f50f8aa9fb19d7ec3e54517e93ffce70_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f50f8aa9fb19d7ec3e54517e93ffce70_JaffaCakes118
Size

1.2MB
MD5

f50f8aa9fb19d7ec3e54517e93ffce70
SHA1

7589ae9bf664e6c87787c020bb30166dc760a92c
SHA256

917d0430e402640470b1c9f05c50c225df4a88317c7fa881f4864147e9887434
SHA512

af3f5e991bcac22a16e6c15588ef0631801b3326daece291c0021bdafcdd1a34ce65630ba16b12746a3b1191fd86a000ac8dff214c10808339b661b8605167c8
SSDEEP

24576:4S/s3o9UE3OBfejZhe2dVIFAca9vbObHk0izqcODrcRaV4DSpOvCVI:4S/s3o9VOcjZhe2ddybHk0izqcODriaU

Score

1^/10

Malware Config

Signatures

Files

f50f8aa9fb19d7ec3e54517e93ffce70_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a68986bb68dcd7de8ef6974908fa18e2

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:d7:9c:d4:bc:82:9c:12:00:df:69:6e:e9:0b:6b:89
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

26-03-2010 00:00

Not After

26-04-2012 23:59

Subject

CN=Netinus Sp. z o.o.,O=Netinus Sp. z o.o.,L=Warszawa,ST=mazowieckie,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

opengl32

glGetString
glFlush
glClearColor
glClear
wglDeleteContext
wglCreateContext
glHint
glShadeModel
glLineWidth
glMatrixMode
glVertex2i
glEdgeFlag
glDeleteTextures
glListBase
glCallLists
glGenLists
glTexParameteri
glTexImage2D
glNewList
glEndList
wglGetCurrentContext
wglMakeCurrent
glColor4d
glRectd
glRecti
glEnable
glBlendFunc
glTexEnvi
glTranslated
glRotated
glColor3d
glBindTexture
glBegin
glTexCoord2d
glVertex2d
glEnd
glDisable
glGetIntegerv
glPushMatrix
glLoadIdentity
glViewport
glOrtho
glPopMatrix
glGenTextures

glu32

gluBuild2DMipmaps

netapi32

Netbios

kernel32

GlobalLock
SetProcessWorkingSetSize
GetProcessWorkingSetSize
GetLocalTime
LocalFree
lstrcpynA
FormatMessageA
MulDiv
SetLastError
SetThreadPriority
ResumeThread
GetCurrentThreadId
WaitForSingleObject
SetEvent
SuspendThread
CreateEventA
lstrcmpW
lstrcatA
FreeLibrary
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
FreeResource
MoveFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameA
DuplicateHandle
FindClose
FindFirstFileA
lstrcmpA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
InterlockedIncrement
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
WritePrivateProfileStringA
RtlUnwind
HeapFree
ExitProcess
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
TerminateProcess
GetTimeFormatA
GetDateFormatA
IsBadReadPtr
GetStartupInfoA
GetCommandLineA
HeapReAlloc
ExitThread
CreateThread
SetStdHandle
GetFileType
lstrcpyA
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetCurrentProcessId
SetHandleCount
GetStdHandle
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsBadCodePtr
SetEnvironmentVariableA
GlobalAlloc
GlobalFree
GetProcessHeap
SetCurrentDirectoryA
InterlockedDecrement
GetCurrentProcess
SetPriorityClass
GetSystemDirectoryA
DeviceIoControl
RaiseException
DeleteCriticalSection
InitializeCriticalSection
GetFileAttributesA
SetFileAttributesA
GetVolumeInformationA
GetComputerNameA
GetCurrentDirectoryA
GetModuleFileNameA
CopyFileA
Beep
CreateFileA
CloseHandle
GetModuleHandleA
LoadLibraryA
GetProcAddress
WinExec
Sleep
EnterCriticalSection
LeaveCriticalSection
GetTickCount
GetLastError
lstrlenA
lstrcmpiA
CompareStringA
CompareStringW
MultiByteToWideChar
GetVersion
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
DeleteFileA
CreateDirectoryA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
HeapSize
GlobalUnlock
GetFileSize

