f08aaeb5bd62b226afafa41fb5309510_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f08aaeb5bd62b226afafa41fb5309510_JaffaCakes118
Size

718KB
MD5

f08aaeb5bd62b226afafa41fb5309510
SHA1

b7da20d0d59c0cc459d0d5462e8bd8150e13f31c
SHA256

d777ea681026ec1aa888ebfe083f59af4bcc0c37ad8152fc9771cec693964d07
SHA512

08fd9a2be2f64ef96255ac3d7f2a95a2a4a1b788bad9fa290a9bef123647e81e0e467a2f5b604cc2237874e012020e926d5810ec285dee0b67eb5915f914d3aa
SSDEEP

12288:eP6oYgNWRiEeVulsEOZGABiNKQkUcOpDtJFqr5ymA75GWsQElhYxz0f5l+M86T50:eyoYgN9bulLnGUcOxfwwgVhYxzOW6d0

Score

1^/10

Malware Config

Signatures

Files

f08aaeb5bd62b226afafa41fb5309510_JaffaCakes118
.exe windows:5 windows x86 arch:x86

49aaa276f47796e0cd19da0f46bb0034

Code Sign

39:b4:90:cd:4f:1f:42:bb:9e:bc:d0:4e:f5:99:32:a5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

07-07-2010 00:00

Not After

07-07-2011 23:59

Subject

CN=Design and Marketing D.M. SOCIEDAD ANONIMA,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Loudmo,O=Design and Marketing D.M. SOCIEDAD ANONIMA,L=Escazu,ST=San Jose,C=CR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_pclose
tmpfile
fscanf
getenv
strrchr
strtoul
fputs
getc
fclose
freopen
ferror
strftime
fread
fopen
ungetc
strerror
feof
_iob
__mb_cur_max
strchr
_amsg_exit
isleadbyte
_errno
wcscpy
_strcmpi
exit
fflush
tmpnam
_localtime64
_time64
isalnum
ispunct
tolower
strncpy
isalpha
isdigit
isupper
iscntrl
toupper
islower
??3@YAXPAX@Z
strpbrk
isxdigit
atan2
sqrt
cos
modf
ldexp
pow
log
tanh
sinh
tan
fmod
srand
cosh
acos
floor
frexp
log10
atan
exp
fabs
asin
sin
strtod
strncat
strcspn
_popen
fgets
setvbuf
fwrite
ftell
fseek
clearerr
rename
_mktime64
memchr
_gmtime64
__setusermatherr
__p__commode
_setjmp3
system
remove
setlocale
clock
_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
_controlfp
?terminate@@YAXXZ
_itoa
fprintf
_snprintf
_wcsicmp
ceil
memcmp
strstr
rand
wcsncpy
strcpy
strcmp
calloc
towlower
wcstoul
wcstol
isspace
_purecall
wcscmp
_wrename
iswdigit
realloc
wcsstr
_wtoi
??_V@YAXPAX@Z
??_U@YAPAXI@Z
??2@YAPAXI@Z
strlen
memmove
memcpy
wcslen
sprintf
free
malloc
memset
mbtowc
__set_app_type
__p__fmode
_initterm
_wcmdln
_XcptFilter
_exit
_cexit
__wgetmainargs
iswctype
_onexit
_lock
__dllonexit
_unlock
abs
localeconv
longjmp
strcoll
strcat
_except_handler3

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

urlmon

ObtainUserAgentString
UrlMkSetSessionOption

wininet

HttpQueryInfoW
InternetOpenW
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
InternetOpenUrlW
InternetReadFile
InternetCrackUrlW
InternetCloseHandle

shlwapi

PathIsDirectoryW

kernel32

SystemTimeToFileTime
VirtualFree
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
RtlUnwind
OutputDebugStringA
GetModuleFileNameA
GetVersion
GetSystemInfo
VirtualAlloc
VirtualProtect
GetFullPathNameW
GetExitCodeProcess
CreateProcessW
lstrcmpW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
HeapFree
lstrcpyW
GetProcessHeap
HeapAlloc
SetEndOfFile
lstrcpynA
LockResource
SetCurrentDirectoryW
FlushInstructionCache
GetCurrentThreadId
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
lstrcmpiW
RaiseException
TerminateProcess
OpenProcess
GetCurrentProcess
GetVersionExW
RemoveDirectoryW
FindClose
FindNextFileW
SetFileAttributesW
FindFirstFileW
GetTempPathW
LocalFree
LocalAlloc
GetModuleFileNameW
VirtualQuery
GetCommandLineW
GetLastError
SetFileTime
WriteFile
CreateDirectoryW
LocalFileTimeToFileTime
GetCurrentDirectoryW
ReadFile
WideCharToMultiByte
FormatMessageA
FreeLibrary
LoadLibraryA
GetProcAddress
GetModuleHandleA
SetFilePointer
CreateFileW
DeleteFileW
GetFileAttributesW
OutputDebugStringW
DebugBreak
Sleep
GetExitCodeThread
CreateThread
CloseHandle
WaitForSingleObject
GetTickCount
lstrlenA
MultiByteToWideChar
lstrlenW
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection

user32

GetWindowTextLengthW
GetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetDlgItem
GetClassNameW
GetSysColor
RedrawWindow
GetClassInfoExW
CreateWindowExW
RegisterWindowMessageW
ClientToScreen
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
CallWindowProcW
InvalidateRect
GetDC
ReleaseDC
DestroyAcceleratorTable
DefWindowProcW
LoadCursorW
IsWindowVisible
CreateAcceleratorTableW
RegisterClassExW
SetWindowTextW
EndDialog
SetRect
GetKeyState
ShowWindow
SetParent
MessageBoxA
PostQuitMessage
MessageBoxW
GetWindow
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
MapWindowPoints
SetWindowPos
LoadIconW
PostMessageW
SetWindowLongW
CreateDialogIndirectParamW
DestroyWindow
IsWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetDesktopWindow
UpdateWindow
SendMessageW
FindWindowExW
GetClientRect
wsprintfW
CharNextW
wvsprintfW
LoadStringW
CharLowerW
KillTimer
SetTimer
UnregisterClassA

gdi32

GetDeviceCaps
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
GetObjectW

advapi32

RegDeleteValueA
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueA
RegEnumKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA

shell32

SHGetFolderPathW
ShellExecuteW

ole32

CoCreateGuid
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
OleUninitialize
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

LoadRegTypeLi
SysAllocString
VarUI4FromStr
SysFreeString
VariantClear
DispCallFunc
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
SysAllocStringLen
OleCreateFontIndirect
SysStringLen
LoadTypeLi
SafeArrayCreateVector
VarBstrCmp
VariantChangeType
SysAllocStringByteLen
VariantInit
SysStringByteLen

Sections

.text
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ATL
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 437KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49aaa276f47796e0cd19da0f46bb0034

Code Sign

39:b4:90:cd:4f:1f:42:bb:9e:bc:d0:4e:f5:99:32:a5Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

version

urlmon

wininet

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 225KB - Virtual size: 224KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 2KB - Virtual size: 3KB

ATL Size: 512B - Virtual size: 8B

.rsrc Size: 437KB - Virtual size: 437KB

.reloc Size: 12KB - Virtual size: 11KB

39:b4:90:cd:4f:1f:42:bb:9e:bc:d0:4e:f5:99:32:a5
Certificate

.text
Size: 225KB - Virtual size: 224KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 2KB - Virtual size: 3KB

ATL
Size: 512B - Virtual size: 8B

.rsrc
Size: 437KB - Virtual size: 437KB

.reloc
Size: 12KB - Virtual size: 11KB