e0be28d43af0953731798384afcbbb77_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e0be28d43af0953731798384afcbbb77_JaffaCakes118
Size

1.3MB
MD5

e0be28d43af0953731798384afcbbb77
SHA1

bcc546c70da8b36f59dc2b0a7cffd53570a93d1c
SHA256

2d7b3d4b4dc7c882b4231238fd673d139420fee76e74d39800214773aaf6bf15
SHA512

2a92dbec6552d3041dfc086f3d7bf80eb4af8a577cef1e212545c561c407fd2eafa1baf7985b4ad9321e00bdcb9b0cefb197c898242e0c924e4f03adafee6df9
SSDEEP

24576:pIrhHQ/KnlhFFQSJoDhl7trFbOSehoLzxWOdIHj1S:O+X1F6TGxWO21S

Score

1^/10

Malware Config

Signatures

Files

e0be28d43af0953731798384afcbbb77_JaffaCakes118
.exe windows:5 windows x86 arch:x86

468e6c82426a1302163409d70526c45b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Devtrees\helpton\trunk\binaries\release\client\bbt_thinclient.pdb

Imports

kernel32

HeapAlloc
GetProcessHeap
OutputDebugStringA
lstrcpynW
CreateProcessW
GetTempPathW
CreateDirectoryW
DeleteFileW
CopyFileW
SetFileAttributesW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetFullPathNameA
GetDriveTypeA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
SetConsoleCtrlHandler
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleHandleA
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
TlsFree
HeapFree
GetLastError
WaitForMultipleObjects
GetModuleFileNameA
ExitProcess
FatalAppExitA
HeapCreate
SetFilePointer
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFullPathNameW
LCMapStringW
LCMapStringA
GetCPInfo
GetStartupInfoW
GetFileAttributesW
ExitThread
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
FindFirstFileW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
DisableThreadLibraryCalls
ResumeThread
SuspendThread
VirtualProtect
VirtualAlloc
InterlockedCompareExchange
VirtualQuery
SetThreadContext
GetThreadContext
CreateFileA
GetSystemInfo
TlsSetValue
DeviceIoControl
ReadFile
CreateFileW
WaitNamedPipeW
ConnectNamedPipe
WriteFile
CloseHandle
GetCurrentThreadId
WideCharToMultiByte
GetOverlappedResult
TerminateThread
DisconnectNamedPipe
CreateNamedPipeW
CreateThread
FindResourceExW
CreateMutexW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetThreadPriority
GetCurrentThread
GetTickCount
lstrcmpiW
LoadLibraryExW
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
MulDiv
lstrcmpW
SetLastError
GetCurrentProcess
FlushInstructionCache
LocalFree
EnumResourceNamesW
FindResourceW
SizeofResource
LoadResource
LockResource
GetPrivateProfileStringW
InitializeCriticalSection
RaiseException
DeleteCriticalSection
Sleep
LoadLibraryW
GetProcAddress
FreeLibrary
TlsGetValue
CreateSemaphoreW
SetEvent
CreateEventW
ResetEvent
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
lstrlenW
MultiByteToWideChar
lstrlenA
GetShortPathNameW
GetModuleFileNameW
GlobalAlloc
GetVersionExW
GlobalLock
GlobalUnlock
TlsAlloc

user32

PostMessageW
GetDC
ReleaseDC
IsWindowVisible
PeekMessageW
IsIconic
SendMessageW
GetLastActivePopup
SetForegroundWindow
SetWindowPos
GetMessageW
TranslateMessage
DispatchMessageW
MessageBoxW
IsWindow
ShowWindow
FindWindowW
DestroyMenu
GetSubMenu
DestroyWindow
EndPaint
GetClientRect
BeginPaint
MoveWindow
UpdateWindow
RedrawWindow
SendMessageTimeoutW
DefWindowProcW
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindowRect
MessageBeep
GetParent
RegisterClassExW
LoadCursorW
GetClassInfoExW
RegisterWindowMessageW
SetWindowLongW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetWindowTextA
GetSysColor
SetFocus
IsDialogMessageW
SetTimer
CreateWindowExW
CallWindowProcW
CopyRect
OffsetRect
ScreenToClient
GetWindowDC
IsZoomed
PostThreadMessageW
DestroyAcceleratorTable
GetFocus
IsChild
FillRect
GetClassNameW
CharNextW
GetDesktopWindow
CreateAcceleratorTableW
LoadMenuW
GetCursorPos
TrackPopupMenu
ClientToScreen
ReleaseCapture
SetCapture
InvalidateRect
InvalidateRgn
GetDlgItem
GetCapture
PtInRect
IntersectRect
EqualRect
DrawTextW
SetCursor
EnableWindow
IsWindowEnabled
BringWindowToTop
SetActiveWindow
GetActiveWindow
PostQuitMessage
SetWindowRgn
LoadIconW
KillTimer
IsCharAlphaNumericW
GetWindow
GetSystemMetrics
SetRect
DestroyIcon
DrawIconEx
UnregisterClassA

