e0f12443e372a1c7984252ac6c169deb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e0f12443e372a1c7984252ac6c169deb_JaffaCakes118
Size

2.4MB
MD5

e0f12443e372a1c7984252ac6c169deb
SHA1

3bd80b4f39f9e7a36b7bdcc8b6b6ebfbf227ef6a
SHA256

79151b848953e1349b6e175bb2ba0470cb4fc421d84b8c5afbacd73cac542b7d
SHA512

e98f4e87efab434c49f2cd3fcc8af349bc4437dbebca4eb6163fdbc0336103618fbe29dc04a4007ae1b8299bb9b340a6e95e365a6f2025f40b7ac9dc8f384bee
SSDEEP

49152:en+QvLHZvSAyhu6WOGeRN6vQQJBAZucAiMPof7WU/ZahPzuM/fl:eN4b8eRg4Em4c1yKWj

Score

1^/10

Malware Config

Signatures

Files

e0f12443e372a1c7984252ac6c169deb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fb628812cb24be7ccd4f7a946be838b5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

63:bd:88:98:dc:cd:f6:86:99:8f:18:f6:3f:5a:13:6e
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

07-07-2011 00:00

Not After

30-05-2014 23:59

Subject

CN=ooVoo LLC,OU=Secure Application Development,O=ooVoo LLC,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:4e:cd:35:49:b2:4d:0b:bc:59:9b:77:ba:66:5d:98:f3:d5:2e:b2
Signer

Actual PE Digest

0a:4e:cd:35:49:b2:4d:0b:bc:59:9b:77:ba:66:5d:98:f3:d5:2e:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SystemTimeToFileTime
OutputDebugStringW
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
lstrcmpW
ReleaseMutex
TryEnterCriticalSection
SetEnvironmentVariableA
GetTimeZoneInformation
Sleep
ResetEvent
WideCharToMultiByte
GetVersionExW
CopyFileW
DeleteFileW
CreateDirectoryW
GetTempFileNameW
GetTempPathW
CreateEventW
FindClose
WriteFile
WaitForMultipleObjects
WaitForSingleObject
SetEvent
TerminateThread
CreateThread
GetExitCodeProcess
TerminateProcess
FindNextFileW
FindFirstFileW
CreateFileW
CloseHandle
GetFileTime
ReadFile
GetFileSize
GetModuleHandleW
LoadLibraryExW
lstrcmpiW
SetEndOfFile
WriteConsoleW
SetStdHandle
InterlockedExchange
LoadLibraryW
CompareStringW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetConsoleCP
FlushFileBuffers
GetFileType
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetStringTypeW
InitializeCriticalSection
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleExW
ExitProcess
GetCPInfo
GetOEMCP
IsValidCodePage
GetStdHandle
GetACP
GetCommandLineW
IsDebuggerPresent
RtlUnwind
LocalFree
LCMapStringW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
GetProcAddress
FreeLibrary
GetDateFormatW
GetTimeFormatW
MultiByteToWideChar
FindResourceExW
FindResourceW
GetModuleFileNameW
GetTickCount
FileTimeToSystemTime
GetSystemTimeAsFileTime
SizeofResource
LoadResource
LockResource
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetCurrentThreadId
RaiseException
EncodePointer
DecodePointer
HeapSize
HeapReAlloc
HeapDestroy
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
InterlockedCompareExchange
GetProcessHeap
HeapFree
HeapAlloc
SetThreadLocale
GetLocaleInfoW
GetSystemDefaultUILanguage
SetFilePointer
GetCurrentProcess
FlushInstructionCache
CreateMutexW

user32

FindWindowW
IsIconic
IsWindowVisible
PostQuitMessage
GetSystemMetrics
AttachThreadInput
PostMessageW
LoadStringW
MessageBoxW
DefWindowProcW
CallWindowProcW
RegisterClassExW
GetClassInfoExW
CharNextW
CreateDialogParamW
CreateWindowExW
IsWindow
ShowWindow
SetTimer
KillTimer
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
GetWindowTextW
GetWindowTextLengthW
GetClientRect
GetWindowLongW
SetWindowLongW
LoadCursorW
SendMessageW
MoveWindow
GetDlgCtrlID
GetFocus
GetCapture
SetCapture
ReleaseCapture
IsWindowEnabled
SetWindowTextW
ClientToScreen
WindowFromPoint
SetRectEmpty
InflateRect
UnregisterClassW
CopyRect
DrawTextW
SetClassLongW
GetParent
SetWindowPos
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
DestroyWindow
GetForegroundWindow
SetForegroundWindow
PtInRect
GetWindowThreadProcessId
LoadIconW
IsDialogMessageW
SystemParametersInfoW
GetDesktopWindow
RegisterWindowMessageW
EnableWindow
SetRect
OffsetRect
IsChild
GetDlgItem
CreateAcceleratorTableW
DestroyAcceleratorTable
InvalidateRgn
RedrawWindow
ScreenToClient
GetSysColor
FillRect
GetClassNameW
GetWindow
SetCursor
SetFocus

