087e0a28dc51a6028a1cf654f2a5087a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

087e0a28dc51a6028a1cf654f2a5087a_JaffaCakes118
Size

1.6MB
MD5

087e0a28dc51a6028a1cf654f2a5087a
SHA1

be9e001f4f6dbca1cf94ed0e174d39ae6cfdad16
SHA256

4596030772fce5e51fb95e5f4d8c97d72a3efafcd12e14f9bf0ad606c25c159f
SHA512

25d3b572b4261a232e47c9a4048b83cdf7c009913307007c0e1897bddf902958b6fa1d620dfe62b1ce04a92936ce14d4ef44626e260cd603ad9790d1fd69b12d
SSDEEP

24576:NzJZoU7YgH4A2UBmRtgB5LK5YZhO24A7Tw6rnhDAJZDt3MO1xVTehWTI19c06GxM:HYTOYgekj7trhMJZX1x4WTUa78IZ

Score

1^/10

Malware Config

Signatures

Files

087e0a28dc51a6028a1cf654f2a5087a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e6d12ae91805b1d98df7aa729a94dabf

Code Sign

07:1b:86:4f:59:b4:a7:39:32:76:e5:7c:53:09:2b:a6
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03/09/2013, 00:00

Not After

08/09/2014, 12:00

Subject

CN=InstallX\, LLC,O=InstallX\, LLC,L=Sartell,ST=Minnesota,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b0:df:54:63:a9:7b:be:f6:99:6b:7b:d7:ad:35:1a:09:e6:b7:32:39
Signer

Actual PE Digest

b0:df:54:63:a9:7b:be:f6:99:6b:7b:d7:ad:35:1a:09:e6:b7:32:39

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tfs.vs2012\admin\windows\MAIN\Installer.QuickStart.Application\ReleaseNoMFC\quickstart.pdb

Imports

kernel32

InterlockedDecrement
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
GetStdHandle
WriteFile
GetModuleFileNameW
SetLastError
InterlockedIncrement
GetCurrentThread
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
FreeLibrary
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
OutputDebugStringW
LoadLibraryW
GetDateFormatW
GetTimeFormatW
CompareStringW
GetCommandLineA
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetTempPathA
WriteConsoleW
FlushFileBuffers
CreateFileW
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
CreateProcessA
VirtualQuery
GetLongPathNameA
CloseHandle
MultiByteToWideChar
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
WaitForSingleObject
CreateMutexA
RtlCaptureStackBackTrace
ReleaseMutex
WideCharToMultiByte
Sleep
GetTickCount
GetCurrentThreadId
SetUnhandledExceptionFilter
GetLastError
GetExitCodeProcess
Module32First
Module32Next
GetVersionExA
GetSystemInfo
InitializeCriticalSectionAndSpinCount
FindResourceExW
FindResourceW
LoadResource
LockResource
DecodePointer
EncodePointer
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LCMapStringW
GetFullPathNameA
RaiseException
SetEnvironmentVariableA
ReadConsoleW
ExitThread
CreateThread
DeleteFileW
GetFileAttributesExW
GetDiskFreeSpaceA
CreateFileMappingA
GetDiskFreeSpaceW
LockFileEx
GetTempPathW
GetFileAttributesW
FormatMessageW
InitializeCriticalSection
UnlockFileEx
LockFile
UnlockFile
InterlockedCompareExchange
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
GetFullPathNameW
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetTimeZoneInformation
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventA
SetFilePointer
ReadFile
GetFileSize
CreateFileA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
GetSystemDirectoryA
SizeofResource
SetStdHandle
FormatMessageA
GetModuleHandleA
LocalAlloc
lstrlenA
LocalFree
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
LoadLibraryA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
LoadLibraryExA
FindResourceExA
GetUserDefaultUILanguage
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
GetSystemTime
GetTempFileNameA
DeleteFileA
RemoveDirectoryA
SetFileAttributesA
CopyFileA
GetFileAttributesA
GetWindowsDirectoryA

user32

IsWindow
SetWindowTextA
DestroyWindow
UpdateWindow
GetWindowTextA
GetWindowTextLengthA
SetWindowLongA
GetWindowLongA
PostMessageA
SendMessageA
ScreenToClient
ClientToScreen
SetWindowPos
MessageBoxA
SetTimer
KillTimer
GetParent
SetForegroundWindow
SetParent
GetWindowRect
GetClientRect
MoveWindow
MessageBoxExA
LoadStringA
EnumWindows
IsWindowEnabled
EnableWindow
ShowWindow
GetClassNameA
EnumChildWindows
GetSystemMetrics
GetShellWindow
FindWindowA
GetDesktopWindow
LoadCursorA
CreateWindowExA
GetClassInfoExA
RegisterClassExA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
CallWindowProcA
DefWindowProcA
LoadBitmapA
LoadImageA
SetCursor
ReleaseCapture
GetKeyboardState
CreatePopupMenu
DestroyMenu
AppendMenuA
LoadAcceleratorsA
DialogBoxParamA
CreateDialogParamA
EndDialog
GetDlgItem
SendMessageW
CopyRect
InflateRect
FrameRect
BeginPaint
EndPaint
FindWindowExA
InvalidateRect
InvalidateRgn
IsWindowVisible
SetFocus
GetWindowThreadProcessId
TrackPopupMenu
WaitForInputIdle
SetDlgItemTextA
GetCursorPos
OffsetRect
SystemParametersInfoA
AdjustWindowRectEx
SetClassLongA
LoadIconA
PostQuitMessage
IsIconic
GetFocus