gdi32

SetWindowOrgEx
GetViewportExtEx
SetMapMode
GetMapMode
GetBkColor
SetDIBitsToDevice
CreateRoundRectRgn
CreateDIBSection
GetObjectA
GetTextMetricsW
IntersectClipRect
GetClipRgn
GetClipBox
GetTextExtentPoint32W
SetBkColor
ExtTextOutW
GetWindowExtEx
GetDeviceCaps
CreateSolidBrush
DeleteDC
ExcludeClipRect
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateRectRgnIndirect
SelectClipRgn
SelectObject
GetObjectW
CreateFontIndirectW
GetStockObject
DeleteObject
SetBkMode
EnumFontsW
DPtoLP
LPtoDP
SetViewportExtEx
SetTextColor
SetWindowExtEx

advapi32

SetSecurityDescriptorDacl
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorGroup
RegQueryValueExA
RegOpenKeyW
RegSetValueW
RegQueryInfoKeyW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
OpenProcessToken
RegCreateKeyW
LookupPrivilegeValueW

shell32

Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CreateStreamOnHGlobal
CoUninitialize
CoCreateGuid
CoGetMalloc
CoTaskMemRealloc
CoTaskMemFree
OleLockRunning
CoTaskMemAlloc
StringFromGUID2
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoCreateInstance
OleInitialize
OleUninitialize
CoInitialize

oleaut32

LoadRegTypeLi
VariantInit
VariantClear
SafeArrayCopy
DispCallFunc
VarUI4FromStr
LoadTypeLi
SysFreeString
OleCreateFontIndirect
VarBstrCmp
SysAllocString
SysStringLen
SysAllocStringLen

shlwapi

UrlUnescapeW
SHGetValueW

comctl32

_TrackMouseEvent

urlmon

UrlMkSetSessionOption
UrlMkGetSessionOption

gdiplus

GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDrawImageRectI
GdipDrawLineI
GdipSetPenDashOffset
GdipSetPenDashStyle
GdipCreatePen1
GdipGraphicsClear
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipSetTextRenderingHint
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCreateSolidFill
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushFromRect
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipDisposeImage
GdipFree
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipAlloc
GdipDeletePen

crashreport

OnExiting
Initialize

wininet

InternetConnectW
InternetReadFile
HttpQueryInfoW
HttpOpenRequestW
InternetCrackUrlW
InternetSetFilePointer
InternetCanonicalizeUrlW
HttpSendRequestW
InternetOpenW
InternetOpenUrlW
InternetSetOptionW
InternetCloseHandle

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

imm32

ImmAssociateContext

iphlpapi

GetAdaptersInfo

rpcrt4

RpcStringFreeW
UuidToStringW

ws2_32

WSAStartup
ntohl
WSACleanup
inet_ntoa
getpeername
gethostname
htonl
getsockname
shutdown
setsockopt
bind
socket
closesocket
listen
accept
htons
inet_addr
connect
send
recv
gethostbyname
ntohs

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

468e6c82426a1302163409d70526c45b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

urlmon

gdiplus

crashreport

wininet

version

imm32

iphlpapi

rpcrt4

ws2_32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 137KB - Virtual size: 137KB

.data Size: 18KB - Virtual size: 34KB

.rsrc Size: 60KB - Virtual size: 60KB

.reloc Size: 42KB - Virtual size: 41KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 137KB - Virtual size: 137KB

.data
Size: 18KB - Virtual size: 34KB

.rsrc
Size: 60KB - Virtual size: 60KB

.reloc
Size: 42KB - Virtual size: 41KB