e103a21ec316c466c663bd6c9901168f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e103a21ec316c466c663bd6c9901168f_JaffaCakes118
Size

577KB
MD5

e103a21ec316c466c663bd6c9901168f
SHA1

cfcc92f7a50aa3dd786f143a141a99eb42281dd5
SHA256

2ae692c38c2e6c730d3dc688c976bf21645bbb90acab86ddfc0b44de74534e8e
SHA512

82a7fd783dc9cbccbc0a2c90f5907b472fee2842fdd6fbe8766d690c716d43c36742dbe11cbf134696096d383a77b021e93b310cfa5bade3c4ee078d844b71cb
SSDEEP

6144:3bBUQ8yq8qX7sJOG4DWC/AU71FFFgrOp1Lz+4IFs5W0IBTlFwARRRRRRRR8B7z:3bBU18qX7V6GFFSr4lXCv/YB7z

Score

1^/10

Malware Config

Signatures

Files

e103a21ec316c466c663bd6c9901168f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

53406774f0b7aaef5a003fd6d087d4f3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:ed:90:92:bd:d1:dc:cf:58:d2:af:a4:7f:96:14:48
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

22/07/2008, 00:00

Not After

31/07/2009, 23:59

Subject

CN=ASUSTeK Computer Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Quality Testing Department,O=ASUSTeK Computer Inc.,L=Taipei / Peitou,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c9:94:fb:53:3c:99:77:dd:71:a1:66:af:11:39:45:99:03:28:05:0a
Signer

Actual PE Digest

c9:94:fb:53:3c:99:77:dd:71:a1:66:af:11:39:45:99:03:28:05:0a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesW
GetFileTime
SetErrorMode
GetStartupInfoW
RtlUnwind
HeapFree
GetSystemTimeAsFileTime
HeapAlloc
ExitProcess
HeapReAlloc
SetStdHandle
GetFileType
TerminateProcess
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FileTimeToLocalFileTime
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
LCMapStringA
LCMapStringW
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
FileTimeToSystemTime
InterlockedIncrement
GlobalFlags
lstrcmpiW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
GetCurrentThread
GetModuleFileNameW
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
GetVersion
GlobalGetAtomNameW
WideCharToMultiByte
lstrcpyW
GlobalAlloc
FormatMessageW
InterlockedDecrement
GlobalFree
GlobalLock
GlobalUnlock
MulDiv
SetLastError
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrlenA
GetModuleHandleA
lstrcatW
lstrcmpW
GetVersionExA
RaiseException
LoadLibraryA
LocalAlloc
MultiByteToWideChar
GetCurrentProcessId
ProcessIdToSessionId
GetComputerNameW
lstrlenW
lstrcpynW
GetFileSize
ReadFile
WriteFile
LocalFree
Sleep
GetCurrentProcess
CreateThread
CreateEventW
GetUserDefaultUILanguage
GetPrivateProfileStringW
GetLocalTime
CreateFileW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
WaitForSingleObject
ReleaseMutex
CloseHandle
CreateMutexW
GetTickCount
GetLastError
LoadLibraryW
GetProcAddress
GetModuleHandleW
DeleteFileW
FreeLibrary
FindResourceW
LoadResource
LockResource
FreeEnvironmentStringsW
SizeofResource

