fd931156e76e90ebf6860c42306137b7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fd931156e76e90ebf6860c42306137b7_JaffaCakes118
Size

619KB
MD5

fd931156e76e90ebf6860c42306137b7
SHA1

ffdefd1785ac87bcd4ca823e64ab68e3ce46497e
SHA256

1d3d2eb92224be742c3fd4ba2ab4ce986463f2dbdba8504dcce9aaecdb66cd7c
SHA512

31e51c1849f98080106a50afc364a3d8da3fa922ffc4af472ee0c61398833767d0e8e9afa3f8439d36cca2bf286c1fc42d47e1411a601b41ee607b50d33a50f4
SSDEEP

6144:ohWkd8hFQa1oENSJZivvmHRBZUV+YRUgGHp9oUKMb0INh1pYNmGTBojqwkfMFU:ohsdH2HfZUV+YU9HD4Mn1pYkGT2O0e

Score

1^/10

Malware Config

Signatures

Files

fd931156e76e90ebf6860c42306137b7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

08b7059869412d60d36fcd958a3f7bc3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:fd:f4:09:c5:b7:47:ef:1f:1b:a5:90:5a:0d:d7:98
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04-11-2011 00:00

Not After

03-11-2012 23:59

Subject

CN=Rice Electronics Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VTN Support,O=Rice Electronics Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:fd:1d:42:7f:f5:9a:85:4b:09:45:42:42:ac:1a:08:b8:01:b8:96
Signer

Actual PE Digest

06:fd:1d:42:7f:f5:9a:85:4b:09:45:42:42:ac:1a:08:b8:01:b8:96

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Code\urlsoft\trunk\product\win32\urlcore2.pdb

Imports

wininet

InternetSetOptionA
InternetSetOptionExW
InternetSetOptionExA
HttpQueryInfoA
HttpSendRequestW
HttpOpenRequestA
InternetSetOptionW
HttpOpenRequestW
InternetConnectW
InternetCrackUrlW
InternetCloseHandle
InternetReadFile
InternetOpenA
HttpAddRequestHeadersA
InternetConnectA

psapi

GetModuleInformation
GetModuleBaseNameW
EnumProcesses
EnumProcessModules
GetModuleFileNameExW

kernel32

WideCharToMultiByte
CompareStringW
lstrlenW
GetPrivateProfileIntW
WritePrivateProfileStringW
lstrlenA
GetCurrentThreadId
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpiW
SetLastError
GetLocalTime
GetModuleFileNameW
GlobalAddAtomW
CreateProcessW
GetCurrentProcessId
MoveFileW
DeleteFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetPrivateProfileStringW
SuspendThread
GetCommandLineW
Sleep
InitializeCriticalSection
OpenProcess
InterlockedIncrement
InterlockedDecrement
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GetTickCount
MulDiv
lstrcpyA
SetUnhandledExceptionFilter
GetFileSize
VirtualQuery
GetProcAddress
GetVersionExW
GetCurrentThread
lstrcatW
CreateDirectoryW
ExitThread
ExitProcess
LoadLibraryW
TerminateProcess
Thread32Next
Thread32First
CreateProcessA
lstrcmpiA
LoadLibraryA
lstrcpynW
ResetEvent
FileTimeToSystemTime
FileTimeToLocalFileTime
TerminateThread
FindClose
FindFirstFileW
WaitForMultipleObjects
lstrcpynA
VirtualProtect
GetModuleHandleA
GetStringTypeA
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetFilePointer
UnmapViewOfFile
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapCreate
GetCPInfo
LCMapStringW
LCMapStringA
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualFreeEx
VirtualQueryEx
VirtualAllocEx
CreateDirectoryA
CreateFileA
CopyFileW
CopyFileA
CopyFileExW
CopyFileExA
CreateMutexW
GetStartupInfoW
ReadProcessMemory
WriteProcessMemory
OpenEventW
SetThreadPriority
CreateThread
LoadLibraryExA
IsBadReadPtr
GetSystemTime
SetErrorMode
CreateJobObjectW
SetInformationJobObject
AssignProcessToJobObject
CreateFileMappingW
MapViewOfFile
GetSystemInfo
GlobalMemoryStatusEx
SetEnvironmentVariableA
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
RaiseException
QueryPerformanceFrequency
CreateFileW
ReadFile
GetCurrentProcess
FlushInstructionCache
MultiByteToWideChar
FlushFileBuffers
WriteFile
SetEvent
CreateEventW
CloseHandle
WaitForSingleObject
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
LeaveCriticalSection
GetLastError
EnterCriticalSection
GetStartupInfoA

