0a1afb70d4df341e02043c2ebeb21aff_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0a1afb70d4df341e02043c2ebeb21aff_JaffaCakes118
Size

1.5MB
MD5

0a1afb70d4df341e02043c2ebeb21aff
SHA1

48f9c2ecfacdd1371b6deeac3b847f1fdf4d7c9f
SHA256

0b1458cada17a90763602fde8a1f7deae985703811c1f1420879b2b472147e01
SHA512

51fb7d7915d4e0c9048b453e63d025b391eeaae0b9e4bf46621bc7819e596bdca5f52834887daf1cb98dc09884063ab337da3a4f367860a330a6caf22d792823
SSDEEP

24576:4s1fPnFx/289qRgm1dex0boIRn+wplwk5dGqV0e3uvBrUgLJq11hDT1PTH7Ezq3A:Lt9xWZ5pVVevho1hNPTbxk8Il

Score

1^/10

Malware Config

Signatures

Files

0a1afb70d4df341e02043c2ebeb21aff_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4166e3094eacd419f88fd0168bd24203

Code Sign

07:1b:86:4f:59:b4:a7:39:32:76:e5:7c:53:09:2b:a6
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03/09/2013, 00:00

Not After

08/09/2014, 12:00

Subject

CN=InstallX\, LLC,O=InstallX\, LLC,L=Sartell,ST=Minnesota,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:bb:44:f0:3e:4a:d0:26:96:41:f8:19:fa:c9:ad:ea:70:2d:ac:88
Signer

Actual PE Digest

55:bb:44:f0:3e:4a:d0:26:96:41:f8:19:fa:c9:ad:ea:70:2d:ac:88

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tfs.vs2012\admin\windows\MAIN\Installer.QuickStart.Application\ReleaseNoMFC\quickstart.pdb

Imports

comctl32

ImageList_Create
InitCommonControlsEx
ImageList_Add

kernel32

MultiByteToWideChar
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
GetTickCount
CloseHandle
Sleep
GetCurrentThreadId
SetUnhandledExceptionFilter
ReleaseMutex
RtlCaptureStackBackTrace
CreateMutexA
WaitForSingleObject
SizeofResource
InitializeCriticalSectionAndSpinCount
GetTempPathA
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
OutputDebugStringW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
UnhandledExceptionFilter
GetStringTypeW
GetModuleFileNameW
GetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
InterlockedIncrement
SetLastError
RtlUnwind
LoadLibraryExW
ExitThread
CreateThread
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleExW
ExitProcess
InterlockedDecrement
DecodePointer
EncodePointer
HeapSize
HeapReAlloc
HeapDestroy
AreFileApisANSI
DeleteFileW
DeleteCriticalSection
WideCharToMultiByte
RaiseException
FormatMessageA
GetModuleHandleA
LocalAlloc
lstrlenA
LocalFree
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
GetSystemTime
GetTempFileNameA
DeleteFileA
RemoveDirectoryA
SetFileAttributesA
CopyFileA
GetFileAttributesA
GetModuleFileNameA
GetCurrentDirectoryA
GetFullPathNameA
GetLongPathNameA
GetVersionExA
GetSystemInfo
GetCurrentProcess
GetWindowsDirectoryA
GetSystemDirectoryA
ExpandEnvironmentStringsA
HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryA
GetProcAddress
FreeLibrary
GetTimeZoneInformation
CreateFileA
OpenProcess
GetExitCodeProcess
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
LoadLibraryExA
FindResourceExA
GetFileSize
ReadFile
WriteFile
SetFilePointer
CreateProcessA
CreateToolhelp32Snapshot
Process32First
Process32Next
TerminateProcess
Module32First
Module32Next
GetCurrentProcessId
CreateEventA
WaitForSingleObjectEx
ResetEvent
SetEvent
GetUserDefaultUILanguage
VirtualQuery
GetCurrentThread
GetFullPathNameW
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
UnlockFileEx
GetSystemTimeAsFileTime
InitializeCriticalSection
LoadLibraryW
FormatMessageW
LeaveCriticalSection
GetFileAttributesW
CreateFileW
FlushFileBuffers
GetTempPathW
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
CreateFileMappingA
GetDiskFreeSpaceA
GetFileAttributesExW

user32

SetWindowLongA
GetWindowLongA
PostMessageA
GetWindowTextLengthA
GetWindowTextA
ScreenToClient
SetWindowTextA
IsWindow
ClientToScreen
SetWindowPos
MessageBoxA
SetTimer
DestroyWindow
SetForegroundWindow
EnableWindow
KillTimer
GetParent
SetParent
GetWindowRect
SendMessageA
ShowWindow
UpdateWindow
GetSystemMetrics
GetShellWindow
GetWindowThreadProcessId
LoadStringA
EnumWindows
IsWindowEnabled
FindWindowExA
GetClassNameA
EnumChildWindows
FindWindowA
GetDesktopWindow
SetCursor
LoadCursorA
ReleaseCapture
GetKeyboardState
CreatePopupMenu
DestroyMenu
AppendMenuA
TrackPopupMenu
CreateWindowExA
GetClassInfoExA
RegisterClassExA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
CallWindowProcA
DefWindowProcA
LoadBitmapA
LoadImageA
DialogBoxParamA
CreateDialogParamA
EndDialog
GetDlgItem
SendMessageW
CopyRect
InflateRect
FrameRect
BeginPaint
EndPaint
MessageBoxExA
WaitForInputIdle
PostQuitMessage
LoadAcceleratorsA
SetDlgItemTextA
GetCursorPos
OffsetRect
SystemParametersInfoA
AdjustWindowRectEx
SetClassLongA
LoadIconA
IsIconic
GetFocus
SetFocus
IsWindowVisible
InvalidateRgn
InvalidateRect
MoveWindow
GetClientRect

shell32

Shell_NotifyIconA
ShellExecuteExA
SHGetSpecialFolderPathA

ole32

CoCreateGuid
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
OleUninitialize
CoInitializeSecurity
OleInitialize
StringFromGUID2

oleaut32

VariantClear
SafeArrayDestroy
SafeArrayUnaccessData
VariantChangeType
SysFreeString
SysAllocStringLen
SysAllocString
VariantInit
SafeArrayCreateVector
SafeArrayAccessData
SysStringLen

