fc9f12d7fc45924a735985622e4a6f98_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fc9f12d7fc45924a735985622e4a6f98_JaffaCakes118
Size

527KB
MD5

fc9f12d7fc45924a735985622e4a6f98
SHA1

639e8f38cec0ada10682e655516923665aed281e
SHA256

8e0a5d3a007d2a68a359fd176556bfeeaeb906574a9e749154864787e4b45008
SHA512

c31e7d666d0a97313733b2e672117e98b9ac7313a08a8a4b72e7760e7913509f99dfbbdde5fc4f7b57120f128cf50109ec10e630ba230d38f61b2a644f00a0ce
SSDEEP

12288:F+EwYp4cUicxFLopfpN8VllSQbqJVs6b3r5kUmfH3+EQd2Hx:F+EwE4cmxFefpN8/lSQWJVs6b3r5c/+E

Score

1^/10

Malware Config

Signatures

Files

fc9f12d7fc45924a735985622e4a6f98_JaffaCakes118
.exe windows:4 windows x86 arch:x86

67efd1d08a41f07b61c6e3dc7c87dbf0

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:49:7c:ed:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:55

Not After

16/09/2011, 02:05

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:10D8-5847-CBF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d6:72:67:78:b8:41:bc:18:81:12:c0:56:77:0b:d5:d6:08:64:8b:f3
Signer

Actual PE Digest

d6:72:67:78:b8:41:bc:18:81:12:c0:56:77:0b:d5:d6:08:64:8b:f3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

t:\orgchart\x86\ship\0\orgchart.pdb

Imports

kernel32

IsDBCSLeadByteEx
GetFileSize
SetEndOfFile
SetErrorMode
GetAtomNameA
GetAtomNameW
AddAtomW
DeleteAtom
GetProfileIntA
GetUserDefaultLangID
LoadLibraryA
CreateFileA
GetModuleFileNameA
FindFirstFileA
FindClose
GetSystemDefaultLangID
GetDriveTypeA
GetCurrentDirectoryA
FormatMessageW
GetLastError
MultiByteToWideChar
GetTempPathA
GetTempFileNameA
GetProfileStringA
CompareStringA
GlobalAddAtomA
GlobalGetAtomNameA
GlobalDeleteAtom
WideCharToMultiByte
lstrcmpiA
CloseHandle
DeleteFileA
SetFilePointer
ReadFile
WriteFile
GlobalHandle
GetTickCount
lstrlenA
GlobalFlags
FreeLibrary
LocalAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
VirtualProtect
GlobalReAlloc
GlobalSize
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
RaiseException

gdi32

TextOutA
GetTextCharset
GetTextExtentPoint32A
ExtCreatePen
GetMapMode
SetMapMode
CreateICA
Escape
CreateBitmap
GetTextFaceA
CreateFontIndirectW
ExtTextOutA
CreateRectRgn
CreateMetaFileA
CloseMetaFile
CreateFontA
GetTextMetricsA
CreatePatternBrush
CreateCompatibleDC
OffsetRgn
SetStretchBltMode
TranslateCharsetInfo
DeleteDC
GetDIBits
GetDeviceCaps
GetPaletteEntries
StretchDIBits
SetMetaFileBitsEx
GetViewportOrgEx
SetTextAlign
SetViewportOrgEx
SetWindowExtEx
SetViewportExtEx
PlayMetaFile
DeleteMetaFile
CreatePalette
CreateCompatibleBitmap
GetStockObject
GetWindowOrgEx
DeleteObject
RestoreDC
BitBlt
PatBlt
LineTo
MoveToEx
CreatePen
SetBkColor
SetTextColor
GetObjectA
SelectObject
SaveDC
IntersectClipRect
Arc
Polygon
DPtoLP
LPtoDP
PaintRgn
CreateRoundRectRgn
RoundRect
SetBkMode
CreateSolidBrush
InvertRgn
CreatePolygonRgn
GetNearestColor
ExcludeClipRect
Rectangle
SetWindowOrgEx
RealizePalette
SelectPalette
GetTextExtentPointA
Polyline
SetROP2
GetROP2
SetPolyFillMode
SelectClipRgn
SetDIBits

