f5ea807f7672b0e5ddf2fd4d69af799d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f5ea807f7672b0e5ddf2fd4d69af799d_JaffaCakes118
Size

776KB
MD5

f5ea807f7672b0e5ddf2fd4d69af799d
SHA1

2f2247c0c2dc883feada33ba1b3c14fed5d9cd7d
SHA256

186e4adcf9681ac85bd161a59619e82f433cbf3378e7c19cf5377232076ccca8
SHA512

b195a2a7e21e7b2b25f78c11c585ff876321c70bfd12eeebfdcf03a78fa064029772d6646adbb4477024461d25f8d300b8cb8abadd83078e9dd7eea9c3884474
SSDEEP

12288:xzArZ+XhHJqhzMS84cswGvJx55555wdJHwM18:B7JwGXswU55555wDI

Score

1^/10

Malware Config

Signatures

Files

f5ea807f7672b0e5ddf2fd4d69af799d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

088a2a44555d279d14af219467d31d1b

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:95:b5:d4:f3:5b:29:46:f8:19:af:3b:c3:01:60:76
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

11/11/2008, 14:07

Not After

11/11/2010, 14:07

Subject

CN=Gameforge Productions GmbH,OU=Publishing,O=Gameforge Productions GmbH,L=Karlsruhe,ST=Baden-Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

05:eb:54:5e:82:23:42:48:f4:d7:7e:56:2d:bb:b1:28:34:1a:6c:ae
Signer

Actual PE Digest

05:eb:54:5e:82:23:42:48:f4:d7:7e:56:2d:bb:b1:28:34:1a:6c:ae

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetOpenA
InternetCloseHandle
FtpFindFirstFileA
InternetReadFile
FtpOpenFileA

winmm

timeGetTime

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
ExitProcess
TerminateProcess
RtlUnwind
GetTimeZoneInformation
RaiseException
HeapFree
CreateThread
ExitThread
GetStartupInfoA
GetCommandLineA
HeapAlloc
HeapReAlloc
HeapSize
GetACP
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFileAttributesA
GetOEMCP
GetCPInfo
SizeofResource
GetProcessVersion
GetProfileStringA
InterlockedExchange
GlobalFlags
TlsGetValue
SetLastError
CopyFileA
GetCurrentDirectoryA
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryExA
SetErrorMode
GetLastError
Sleep
WinExec
LocalReAlloc
TlsSetValue
CloseHandle
WaitForSingleObject
GetExitCodeProcess
CreateProcessA
WriteFile
CreateFileA
DeleteFileA
MultiByteToWideChar
lstrlenA
GetModuleHandleA
MulDiv
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetTickCount
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
GetModuleFileNameA
LoadResource
GetFileTime
FindResourceA
LockResource
GlobalFree
GlobalUnlock
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
GetPrivateProfileStringA
WritePrivateProfileStringA
lstrcpyA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcatA
GetVersion
LoadLibraryA
lstrcpynA
DuplicateHandle
GetCurrentProcess
ReadFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
LocalFree
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
GetFileSize

user32

ScreenToClient
AdjustWindowRectEx
SetFocus
MapWindowPoints
SendDlgItemMessageA
UpdateWindow
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
LoadStringA
DestroyMenu
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
GrayStringA
CharUpperA
LoadCursorA
GetClassNameA
PtInRect
GetSysColorBrush
InflateRect
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
CopyRect
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
GetDlgItem
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
SetCursor
PostQuitMessage
IsWindow
DrawTextA
GetSysColor
RedrawWindow
GetDC
ReleaseDC
InvalidateRect
GetParent
GetWindowRect
LoadBitmapA
MessageBoxA
PostMessageA
CharNextA
EnableWindow
KillTimer
wsprintfA
SetTimer
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
IsWindowUnicode
GetSystemMenu
AppendMenuA
LoadIconA
FindWindowA
SendMessageA
DefDlgProcA
DrawFocusRect
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA
DestroyWindow

gdi32

GetTextExtentPointA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
IntersectClipRect
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
PatBlt
CreateSolidBrush
GetDeviceCaps
CreateFontA
DeleteDC
DeleteObject
SelectObject
StretchBlt
CreateCompatibleBitmap
CreateBitmap
CreateCompatibleDC
BitBlt
GetObjectA
CreateDIBitmap

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegDeleteKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyA
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA

shell32

ShellExecuteA

comctl32

_TrackMouseEvent
ord17

ole32

OleInitialize
OleUninitialize
CoCreateInstance

oleaut32

VariantClear
VariantInit
SysAllocString

ws2_32

WSASocketA
setsockopt
connect
WSAAsyncSelect
WSAGetLastError
htons
closesocket
ntohs
WSARecv
WSASend
WSACleanup
WSAStartup
WSASetLastError
gethostbyname
inet_ntoa
inet_addr

Sections

.text
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 436KB - Virtual size: 434KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

088a2a44555d279d14af219467d31d1b

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

39:95:b5:d4:f3:5b:29:46:f8:19:af:3b:c3:01:60:76Certificate

Extended Key Usages

05:eb:54:5e:82:23:42:48:f4:d7:7e:56:2d:bb:b1:28:34:1a:6c:aeSigner

Headers

File Characteristics

Imports

wininet

winmm

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

ws2_32

Sections

.text Size: 232KB - Virtual size: 228KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 56KB - Virtual size: 76KB

.rsrc Size: 436KB - Virtual size: 434KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

39:95:b5:d4:f3:5b:29:46:f8:19:af:3b:c3:01:60:76
Certificate

05:eb:54:5e:82:23:42:48:f4:d7:7e:56:2d:bb:b1:28:34:1a:6c:ae
Signer

.text
Size: 232KB - Virtual size: 228KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 56KB - Virtual size: 76KB

.rsrc
Size: 436KB - Virtual size: 434KB