user32

PostQuitMessage
UnpackDDElParam
ReuseDDElParam
LoadMenuW
DestroyMenu
ReleaseCapture
InsertMenuItemW
CreatePopupMenu
SetRectEmpty
BringWindowToTop
SetMenu
wsprintfW
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
SetMenuItemBitmaps
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
IsWindowEnabled
ShowWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
WinHelpW
GetCapture
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
SetPropW
GetPropW
SendDlgItemMessageW
SendDlgItemMessageA
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
PeekMessageW
MapWindowPoints
MessageBoxW
TrackPopupMenu
GetKeyState
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
EqualRect
DeferWindowPos
GetClassInfoW
UnregisterClassW
CallWindowProcW
GetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
BeginPaint
EndPaint
ClientToScreen
AdjustWindowRectEx
MoveWindow
GetWindow
GetDlgCtrlID
SetWindowLongW
CharUpperW
IsWindow
GetSysColor
GetMessagePos
GetParent
InvalidateRect
GetClientRect
InflateRect
PtInRect
SetCursor
SetForegroundWindow
keybd_event
FindWindowExW
GetClassNameW
GetSysColorBrush
GetMenuItemInfoW
GetMessageW
TranslateMessage
ValidateRect
RemovePropW
ShowOwnedPopups
LoadIconW
UpdateWindow
SystemParametersInfoW
OpenDesktopW
EnumDesktopWindows
CloseDesktop
GetForegroundWindow
IsWindowVisible
FindWindowW
RegisterClassW
GetSystemMetrics
WindowFromPoint
GetCursorPos
ScreenToClient
UpdateLayeredWindow
DefWindowProcW
LoadAcceleratorsW
GetWindowInfo
SetLayeredWindowAttributes
SendMessageW
KillTimer
SetTimer
GetWindowRect
TranslateAcceleratorW
GetDC
ReleaseDC
GetDlgItem
SetWindowPos
PostMessageW
EnableWindow
LoadCursorW
GetTopWindow

gdi32

CreatePatternBrush
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetDeviceCaps
SetMapMode
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
CreateFontW
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32W
CreateFontIndirectW
GetStockObject
GetObjectW
CreateDIBSection
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
StretchBlt
DeleteObject
DeleteDC
CreateSolidBrush
GetPixel

msimg32

AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

shell32

DragFinish
DragQueryFileW
SHGetSpecialFolderPathW

comctl32

ImageList_Destroy
ImageList_GetImageInfo
ImageList_Draw
ord17
_TrackMouseEvent

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
SHStrDupW
PathIsUNCW

ole32

CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoCreateInstance
CreateBindCtx
CoTaskMemFree
CoTaskMemAlloc

oleaut32

VariantInit
VariantClear
VariantChangeType

gdiplus

GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipDrawLineI
GdipDrawRectangleI
GdipFillRectangleI
GdipFree
GdipAlloc
GdipDeleteBrush
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeleteGraphics
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromHBITMAP
GdipCreateHBITMAPFromBitmap
GdipCreateSolidFill
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipCreateFromHDC
GdipSetTextRenderingHint
GdipSetPixelOffsetMode
GdipGraphicsClear
GdipCloneBrush
GdipCloneImage
GdiplusStartup
GdiplusShutdown
GdipDrawString
GdipMeasureString
GdipDrawImageRectI
GdipCreatePen1
GdipDeletePen

netapi32

NetUserEnum
NetQueryDisplayInformation
NetApiBufferFree

wtsapi32

WTSFreeMemory
WTSRegisterSessionNotification
WTSUnRegisterSessionNotification
WTSQuerySessionInformationW

crypt32

CryptProtectData
CryptUnprotectData

Sections

.text
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53406774f0b7aaef5a003fd6d087d4f3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

37:ed:90:92:bd:d1:dc:cf:58:d2:af:a4:7f:96:14:48Certificate

Extended Key Usages

Key Usages

c9:94:fb:53:3c:99:77:dd:71:a1:66:af:11:39:45:99:03:28:05:0aSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

netapi32

wtsapi32

crypt32

Sections

.text Size: 204KB - Virtual size: 200KB

.rdata Size: 52KB - Virtual size: 50KB

.data Size: 8KB - Virtual size: 21KB

.rsrc Size: 144KB - Virtual size: 142KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

37:ed:90:92:bd:d1:dc:cf:58:d2:af:a4:7f:96:14:48
Certificate

c9:94:fb:53:3c:99:77:dd:71:a1:66:af:11:39:45:99:03:28:05:0a
Signer

.text
Size: 204KB - Virtual size: 200KB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 144KB - Virtual size: 142KB