user32

SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
wsprintfA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
GetLastActivePopup
SetActiveWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
MessageBoxA
SetForegroundWindow
UpdateWindow
GetMenu
GetSysColor
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
CallWindowProcA
SystemParametersInfoA
GetWindowPlacement
ShowOwnedPopups
GetWindowTextA
GetFocus
GetParent
SetWindowPos
SetFocus
IsWindowEnabled
ShowWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
GetWindowLongA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GetWindow
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
CharUpperA
KillTimer
MoveWindow
PostQuitMessage
IsIconic
DispatchMessageA
GetActiveWindow
IsWindowVisible
PeekMessageA
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
DestroyMenu
GetSysColorBrush
EndPaint
LoadIconA
ActivateKeyboardLayout
BeginPaint
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DefWindowProcA
GetClientRect
GetWindowRect
GetSystemMetrics
GetForegroundWindow
FlashWindow
SetTimer
ReleaseCapture
GetKeyState
GetDC
SetCursor
GetCursorPos
ScreenToClient
InvalidateRect
SetCapture
SendMessageA
EnableWindow
LoadCursorA
UnregisterClassA
ReleaseDC
PostMessageA
CopyImage
CloseClipboard
GetClipboardData
OpenClipboard
GetKeyboardLayout
CopyRect
ChangeDisplaySettingsA
EnumDisplaySettingsA
SetRect
GetKeyboardState
keybd_event
ClientToScreen
SetCursorPos
PtInRect
EmptyClipboard
SetClipboardData
UnhookWindowsHookEx

gdi32

GetClipBox
SetTextColor
SetBkColor
SaveDC
RestoreDC
SetBkMode
SetMapMode
ChoosePixelFormat
GetDeviceCaps
SetPixelFormat
GetBitmapBits
CreateBitmap
GetTextExtentPoint32A
CreateFontA
CreatePalette
CreateDIBSection
DeleteObject
DescribePixelFormat
DeleteDC
GetObjectA
SwapBuffers
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateCompatibleDC

comdlg32

GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueExA
RegSetValueExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA
SHGetSpecialFolderPathA
SHFileOperationA

comctl32

ord17

shlwapi

PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathFileExistsA
PathRemoveFileSpecA
PathFindFileNameA

ole32

CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CreateStreamOnHGlobal
CoSetProxyBlanket
CoInitialize
CoUninitialize

oleaut32

VariantClear
SysAllocString
SysFreeString
OleLoadPicture
SafeArrayDestroy
VariantInit
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
VariantChangeType
VarUdateFromDate
SystemTimeToVariantTime

ws2_32

WSACleanup
send
ioctlsocket
setsockopt
socket
WSAStartup
bind
inet_addr
inet_ntoa
getsockname
closesocket
recv
__WSAFDIsSet
select
WSAGetLastError
connect
gethostbyname
htons
shutdown

wininet

InternetOpenA
InternetSetOptionA
InternetOpenUrlA
InternetCloseHandle
HttpQueryInfoA
InternetReadFile
InternetGetLastResponseInfoA

Sections

.text
Size: 1012KB - Virtual size: 1008KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a68986bb68dcd7de8ef6974908fa18e2

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

7f:d7:9c:d4:bc:82:9c:12:00:df:69:6e:e9:0b:6b:89Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

opengl32

glu32

netapi32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

ws2_32

wininet

Sections

.text Size: 1012KB - Virtual size: 1008KB

.rdata Size: 160KB - Virtual size: 158KB

.data Size: 12KB - Virtual size: 2.5MB

.rsrc Size: 36KB - Virtual size: 35KB

01
Certificate

0a
Certificate

7f:d7:9c:d4:bc:82:9c:12:00:df:69:6e:e9:0b:6b:89
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

.text
Size: 1012KB - Virtual size: 1008KB

.rdata
Size: 160KB - Virtual size: 158KB

.data
Size: 12KB - Virtual size: 2.5MB

.rsrc
Size: 36KB - Virtual size: 35KB