size: 768KB - Virtual size: 768KB

.reloc
Size: 153KB - Virtual size: 152KB