gdi32

GetObjectW
SelectObject
GetDeviceCaps
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateFontIndirectW
GetStockObject
DeleteObject
DeleteDC
GetCurrentObject
SetStretchBltMode
StretchBlt
CreateDIBSection
MoveToEx
LineTo
CombineRgn
FillRgn
SaveDC
SetBkMode
SetBkColor
SetTextColor
RestoreDC
ExtTextOutW
CreatePen
CreateRectRgnIndirect
GetClipBox
SetWindowOrgEx
GetTextExtentPoint32W
GetTextMetricsW

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegFlushKey
RegCreateKeyW
RegSetValueExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW

shell32

ShellExecuteW
ShellExecuteExW
SHGetFolderPathW

ole32

OleLockRunning
OleUninitialize
OleInitialize
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
OleRun
CoCreateGuid

oleaut32

VarUI4FromStr
SysAllocStringLen
SysStringLen
VariantInit
VariantCopy
VariantChangeType
VariantClear
LoadRegTypeLi
DispCallFunc
OleCreateFontIndirect
SysAllocString
LoadTypeLi
SysFreeString
GetErrorInfo

shlwapi

PathRenameExtensionW
PathRemoveExtensionW
SHDeleteKeyW
PathFindFileNameW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW

comctl32

InitCommonControlsEx

msimg32

AlphaBlend

wininet

InternetReadFile
InternetSetStatusCallbackW
HttpSendRequestW
InternetConnectW
InternetCloseHandle
InternetOpenW
InternetCrackUrlW
HttpEndRequestW
HttpSendRequestExW
HttpAddRequestHeadersW
InternetQueryDataAvailable
InternetWriteFile
InternetErrorDlg
HttpQueryInfoW
HttpOpenRequestW

iphlpapi

GetAdaptersInfo

gdiplus

GdipCreatePen1
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectI
GdipGetImageWidth
GdipFillPath
GdipFillRectangle
GdipDrawArc
GdipSetPixelOffsetMode
GdipSetSmoothingMode
ord1
GdipAddPathLine
GdipClosePathFigure
GdipDeletePath
GdipCreatePath
GdipDeletePen
GdipGetImageHeight
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipGetImagePixelFormat
GdiplusStartup

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

ntohl
getnameinfo
freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
gethostname
getservbyname
ntohs
htons
inet_addr
__WSAFDIsSet
WSAGetLastError
socket
shutdown
setsockopt
sendto
send
select
recvfrom
recv
listen
getsockname
getpeername
ioctlsocket
connect
closesocket
bind
accept
getsockopt

Sections

.text
Size: 728KB - Virtual size: 728KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Download
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb628812cb24be7ccd4f7a946be838b5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

63:bd:88:98:dc:cd:f6:86:99:8f:18:f6:3f:5a:13:6eCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

0a:4e:cd:35:49:b2:4d:0b:bc:59:9b:77:ba:66:5d:98:f3:d5:2e:b2Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

wininet

iphlpapi

gdiplus

version

ws2_32

Sections

.text Size: 728KB - Virtual size: 728KB

.rdata Size: 187KB - Virtual size: 186KB

.data Size: 19KB - Virtual size: 33KB

Download Size: 512B - Virtual size: 4B

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 164KB - Virtual size: 163KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

63:bd:88:98:dc:cd:f6:86:99:8f:18:f6:3f:5a:13:6e
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0a:4e:cd:35:49:b2:4d:0b:bc:59:9b:77:ba:66:5d:98:f3:d5:2e:b2
Signer

.text
Size: 728KB - Virtual size: 728KB

.rdata
Size: 187KB - Virtual size: 186KB

.data
Size: 19KB - Virtual size: 33KB

Download
Size: 512B - Virtual size: 4B

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 164KB - Virtual size: 163KB