00e97893530a748fd3d84496ba4ddd0f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

00e97893530a748fd3d84496ba4ddd0f_JaffaCakes118
Size

511KB
MD5

00e97893530a748fd3d84496ba4ddd0f
SHA1

1171f22492186f95f219cd56cf2e16f176f2e2f7
SHA256

259b96f1aa6279375d761c713b6ae9f442d1d24c88da8d92929dc9b58fed4578
SHA512

ffa224e2eadb478539a2c357194adb8604e280f53aefa3397fa87598c9e70545223310ac8717a8a7b40b340c805dfa6e2ba170eafa27e05a48dec68d9943d010
SSDEEP

12288:78ZfwRNHB4DXn2NCLNBQ/fp5gsGP71PzBoL/xsTkKFYAu6ShaSkBI6nuZ0AeFXJZ:FR1mDXn2YN6/fp5gsGP71PzBoL/xsTks

Score

1^/10

Malware Config

Signatures

Files

00e97893530a748fd3d84496ba4ddd0f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e7cccc475f767c48211772b7054f7c21

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:5a:8f:44:b9:95:df:01:70:15:54:fb:f1:81:73:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/11/2011, 00:00

Not After

13/11/2013, 23:59

Subject

CN=Verti Technology Group\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Verti Technology Group\, Inc.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\130708_074426_build_Phoenix_Phoenix_1.0.135.0\source\src\Bin\Release\PhoenixInstaller.pdb

Imports

iphlpapi

GetAdaptersInfo

kernel32

MoveFileExW
DeleteFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempFileNameW
GetTempPathW
GetExitCodeProcess
CreateProcessW
GetTickCount
GlobalFree
FreeLibrary
LoadLibraryW
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
CompareStringW
GetConsoleMode
GetConsoleCP
SetFilePointer
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
IsDebuggerPresent
UnhandledExceptionFilter
LCMapStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetStdHandle
WriteFile
ExitProcess
HeapCreate
GetStartupInfoW
HeapSetInformation
GetCommandLineW
VirtualQuery
VirtualProtect
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
RtlUnwind
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetLastError
Sleep
CreateThread
WaitForSingleObject
GetFileSize
ReadFile
CreateFileW
OpenMutexW
CloseHandle
CreateMutexW
ReleaseMutex
SetEvent
GetVersionExW
GetProcAddress
GetSystemInfo
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
SetLastError
GetCurrentThreadId
RaiseException
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
lstrcmpW
GetCurrentProcess
FlushInstructionCache
GetModuleFileNameW
InterlockedExchange
lstrlenW
WideCharToMultiByte
DeleteCriticalSection
FormatMessageW
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetUnhandledExceptionFilter
MultiByteToWideChar
lstrlenA
LocalFree
LocalAlloc
lstrcmpA

user32

SendMessageW
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
DestroyWindow
DefWindowProcW
CallWindowProcW
GetSysColor
CharNextW
ClientToScreen
ScreenToClient
InvalidateRgn
RedrawWindow
SetCapture
IsChild
SetWindowPos
MoveWindow
SetWindowTextW
CreateWindowExW
MessageBoxW
ShowWindow
GetWindowLongW
InvalidateRect
ReleaseDC
GetDC
GetClientRect
GetDlgItem
GetClassNameW
ReleaseCapture
FillRect
EndPaint
BeginPaint
GetDesktopWindow
DestroyAcceleratorTable
GetFocus
SetFocus
IsWindow
GetClassInfoExW
LoadCursorW
RegisterClassExW
CreateAcceleratorTableW
LoadIconW
PostQuitMessage
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
GetSystemMetrics
PostThreadMessageW
AnimateWindow
DispatchMessageW
TranslateMessage
GetMessageW
PostMessageW
GetWindowThreadProcessId
BringWindowToTop
SetWindowLongW
UnregisterClassA
GetWindowRect
FindWindowW
GetSystemMenu
EnableMenuItem
SetForegroundWindow
GetForegroundWindow
EnumWindows
AttachThreadInput

gdi32

DeleteDC
CreateCompatibleDC
CreateDIBSection
SetDIBColorTable
GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
StretchBlt
DeleteObject
GetDIBColorTable
SelectObject

advapi32

CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptGetKeyParam
CryptAcquireContextW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyExW
DuplicateTokenEx
RevertToSelf
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
ImpersonateLoggedOnUser
OpenProcessToken

shell32

ShellExecuteW
SHGetFolderPathW

ole32

CoTaskMemAlloc
CoInitialize
CoInitializeSecurity
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoAddRefServerProcess
CoReleaseServerProcess
CoUninitialize

oleaut32

VariantChangeType
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
VarBstrCat
OleCreateFontIndirect
LoadTypeLi
LoadRegTypeLi
DispCallFunc
SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString
VariantInit
VariantClear

wininet

HttpSendRequestA
HttpSendRequestW
InternetSetOptionW
InternetQueryOptionW
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpOpenRequestW
InternetReadFile
InternetOpenW
InternetCrackUrlW
FindCloseUrlCache
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
InternetCloseHandle
InternetConnectW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

shlwapi

PathFileExistsW
PathAppendW
PathRemoveExtensionW
PathQuoteSpacesW
PathAddExtensionW
PathStripPathW

urlmon

URLDownloadToFileW
ObtainUserAgentString

gdiplus

GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdiplusShutdown
GdipCloneImage
GdipDrawImageI
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdipGetImageGraphicsContext

msimg32

AlphaBlend
TransparentBlt

crypt32

CertGetNameStringW
CryptImportPublicKeyInfo
CryptDecodeObject
CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
PFXImportCertStore
PFXIsPFXBlob

wintrust

WinVerifyTrust

Sections

.text
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7cccc475f767c48211772b7054f7c21

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

5e:5a:8f:44:b9:95:df:01:70:15:54:fb:f1:81:73:b7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

version

rpcrt4

shlwapi

urlmon

gdiplus

msimg32

crypt32

wintrust

Sections

.text Size: 248KB - Virtual size: 248KB

.rdata Size: 87KB - Virtual size: 86KB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 140KB - Virtual size: 139KB

.reloc Size: 20KB - Virtual size: 20KB

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

5e:5a:8f:44:b9:95:df:01:70:15:54:fb:f1:81:73:b7
Certificate

.text
Size: 248KB - Virtual size: 248KB

.rdata
Size: 87KB - Virtual size: 86KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 140KB - Virtual size: 139KB

.reloc
Size: 20KB - Virtual size: 20KB