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

userenv

ExpandEnvironmentStringsForUserA

psapi

EnumProcesses
GetModuleFileNameExA

wininet

InternetReadFileExA
InternetSetOptionA
InternetErrorDlg
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetCombineUrlA
InternetGetCookieA
InternetSetCookieA
FindCloseUrlCache
InternetCloseHandle
InternetOpenA
InternetSetStatusCallback
HttpQueryInfoA
InternetConnectA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA

shlwapi

SHDeleteEmptyKeyA
PathIsDirectoryEmptyA
PathRemoveFileSpecA
UrlEscapeA
PathStripPathA
PathCombineA
PathFindExtensionA
PathRenameExtensionA

gdiplus

GdipDeleteGraphics
GdipCreateFromHDC
GdipSetCompositingMode

urlmon

IsValidURL

gdi32

PatBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
SetWindowOrgEx
BitBlt
DeleteDC
SelectObject
GetStockObject
GetObjectA

advapi32

ImpersonateLoggedOnUser
RegQueryInfoKeyA
RegEnumKeyExA
RevertToSelf
OpenProcessToken
GetTokenInformation
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
SetTokenInformation
LookupPrivilegeValueA
DuplicateTokenEx
GetLengthSid
AdjustTokenPrivileges
RegOpenCurrentUser
RegOpenUserClassesRoot
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-qu
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-ti
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 512B - Virtual size: 59B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-qu
Size: 512B - Virtual size: 45B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-ti
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 406KB - Virtual size: 406KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4166e3094eacd419f88fd0168bd24203

Code Sign

07:1b:86:4f:59:b4:a7:39:32:76:e5:7c:53:09:2b:a6Certificate

Extended Key Usages

Key Usages

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1Certificate

Extended Key Usages

Key Usages

55:bb:44:f0:3e:4a:d0:26:96:41:f8:19:fa:c9:ad:ea:70:2d:ac:88Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

shell32

ole32

oleaut32

version

userenv

psapi

wininet

shlwapi

gdiplus

urlmon

gdi32

advapi32

Sections

.text Size: 145KB - Virtual size: 145KB

.text-qu Size: 266KB - Virtual size: 265KB

.text-co Size: 83KB - Virtual size: 83KB

.text-co Size: 50KB - Virtual size: 49KB

.text-co Size: 21KB - Virtual size: 20KB

.text-co Size: 11KB - Virtual size: 11KB

.text-co Size: 10KB - Virtual size: 9KB

.text-co Size: 257KB - Virtual size: 257KB

.text-ti Size: 42KB - Virtual size: 42KB

.text-co Size: 11KB - Virtual size: 11KB

.text-co Size: 512B - Virtual size: 59B

.text-co Size: 12KB - Virtual size: 12KB

.rdata Size: 208KB - Virtual size: 207KB

.data Size: 13KB - Virtual size: 22KB

.data-qu Size: 512B - Virtual size: 45B

.data-co Size: 512B - Virtual size: 172B

.data-co Size: 512B - Virtual size: 56B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 3KB - Virtual size: 2KB

.data-ti Size: 1KB - Virtual size: 1KB

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 4B

.data-co Size: 512B - Virtual size: 40B

.rsrc Size: 406KB - Virtual size: 406KB

07:1b:86:4f:59:b4:a7:39:32:76:e5:7c:53:09:2b:a6
Certificate

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1
Certificate

55:bb:44:f0:3e:4a:d0:26:96:41:f8:19:fa:c9:ad:ea:70:2d:ac:88
Signer

.text
Size: 145KB - Virtual size: 145KB

.text-qu
Size: 266KB - Virtual size: 265KB

.text-co
Size: 83KB - Virtual size: 83KB

.text-co
Size: 50KB - Virtual size: 49KB

.text-co
Size: 21KB - Virtual size: 20KB

.text-co
Size: 11KB - Virtual size: 11KB

.text-co
Size: 10KB - Virtual size: 9KB

.text-co
Size: 257KB - Virtual size: 257KB

.text-ti
Size: 42KB - Virtual size: 42KB

.text-co
Size: 11KB - Virtual size: 11KB

.text-co
Size: 512B - Virtual size: 59B

.text-co
Size: 12KB - Virtual size: 12KB

.rdata
Size: 208KB - Virtual size: 207KB

.data
Size: 13KB - Virtual size: 22KB

.data-qu
Size: 512B - Virtual size: 45B

.data-co
Size: 512B - Virtual size: 172B

.data-co
Size: 512B - Virtual size: 56B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 3KB - Virtual size: 2KB

.data-ti
Size: 1KB - Virtual size: 1KB

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 4B

.data-co
Size: 512B - Virtual size: 40B

.rsrc
Size: 406KB - Virtual size: 406KB