f64ded3719ac164fcf1caaf689b86dac_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f64ded3719ac164fcf1caaf689b86dac_JaffaCakes118
Size

574KB
MD5

f64ded3719ac164fcf1caaf689b86dac
SHA1

068ae39d81365129fb54b8c02e1f7928f64f9aa5
SHA256

3a4bff5d2e3827595e6f9d6c09f2c30599d236d0cd9a91184a86065858af8bb1
SHA512

736de1aadd541822103510d791b759d75b8de46e28c073bf48c128b0a54c6d8de715ad55e8017c643faeb5514c222cdc686d0af49af7be53697b7f2f86a2c949
SSDEEP

12288:Tm5Hb4hFoVN3559+9b7FT8tivBiPPOT3OiHKjOmS0TXMa8VgUiPL:Tm574hAIFKOT3OZjyEX9XVPL

Score

1^/10

Malware Config

Signatures

Files

f64ded3719ac164fcf1caaf689b86dac_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f558caf48b1d006aa8c5d1239bbe1e99

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:f6:aa:86:c6:21:ce:34:2e:70:76:e3:e2:25:24:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/08/2008, 00:00

Not After

24/09/2011, 23:59

Subject

CN=DameWare Development\, LLC.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=DameWare Development\, LLC.,L=Mandeville,ST=Louisiana,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

89:c8:ae:8c:b0:1c:33:9f:63:8c:35:3e:af:6f:5b:9b:5b:bf:af:28
Signer

Actual PE Digest

89:c8:ae:8c:b0:1c:33:9f:63:8c:35:3e:af:6f:5b:9b:5b:bf:af:28

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsAlloc
TlsGetValue
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RaiseException
GetSystemTimeAsFileTime
RtlUnwind
CreateThread
ExitThread
SetFileTime
WriteFile
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
SetErrorMode
OpenProcess
FindClose
ReadFile
ExitProcess
HeapFree
lstrcpyA
GetProcessHeap
HeapAlloc
GetCurrentThread
LocalAlloc
SetThreadPriority
GetTickCount
LocalFree
GetCurrentProcessId
WaitForMultipleObjects
SetProcessShutdownParameters
GetCurrentThreadId
MoveFileExW
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObject
ResetEvent
TlsSetValue
LoadLibraryA
FreeLibrary
SetLastError
GetFileTime
GetFileAttributesA
lstrcmpA
GetVersion
SetEnvironmentVariableA
FlushFileBuffers
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeA
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
Sleep
GetTimeZoneInformation
HeapSize
LCMapStringA
GetOEMCP
GetACP
GetModuleFileNameA
GetStdHandle
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
TlsFree
InterlockedIncrement
GetModuleHandleA
InterlockedExchange
CompareStringA
GlobalFree
GetLocalTime
SystemTimeToFileTime
LocalFileTimeToFileTime
lstrcatA
GetFileSize
SetFilePointer
lstrlenA
SizeofResource
LoadResource
FreeResource
GetExitCodeProcess
lstrcmpiA
GlobalSize
DeviceIoControl
GetSystemDirectoryA
GetOverlappedResult
GetCurrentProcess
DuplicateHandle
GetLastError
ResumeThread
GetExitCodeThread
TerminateThread
CloseHandle
InterlockedDecrement

user32

KillTimer
ExitWindowsEx
wsprintfA
SetClipboardViewer
GetDoubleClickTime
GetKeyboardState
GetKeyState
mouse_event
EmptyClipboard
SetClipboardData
ChangeClipboardChain
PostQuitMessage
GetClipboardOwner
OpenClipboard
SetTimer
CloseClipboard
GetUserObjectInformationW
EnumWindows
OpenDesktopW
OpenInputDesktop
SetThreadDesktop
GetWindowDC
IsIconic
GetForegroundWindow
GetCaretPos
ClientToScreen
GetThreadDesktop
SetCursorPos
EqualRect
GetCursorPos
GetIconInfo
IsWindowEnabled
CharUpperA
GetPriorityClipboardFormat
GetAsyncKeyState
WindowFromPoint
IsWindowVisible
GetWindowThreadProcessId
AttachThreadInput
GetCursor
CopyRect
GetSystemMetrics
keybd_event
TranslateMessage
CloseDesktop
GetDC
ReleaseDC
CharLowerA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

ws2_32

WSALookupServiceEnd
WSALookupServiceBeginW
WSALookupServiceNextW
gethostname
connect
ioctlsocket
socket
getsockopt
bind
listen
sendto
recv
send
getsockname
getpeername
accept
shutdown
setsockopt
closesocket
WSACleanup
WSAStartup
WSASetLastError
ntohs
getservbyport
gethostbyaddr
htons
getservbyname
htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr
recvfrom

gdi32

GetMetaFileBitsEx
GetStockObject
SetMetaFileBitsEx
SetEnhMetaFileBits
PatBlt
GdiSetBatchLimit
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
GetSystemPaletteEntries
CreateHalftonePalette
GetPaletteEntries
CreatePalette
SelectPalette
RealizePalette
ExtEscape
DeleteDC
GetDIBits
DeleteObject
GetDeviceCaps
GetEnhMetaFileBits

advapi32

ControlService
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
AllocateAndInitializeSid
InitializeAcl
GetTokenInformation
IsValidSid
EqualSid
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
FreeSid
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetLengthSid
OpenThreadToken
LookupAccountNameW
SetThreadToken
ReportEventW
RegisterEventSourceW
DeleteService
QueryServiceStatus
AddAccessAllowedAce
StartServiceW
CreateServiceW
SetServiceStatus
DeregisterEventSource
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
ImpersonateLoggedOnUser
RevertToSelf
CreateProcessAsUserW
SetSecurityDescriptorSacl
SetFileSecurityW
GetAce
SetTokenInformation

oleaut32

SysStringLen
SysAllocString
SysFreeString

Exports

Exports

_CharLowerW@4
_CharUpperW@4
_CoInitializeEx@8
_CompareStringW@24
_GetFileAttributesExA@12
_GetFileAttributesExW@12
_GetFileSizeEx@8
_GetLocaleInfoW@16
_GetMenuBarInfo@16
_GetModuleHandleW@4
_GetStringTypeW@16
_InitializeCriticalSectionAndSpinCount@8
_InterlockedCompareExchange@12
_IsDebuggerPresent@0
_IsProcessorFeaturePresent@4
_LCMapStringW@24
_MultiByteToWideChar@24
_WideCharToMultiByte@32
_lstrcmpW@8
_lstrlenW@4

Sections

.text
Size: 394KB - Virtual size: 394KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f558caf48b1d006aa8c5d1239bbe1e99

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

75:f6:aa:86:c6:21:ce:34:2e:70:76:e3:e2:25:24:3eCertificate

Extended Key Usages

Key Usages

89:c8:ae:8c:b0:1c:33:9f:63:8c:35:3e:af:6f:5b:9b:5b:bf:af:28Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

ws2_32

gdi32

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 394KB - Virtual size: 394KB

.rdata Size: 104KB - Virtual size: 103KB

.data Size: 14KB - Virtual size: 73KB

.rsrc Size: 55KB - Virtual size: 55KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:f6:aa:86:c6:21:ce:34:2e:70:76:e3:e2:25:24:3e
Certificate

89:c8:ae:8c:b0:1c:33:9f:63:8c:35:3e:af:6f:5b:9b:5b:bf:af:28
Signer

.text
Size: 394KB - Virtual size: 394KB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 14KB - Virtual size: 73KB

.rsrc
Size: 55KB - Virtual size: 55KB