f9ca7f74fc2e51ad790c0cbc7d982a69_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f9ca7f74fc2e51ad790c0cbc7d982a69_JaffaCakes118
Size

2.5MB
MD5

f9ca7f74fc2e51ad790c0cbc7d982a69
SHA1

91580015dfe236c92b7f5690d42b58359913a257
SHA256

c27a9398c2a13acaf0a94c1c2462b70b5ab9d8a4a6b551e0eeb3966919cea1b1
SHA512

cd4ede042183b175e6fdb3f4f01095aba30d28747646c8d1ae2a8abde3b00be7e9cd9ab57146e4e215946ab634463e9ac9ccb8b829e39576b3074fff47259460
SSDEEP

24576:7Zqm0rrYVAHJui8HopCDuyKAlBmdUCrD8dZolBGfwRyGU4x+Km62JlbNSgBOMfAY:1qmXVAHwi8HopC6y3Bmv88RyrDpQml

Score

1^/10

Malware Config

Signatures

Files

f9ca7f74fc2e51ad790c0cbc7d982a69_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6dd4dc16535d469fbba536857a853cdb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

02:a7:89:94:e8:04:2b:c5:0c:7a:33:3e:91:f7:4b:3d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

20/09/2007, 00:00

Not After

14/11/2010, 23:59

Subject

CN=C-NetMedia,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=C-NetMedia,L=Mobile,ST=Alabama,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1c:18:42:b6:1e:f1:da:c7:db:db:48:de:c7:f5:54:38:a4:25:5e:91
Signer

Actual PE Digest

1c:18:42:b6:1e:f1:da:c7:db:db:48:de:c7:f5:54:38:a4:25:5e:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Matthew\WorkCode\RegistryBot\trunk\release\RegistryBot.pdb

Imports

tcl

Tcl_EvalEx
Tcl_ResetResult
Tcl_DeleteInterp
Tcl_CreateCommand
Tcl_ProcCmd
Tcl_CreateInterp
Tcl_CloneInterp
Tcl_DeleteClone
Tcl_FreeList
Tcl_SplitList
Tcl_GetStringResult
Tcl_SetResult

kernel32

ExitThread
SetEnvironmentVariableA
SetStdHandle
GetFileType
ExitProcess
RtlUnwind
HeapSize
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDateFormatA
GetTimeFormatA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
GetCommandLineA
HeapReAlloc
VirtualQuery
VirtualAlloc
VirtualProtect
GetTickCount
SetErrorMode
GetOEMCP
GetCPInfo
InterlockedIncrement
LocalReAlloc
GlobalHandle
GlobalReAlloc
GlobalFlags
RaiseException
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
GetThreadLocale
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetCurrentProcessId
GlobalAddAtomA
InterlockedDecrement
GetModuleFileNameW
SuspendThread
GlobalDeleteAtom
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
CreateNamedPipeA
DisconnectNamedPipe
FlushFileBuffers
WriteFile
HeapCompact
HeapCreate
HeapDestroy
ConnectNamedPipe
ReadFile
LocalAlloc
GetCurrentThread
GetSystemTime
CreateProcessA
SearchPathA
GetFileAttributesA
TerminateProcess
GetSystemInfo
FormatMessageA
GetFileTime
CreateThread
MoveFileA
TlsFree
TlsAlloc
HeapAlloc
LocalFree
WritePrivateProfileStringA
HeapFree
GetProcessHeap
GetStdHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
lstrcatA
lstrcpyA
GlobalAlloc
ResumeThread
GlobalFree
GlobalUnlock
GlobalLock
ResetEvent
SetEvent
FreeResource
MulDiv
GetWindowsDirectoryA
GetModuleFileNameA
CreateDirectoryA
CreateFileA
lstrcpynA
GetLocalTime
GetCurrentProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
WinExec
DeleteFileA
FindClose
FindNextFileA
FindFirstFileA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetThreadPriority
CreateEventA
FreeLibrary
CloseHandle
WaitForSingleObject
Sleep
SetLastError
GetModuleHandleA
TlsSetValue
TlsGetValue
LoadLibraryA
GetProcAddress
MultiByteToWideChar
GetLastError
CompareStringW
GetEnvironmentVariableA
GetVersion
CompareStringA
InterlockedExchange
lstrlenA
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceA
GetACP