user32

GetScrollPos
GetMessageTime
ScrollWindow
GetDlgItem
SetDlgItemInt
GetDlgItemInt
EndDialog
DialogBoxParamW
FrameRect
ScreenToClient
GetClassNameA
GetActiveWindow
GetWindowTextW
DeleteMenu
AppendMenuA
GetWindowPlacement
EqualRect
GetMessagePos
RegisterClassExA
LoadImageA
LoadIconA
GetMenuItemID
ModifyMenuA
GetSystemMetrics
GetMenuStringW
LoadMenuA
DestroyMenu
RemoveMenu
SendMessageW
CreateWindowExW
RegisterClipboardFormatA
SetDlgItemTextW
GetDlgItemTextW
LoadAcceleratorsA
SetWindowTextW
GetWindowTextA
SetDlgItemTextA
GetDlgItemTextA
CheckDlgButton
EnableWindow
ModifyMenuW
GetMenuState
GetCursorPos
GetMenuCheckMarkDimensions
LoadStringA
LoadBitmapA
CharNextA
SetScrollInfo
GetScrollInfo
GetScrollRange
GetUpdateRect
KillTimer
SetTimer
GetCaretBlinkTime
IsWindowEnabled
GetClipboardOwner
GetKeyboardLayout
GetKeyState
GetClientRect
InvertRect
InflateRect
ReleaseDC
GetDC
InvalidateRect
EmptyClipboard
SetClipboardData
CloseClipboard
IsClipboardFormatAvailable
OpenClipboard
GetWindowLongA
CopyRect
SendMessageA
GetParent
FillRect
SetRect
DestroyWindow
CreateWindowExA
OffsetRect
IsWindowVisible
GetWindow
UpdateWindow
CheckRadioButton
CheckMenuItem
PtInRect
IntersectRect
GetMenu
GetMenuItemCount
DrawMenuBar
FindWindowA
BringWindowToTop
GetMessageA
TranslateMDISysAccel
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
IsIconic
SetWindowPos
PostQuitMessage
SetForegroundWindow
GetDlgCtrlID
GetDoubleClickTime
MessageBeep
DefMDIChildProcA
EnableMenuItem
ClientToScreen
GetSubMenu
TrackPopupMenu
PeekMessageA
SetCursor
LoadStringW
MessageBoxW
SetScrollPos
GetFocus
ShowWindow
ValidateRect
GetWindowRect
MoveWindow
GetClipboardData
UnionRect
LoadCursorA
RegisterClassA
DefWindowProcA
SetWindowLongA
ReleaseCapture
SetFocus
SetCapture
PostMessageA
BeginPaint
EndPaint
DrawFocusRect
IsDlgButtonChecked
GetSysColor
DefFrameProcA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ole32

OleBuildVersion
OleInitialize
CoRegisterClassObject
CreateItemMoniker
CreateGenericComposite
CreateFileMoniker
CoGetMalloc
CoRevokeClassObject
OleUninitialize
CreateOleAdviseHolder
CreateDataAdviseHolder
ReleaseStgMedium
OleRegEnumFormatEtc
WriteClassStg
WriteFmtUserTypeStg
GetRunningObjectTable
CoDisconnectObject
CreateStreamOnHGlobal
OleSaveToStream
WriteClassStm
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleFlushClipboard
OleSetClipboard

msvcr80

_controlfp_s
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_crt_debugger_hook
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
atof
atoi
toupper
rename
_stricmp
_strnicmp
_splitpath_s
_vsnprintf
__argc
__argv
memchr
strftime
_time64
_localtime64_s
memset
_CIasin
_CIatan2
_CIcos
_CIsin
_CIsqrt
memmove
_invoke_watson

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

comctl32

ord17

shell32

SHGetFolderPathA

Sections

.text
Size: 462KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67efd1d08a41f07b61c6e3dc7c87dbf0

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:0f:78:4d:00:00:00:00:00:03Certificate

Extended Key Usages

Key Usages

61:49:7c:ed:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

d6:72:67:78:b8:41:bc:18:81:12:c0:56:77:0b:d5:d6:08:64:8b:f3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

user32

advapi32

ole32

msvcr80

winspool.drv

comctl32

shell32

Sections

.text Size: 462KB - Virtual size: 461KB

.data Size: 2KB - Virtual size: 139KB

.rsrc Size: 33KB - Virtual size: 32KB

.reloc Size: 22KB - Virtual size: 22KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:0f:78:4d:00:00:00:00:00:03
Certificate

61:49:7c:ed:00:00:00:00:00:05
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

d6:72:67:78:b8:41:bc:18:81:12:c0:56:77:0b:d5:d6:08:64:8b:f3
Signer

.text
Size: 462KB - Virtual size: 461KB

.data
Size: 2KB - Virtual size: 139KB

.rsrc
Size: 33KB - Virtual size: 32KB

.reloc
Size: 22KB - Virtual size: 22KB