user32

DispatchMessageW
EnumDesktopWindows
LoadImageW
RegisterWindowMessageW
SetForegroundWindow
GetActiveWindow
SetWindowsHookExW
ClientToScreen
CallNextHookEx
WindowFromPoint
DialogBoxParamW
CreateDialogParamW
TranslateMessage
GetMessageW
CreateDesktopW
GetThreadDesktop
PostThreadMessageW
FindWindowExW
CreateWindowExA
MessageBoxExA
MessageBoxExW
MessageBoxIndirectA
MessageBoxIndirectW
DialogBoxParamA
UnregisterClassA
PeekMessageW
GetDlgItemInt
MoveWindow
DestroyAcceleratorTable
CreateAcceleratorTableW
wsprintfW
SetDlgItemInt
CloseDesktop
GetSysColor
GetFocus
GetCapture
ReleaseCapture
CharLowerW
GetLastInputInfo
GetSystemMetrics
SetWindowLongW
CreateWindowExW
GetWindowLongW
PostMessageW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
SendMessageW
GetWindowRect
GetClientRect
ScreenToClient
ShowWindow
IsWindowVisible
RedrawWindow
SetTimer
KillTimer
EnableWindow
SetFocus
EndPaint
BeginPaint
GetCursorPos
SetCursor
DrawFocusRect
FillRect
PtInRect
CallWindowProcW
GetDlgCtrlID
SetCapture
IsWindowEnabled
InvalidateRect
UpdateWindow
UnhookWindowsHookEx
GetClassNameW
RegisterClassExW
SetRectEmpty
ExitWindowsEx
EndDialog
OffsetRect
ReleaseDC
GetDC
GetSubMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
CharNextW
TrackPopupMenu
PostQuitMessage
DrawTextW
LoadCursorW
GetClassInfoExW
MonitorFromPoint
GetMonitorInfoW
DestroyMenu
SetMenuItemInfoW
LoadMenuW
DestroyWindow
GetWindow
SystemParametersInfoW
MapWindowPoints
SetWindowPos
UnregisterHotKey
RegisterHotKey
IsWindow
IsDialogMessageW
MessageBoxW
GetDlgItem
GetParent
DefWindowProcW
SetDlgItemTextW

gdi32

SetTextColor
GetStockObject
SaveDC
CreateFontIndirectW
SelectObject
DeleteObject
GetObjectW
RestoreDC
RoundRect
GetTextExtentPoint32W
ExtTextOutW
SetBkColor
CreateCompatibleDC
SetViewportOrgEx
CreateCompatibleBitmap
CreatePen
CreateSolidBrush
BitBlt
MoveToEx
LineTo
GetDeviceCaps
DeleteDC
SetBkMode

advapi32

RegCloseKey
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
InitiateSystemShutdownW
AdjustTokenPrivileges
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
OpenProcessToken
LookupPrivilegeValueW
RegOpenKeyExW

shell32

SHCreateDirectoryExW
SHFileOperationW
ShellExecuteExW
ShellExecuteExA
ShellExecuteA
SHGetFolderPathW
Shell_NotifyIconW
ShellExecuteW
SHGetFolderPathA
SHGetSpecialFolderPathW

ole32

CreateStreamOnHGlobal
CoGetClassObject
OleLockRunning
CoCreateGuid
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CLSIDFromString
OleInitialize
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
CreateBindCtx
OleUninitialize

oleaut32

SysFreeString
SysAllocString
SysStringLen
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SafeArrayGetVartype
VariantInit
VariantClear
VariantCopy
SysAllocStringLen
SafeArrayCopy
SafeArrayCreate
VariantChangeType
SysAllocStringByteLen
SysStringByteLen

shlwapi

PathFindFileNameW
StrStrIA
StrCmpNIW
PathFindExtensionW
StrChrIA
StrToIntA
StrCmpNIA
StrChrIW
PathRemoveFileSpecW
PathAppendW
StrStrIW
SHGetValueW
SHSetValueW
SHDeleteValueW
StrCatW
PathFileExistsW
StrCmpIW
StrCpyW
StrCpyNW
PathFileExistsA

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_Create

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winmm

PlaySoundA
PlaySoundW
waveOutWrite
SendDriverMessage
sndPlaySoundA
sndPlaySoundW
mciSendStringA
mciSendStringW
mciSendCommandA
mciSendCommandW

urlmon

CreateURLMoniker
CoInternetCreateSecurityManager

Sections

.text
Size: 419KB - Virtual size: 419KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08b7059869412d60d36fcd958a3f7bc3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

2a:fd:f4:09:c5:b7:47:ef:1f:1b:a5:90:5a:0d:d7:98Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

06:fd:1d:42:7f:f5:9a:85:4b:09:45:42:42:ac:1a:08:b8:01:b8:96Signer

Headers

File Characteristics

PDB Paths

Imports

wininet

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

winmm

urlmon

Sections

.text Size: 419KB - Virtual size: 419KB

.rdata Size: 106KB - Virtual size: 105KB

.data Size: 14KB - Virtual size: 31KB

.rsrc Size: 73KB - Virtual size: 73KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

2a:fd:f4:09:c5:b7:47:ef:1f:1b:a5:90:5a:0d:d7:98
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

06:fd:1d:42:7f:f5:9a:85:4b:09:45:42:42:ac:1a:08:b8:01:b8:96
Signer

.text
Size: 419KB - Virtual size: 419KB

.rdata
Size: 106KB - Virtual size: 105KB

.data
Size: 14KB - Virtual size: 31KB

.rsrc
Size: 73KB - Virtual size: 73KB