user32

PostThreadMessageA
GetNextDlgGroupItem
RegisterClipboardFormatA
SetWindowContextHelpId
MapDialogRect
CharNextA
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableA
DestroyMenu
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
WinHelpA
IsChild
GetClassLongA
GetClassNameA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
UpdateWindow
GetMenu
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
GetScrollInfo
CallWindowProcA
OffsetRect
LoadBitmapA
SetWindowLongA
SendMessageA
CharUpperA
IntersectRect
GetWindowPlacement
GetWindowThreadProcessId
GetLastActivePopup
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
SetWindowsHookExA
CallNextHookEx
GetMessageA
IsWindowVisible
GetKeyState
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
ScreenToClient
GrayStringA
DrawTextExA
TabbedTextOutA
SetFocus
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItem
GetWindow
PostQuitMessage
TrackMouseEvent
SetActiveWindow
GetActiveWindow
IsWindowEnabled
GetDesktopWindow
GetFocus
DestroyIcon
GetCaretPos
CopyIcon
InflateRect
IsWindow
SetCapture
PtInRect
MessageBeep
FillRect
GetWindowTextA
GetWindowTextLengthA
SendMessageCallbackA
CreateWindowExA
EndPaint
BeginPaint
SetPropA
GetDlgCtrlID
DefWindowProcA
GetPropA
UnregisterClassA
RegisterClassExA
GetParent
RedrawWindow
DispatchMessageA
PeekMessageA
TranslateMessage
EnableWindow
GetWindowLongA
MessageBoxA
PostMessageA
FindWindowA
KillTimer
InvalidateRect
GetWindowRect
SetTimer
GetCursorPos
TrackPopupMenu
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
LoadIconA
SetForegroundWindow
LoadMenuA
GetSubMenu
ExitWindowsEx
GetSysColor
SetWindowRgn
SetCursor
SystemParametersInfoA
SetWindowPos
GetWindowDC
ReleaseDC
LoadCursorA
SetRect
GetSysColorBrush
CopyRect
GetDC
DrawFocusRect
SetClassLongA
DrawEdge
ReleaseCapture
ClientToScreen
WindowFromPoint
GetCapture
DestroyCursor
DrawTextA
RegisterWindowMessageA

gdi32

ScaleWindowExtEx
GetCurrentPositionEx
GetRgnBox
GetMapMode
CreateRectRgnIndirect
CreatePen
ExtSelectClipRgn
ArcTo
SaveDC
RestoreDC
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
MoveToEx
LineTo
GetClipBox
SetMapMode
GetStockObject
GetObjectA
CreateFontIndirectA
GetDeviceCaps
CreateSolidBrush
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC
BitBlt
GetPixel
ExtCreateRegion
SelectObject
GetTextMetricsA
ExtTextOutA
CreateCompatibleBitmap
StretchBlt
DeleteDC
SelectClipRgn
SetTextColor
SetBkMode
SetBkColor
GetTextExtentPoint32A
GetCurrentObject
GetBkColor
GetTextColor
CreatePatternBrush
CreateBitmap

msimg32

GradientFill

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

AdjustTokenPrivileges
RegEnumKeyA
RegDeleteKeyA
LookupAccountNameA
GetSecurityInfo
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
AllocateAndInitializeSid
DuplicateToken
OpenThreadToken
FreeSid
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
StartServiceA
QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
GetAce
GetTokenInformation
GetAclInformation
EqualSid
LookupAccountSidA
GetSidSubAuthorityCount
IsValidSid
GetSecurityDescriptorControl
GetSecurityDescriptorLength
GetLengthSid
MakeSelfRelativeSD
RegQueryValueExA
RegSetValueExA
RegOpenKeyA
RegCreateKeyA
RegQueryInfoKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
OpenProcessToken
RegOpenKeyExA
GetUserNameA
LookupPrivilegeValueA
GetSecurityDescriptorDacl
RegEnumValueA
RegEnumKeyExA
RegQueryValueA
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSidSubAuthority
CopySid
GetSecurityDescriptorSacl

comctl32

_TrackMouseEvent

shlwapi

UrlUnescapeA
PathIsUNCA
PathStripToRootA
PathFindFileNameA
PathFindExtensionA
PathIsDirectoryA
PathFileExistsA
SHDeleteKeyA

oledlg

ord8

ole32

CoTaskMemAlloc
CLSIDFromString
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemFree
CoCreateInstance
CreateStreamOnHGlobal
CoGetClassObject
CoInitializeEx
CoUninitialize

oleaut32

OleCreateFontIndirect
SystemTimeToVariantTime
OleLoadPicture
SysFreeString
VarBstrCmp
SysAllocStringLen
SysAllocString
VariantClear
SysStringLen
SysAllocStringByteLen
VariantChangeType
VariantInit
VariantCopy
DispCallFunc
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SafeArrayDestroy
VariantTimeToSystemTime

wininet

InternetOpenUrlA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetSetOptionExA
InternetQueryDataAvailable

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

zlib

inflate
inflateInit2_
inflateEnd

Sections

.text
Size: 580KB - Virtual size: 577KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6dd4dc16535d469fbba536857a853cdb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

02:a7:89:94:e8:04:2b:c5:0c:7a:33:3e:91:f7:4b:3dCertificate

Extended Key Usages

Key Usages

1c:18:42:b6:1e:f1:da:c7:db:db:48:de:c7:f5:54:38:a4:25:5e:91Signer

Headers

File Characteristics

PDB Paths

Imports

tcl

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

version

zlib

Sections

.text Size: 580KB - Virtual size: 577KB

.rdata Size: 136KB - Virtual size: 134KB

.data Size: 20KB - Virtual size: 33KB

.rsrc Size: 1.8MB - Virtual size: 1.8MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

02:a7:89:94:e8:04:2b:c5:0c:7a:33:3e:91:f7:4b:3d
Certificate

1c:18:42:b6:1e:f1:da:c7:db:db:48:de:c7:f5:54:38:a4:25:5e:91
Signer

.text
Size: 580KB - Virtual size: 577KB

.rdata
Size: 136KB - Virtual size: 134KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB