f65cb945e54794ef7871ed01a58f95fe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f65cb945e54794ef7871ed01a58f95fe_JaffaCakes118
Size

85KB
MD5

f65cb945e54794ef7871ed01a58f95fe
SHA1

e27877e77fe7b3e77af15209355e63528c97c083
SHA256

108781fd461c87d7cead32f4c5a97546f57b40362a0bdc5b15dea06ec67b8512
SHA512

fd9a63c409d441438ed6e307e4448294d73e514571ab0c3c64d9aa97c12ee4d273782f81bd9fb9b0fc513c2f3263e4fbf1c01f07e48afeb9314ceea5b29b143e
SSDEEP

1536:oFb9sAFeRpxr8VE0C+E8w5dlePv+vxjkeLKEA+qVHewBWqTrHDIciAQJsCsN8:oQAFizG7e8wlaGvxjL6HHBWajIciZaN8

Score

1^/10

Malware Config

Signatures

Files

f65cb945e54794ef7871ed01a58f95fe_JaffaCakes118
.exe windows:5 windows x86 arch:x86

348f6252a9b109756c845b079fb4318f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

89:41:8a:c3:8c:1b:eb:e7:e3:74:57:1b:db:86:c4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

30/04/2010, 00:00

Not After

07/05/2011, 23:59

Subject

CN=Panda Security S.L,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Panda Security S.L,L=Bilbao,ST=Bizkaia,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:ec:45:04:f3:f1:34:5c:d6:2e:f8:5e:bd:75:b0:76:83:55:9e:78
Signer

Actual PE Digest

31:ec:45:04:f3:f1:34:5c:d6:2e:f8:5e:bd:75:b0:76:83:55:9e:78

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Desarrollo\Proyecto_WebProxy\Corporativo\PPP_7.1.11.0_20100427_fuentes\PPP_7.0_Hotfix_Copia Malware\exeRelease\WebProxy.pdb

Imports

wsock32

getpeername
ioctlsocket
WSAGetLastError
gethostbyname
shutdown
setsockopt
recv
select
send
WSAStartup
connect
htons
socket
accept
listen
bind
closesocket
inet_ntoa
recvfrom

icl_cfg

ICL_CFG_GetCfg
ICL_CFG_Finalize
ICL_CFG_Initialize
ICL_CFG_SetCfg

icl_trf

ICL_TRF_InicializarProtocolosCorreo

pskas

MFS_InitializeMsgFilteringSubsystem
AVS_InitializeAntiviralSubsystem
MFS_SetConfigInt
MFS_SetConfigString
ADS_SetConfigInt
ADS_GetLastError
ADS_InitializeAnomalyDetectionSubsystem
SV_Initialize
FSS_InitializeFileScanningSubsystem
AVS_GetLastError
AS_InitializeAnalysisSystem
AS_FreeAnalysisSystem
MDFS_InitializeMalwareDefinitionFileSubsystem

ws2_32

WSAEnumProtocolsA
WSASocketA
WSAIoctl

kernel32

GetStartupInfoA
WaitForMultipleObjects
EnterCriticalSection
lstrcmpiA
LoadLibraryExA
GetACP
MultiByteToWideChar
WideCharToMultiByte
DeleteFileA
GetModuleFileNameA
GetShortPathNameA
lstrcpynA
lstrlenA
GetModuleHandleA
SetThreadPriority
TerminateThread
TerminateProcess
SetEvent
CreateThread
WaitForSingleObject
ReleaseMutex
GetTickCount
ResetEvent
OpenEventA
CreateEventA
GetCurrentProcessId
CloseHandle
FreeLibrary
GetLastError
OpenProcess
GetProcAddress
LoadLibraryA
SetLastError
GetCurrentProcess
GetCurrentThread
GetVersionExA
LocalFree
InitializeCriticalSection
DeleteCriticalSection
CreateMutexA
Sleep
LeaveCriticalSection

user32

CharUpperA
CharPrevA

advapi32

GetUserNameA
RegQueryValueExA
RegOpenKeyExA
DuplicateToken
ImpersonateLoggedOnUser
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExW
RegCloseKey

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_Nomemory@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr71

??_V@YAXPAX@Z
atoi
_stricmp
ftell
fwrite
_mbsnbcpy
_mbsinc
_mbsupr
_mbsnbcmp
rewind
fgetc
_access
_beginthread
_callnewh
??1type_info@@UAE@XZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
?terminate@@YAXXZ
_controlfp
_strnicmp
??1exception@@UAE@XZ
??0exception@@QAE@XZ
__CxxFrameHandler
??3@YAXPAX@Z
_snprintf
??0exception@@QAE@ABV0@@Z
_CxxThrowException
_mbsicmp
_purecall
fclose
strncpy
free
strstr
calloc
fgets
fread
fopen
strtok
fseek
_mbsnbcat
strchr
malloc

Exports

Exports

PAVCOUNT_IncrCounter

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

348f6252a9b109756c845b079fb4318f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

89:41:8a:c3:8c:1b:eb:e7:e3:74:57:1b:db:86:c4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

31:ec:45:04:f3:f1:34:5c:d6:2e:f8:5e:bd:75:b0:76:83:55:9e:78Signer

Headers

File Characteristics

PDB Paths

Imports

wsock32

icl_cfg

icl_trf

pskas

ws2_32

kernel32

user32

advapi32

msvcp71

msvcr71

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 2KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

89:41:8a:c3:8c:1b:eb:e7:e3:74:57:1b:db:86:c4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

31:ec:45:04:f3:f1:34:5c:d6:2e:f8:5e:bd:75:b0:76:83:55:9e:78
Signer

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 2KB