oleaut32

SysAllocStringLen
SysStringLen
VariantInit
VariantClear
VariantChangeType
SysAllocString
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SysFreeString

shlwapi

PathFindExtensionA
PathRenameExtensionA
PathStripPathA
PathRemoveFileSpecA
PathIsDirectoryEmptyA
SHDeleteEmptyKeyA
UrlEscapeA
PathCombineA

comctl32

ImageList_Create
InitCommonControlsEx
ImageList_Add

shell32

ShellExecuteExA
Shell_NotifyIconA
SHGetSpecialFolderPathA

ole32

StringFromGUID2
CoCreateGuid
CoCreateInstance
CoTaskMemAlloc
OleUninitialize
CoInitializeSecurity
OleInitialize
CoTaskMemFree

psapi

GetModuleFileNameExA
EnumProcesses

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

userenv

ExpandEnvironmentStringsForUserA

wininet

InternetReadFileExA
InternetSetOptionA
InternetErrorDlg
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetCombineUrlA
InternetGetCookieA
InternetSetCookieA
FindCloseUrlCache
InternetCloseHandle
InternetOpenA
InternetSetStatusCallback
HttpQueryInfoA
InternetConnectA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA

gdiplus

GdipDeleteGraphics
GdipCreateFromHDC
GdipSetCompositingMode

urlmon

IsValidURL

gdi32

GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
SetWindowOrgEx
BitBlt
DeleteDC
SelectObject
GetObjectA
DeleteObject

advapi32

RegEnumKeyExA
AdjustTokenPrivileges
RevertToSelf
OpenProcessToken
GetTokenInformation
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegOpenCurrentUser
RegOpenUserClassesRoot
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
GetLengthSid
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegQueryInfoKeyA
SetTokenInformation
LookupPrivilegeValueA
DuplicateTokenEx
ImpersonateLoggedOnUser

Sections

.text
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-qu
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-ti
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 512B - Virtual size: 59B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-qu
Size: 512B - Virtual size: 41B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-ti
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 446KB - Virtual size: 445KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6d12ae91805b1d98df7aa729a94dabf

Code Sign

07:1b:86:4f:59:b4:a7:39:32:76:e5:7c:53:09:2b:a6Certificate

Extended Key Usages

Key Usages

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1Certificate

Extended Key Usages

Key Usages

b0:df:54:63:a9:7b:be:f6:99:6b:7b:d7:ad:35:1a:09:e6:b7:32:39Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

oleaut32

shlwapi

comctl32

shell32

ole32

psapi

version

userenv

wininet

gdiplus

urlmon

gdi32

advapi32

Sections

.text Size: 408KB - Virtual size: 407KB

.text-qu Size: 4KB - Virtual size: 3KB

.text-co Size: 83KB - Virtual size: 83KB

.text-co Size: 50KB - Virtual size: 49KB

.text-co Size: 22KB - Virtual size: 21KB

.text-co Size: 11KB - Virtual size: 11KB

.text-co Size: 10KB - Virtual size: 9KB

.text-co Size: 257KB - Virtual size: 257KB

.text-ti Size: 42KB - Virtual size: 42KB

.text-co Size: 11KB - Virtual size: 11KB

.text-co Size: 512B - Virtual size: 59B

.text-co Size: 12KB - Virtual size: 12KB

.rdata Size: 208KB - Virtual size: 208KB

.data Size: 13KB - Virtual size: 22KB

.data-qu Size: 512B - Virtual size: 41B

.data-co Size: 512B - Virtual size: 172B

.data-co Size: 512B - Virtual size: 56B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 3KB - Virtual size: 2KB

.data-ti Size: 1KB - Virtual size: 1KB

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 4B

.data-co Size: 512B - Virtual size: 40B

.rsrc Size: 446KB - Virtual size: 445KB

07:1b:86:4f:59:b4:a7:39:32:76:e5:7c:53:09:2b:a6
Certificate

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1
Certificate

b0:df:54:63:a9:7b:be:f6:99:6b:7b:d7:ad:35:1a:09:e6:b7:32:39
Signer

.text
Size: 408KB - Virtual size: 407KB

.text-qu
Size: 4KB - Virtual size: 3KB

.text-co
Size: 83KB - Virtual size: 83KB

.text-co
Size: 50KB - Virtual size: 49KB

.text-co
Size: 22KB - Virtual size: 21KB

.text-co
Size: 11KB - Virtual size: 11KB

.text-co
Size: 10KB - Virtual size: 9KB

.text-co
Size: 257KB - Virtual size: 257KB

.text-ti
Size: 42KB - Virtual size: 42KB

.text-co
Size: 11KB - Virtual size: 11KB

.text-co
Size: 512B - Virtual size: 59B

.text-co
Size: 12KB - Virtual size: 12KB

.rdata
Size: 208KB - Virtual size: 208KB

.data
Size: 13KB - Virtual size: 22KB

.data-qu
Size: 512B - Virtual size: 41B

.data-co
Size: 512B - Virtual size: 172B

.data-co
Size: 512B - Virtual size: 56B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 3KB - Virtual size: 2KB

.data-ti
Size: 1KB - Virtual size: 1KB

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 4B

.data-co
Size: 512B - Virtual size: 40B

.rsrc
Size: 446KB - Virtual size: 445KB