0b4ebdae7446a5c07d37efbacf7939e8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b4ebdae7446a5c07d37efbacf7939e8_JaffaCakes118
Size

609KB
MD5

0b4ebdae7446a5c07d37efbacf7939e8
SHA1

f0a46579052585f1a248d979d97ac25cc202ede9
SHA256

887352571a0f3d713007a46f12f49b9b45ece446a78ab4681189f5abb4be544c
SHA512

48df9dd862547fabd10a13eb98c607093f86ab540091712ff2017e43a31db63009b96349cb03a1726a71785e6a558ae2b3cdc2687888040b35833d6100f5cbb0
SSDEEP

12288:eB5fWLTpWUGFvYELRknj6/tDumaIuBbZo2iWro8IDw58KFLv:0FvYmknj6x8Iu5ZTIs58KNv

Score

1^/10

Malware Config

Signatures

Files

0b4ebdae7446a5c07d37efbacf7939e8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fd3bdef41611dc7feeeb176e1c7c9526

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitThread
SetStdHandle
GetFileType
HeapReAlloc
HeapSize
GetTimeZoneInformation
GetSystemTime
GetLocalTime
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
CreateFileA
GetCPInfo
TerminateProcess
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
RaiseException
HeapAlloc
HeapFree
RtlUnwind
SetErrorMode
ExitProcess
GetStartupInfoW
CopyFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileTime
GetFileSize
GetFileAttributesW
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GlobalFlags
lstrcmpiW
GetThreadLocale
InterlockedExchange
MoveFileExW
ReleaseMutex
SetProcessWorkingSetSize
GetFileSizeEx
ResetEvent
CreateDirectoryW
GetLongPathNameW
OutputDebugStringW
SetEnvironmentVariableW
GetEnvironmentVariableW
GetCurrentProcessId
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
MoveFileW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetCurrentProcess
DuplicateHandle
FormatMessageW
LocalFree
CreateEventW
ResumeThread
SetEvent
lstrcmpW
OpenThread
QueryPerformanceCounter
GetSystemDirectoryA
CreateEventA
TryEnterCriticalSection
GetSystemTimeAsFileTime
GetCurrentThread
lstrcpynW
SetLastError
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
LoadLibraryA
GetVersion
lstrcatW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GlobalFree
GetFileAttributesExW
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
lstrlenA
WritePrivateProfileStringW
GetVersionExW
FreeLibrary
WaitForSingleObject
lstrcpyW
CreateThread
MultiByteToWideChar
Sleep
GetPrivateProfileStringW
lstrlenW
GetPrivateProfileIntW
GetTempPathW
FindResourceW
SizeofResource
LoadResource
CreateFileW
LockResource
WriteFile
CloseHandle
GetModuleHandleW
LoadLibraryW
GetProcAddress
DeleteFileW
SetUnhandledExceptionFilter
GetTickCount
CreateMutexW
GetLastError
GetModuleFileNameW
IsValidLocale

user32

GetSysColorBrush
GetDesktopWindow
GetClassNameW
CharUpperW
MapDialogRect
SetWindowContextHelpId
GetMessageW
TranslateMessage
ValidateRect
WindowFromPoint
DestroyMenu
GrayStringW
DrawTextW
TabbedTextOutW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
UpdateWindow
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageW
DispatchMessageW
SetFocus
AdjustWindowRectEx
ScreenToClient
CopyRect
GetTopWindow
IsChild
UnregisterClassW
GetCapture
WinHelpW
RegisterClassW
GetMenu
GetMenuItemCount
GetMenuItemID
TrackPopupMenu
GetWindowTextLengthW
GetWindowTextW
GetDlgCtrlID
GetKeyState
CreateWindowExW
SetWindowsHookExW
CallNextHookEx
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
CharNextW
CopyAcceleratorTableW
SetRect
GetNextDlgGroupItem
MessageBeep
RemovePropW
DefWindowProcW
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
GetWindow
SetWindowLongW
SetWindowPos
RegisterWindowMessageW
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
CreateDialogIndirectParamW
DestroyWindow
GetParent
GetWindowLongW
GetDlgItem
DestroyIcon
RegisterClipboardFormatW
ClientToScreen
SystemParametersInfoW
DrawIconEx
GetWindowRect
PtInRect
PostQuitMessage
GetCursorPos
SetForegroundWindow
LoadMenuW
GetSubMenu
IsWindowVisible
KillTimer
IsWindowEnabled
GetClassInfoW
FindWindowW
SetTimer
LoadIconW
LoadImageW
PostMessageW
PostThreadMessageW
wsprintfW
LoadStringW
MessageBoxW
LoadCursorW
SetCursor
InvalidateRect
LoadBitmapW
OffsetRect
EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuW
SendMessageW
ShowWindow
MoveWindow
GetFocus

gdi32

PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
GetMapMode
GetWindowExtEx
DPtoLP
GetTextColor
GetBkColor
LPtoDP
GetViewportExtEx
BitBlt
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
DeleteObject
CreateSolidBrush
StretchBlt
CreateCompatibleBitmap
GetDeviceCaps
CreateFontW
GetObjectW
CreateCompatibleDC
SelectObject

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegCreateKeyW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteExW

comctl32

_TrackMouseEvent
ord17

oledlg

OleUIBusyW

ole32

CoTaskMemFree
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CreateStreamOnHGlobal
CoInitialize
OleInitialize
CoCreateInstance
OleIsCurrentClipboard
OleFlushClipboard
OleUninitialize
CoFreeUnusedLibraries
CoTaskMemAlloc
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject

olepro32

ord251
ord253

oleaut32

SysStringLen
SysAllocString
SysFreeString
SysAllocStringLen
VariantClear
VariantTimeToSystemTime
VariantCopy
VariantChangeType

msimg32

TransparentBlt

shlwapi

PathFileExistsW
PathFindFileNameW

version

GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
VerQueryValueA
GetFileVersionInfoSizeA

ws2_32

ntohs
ntohl
send
accept
WSACloseEvent
connect
WSAEventSelect
recv
listen
gethostname
gethostbyname
closesocket
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSACreateEvent
select
inet_ntoa
WSAStartup
WSACleanup
bind
htons
htonl
setsockopt
ioctlsocket
WSAGetLastError
socket
sendto
inet_addr
recvfrom
__WSAFDIsSet

Sections

.text
Size: 412KB - Virtual size: 410KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd3bdef41611dc7feeeb176e1c7c9526

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:ddCertificate

Extended Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

msimg32

shlwapi

version

ws2_32

Sections

.text Size: 412KB - Virtual size: 410KB

.rdata Size: 76KB - Virtual size: 73KB

.data Size: 36KB - Virtual size: 61KB

.rsrc Size: 76KB - Virtual size: 75KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

.text
Size: 412KB - Virtual size: 410KB

.rdata
Size: 76KB - Virtual size: 73KB

.data
Size: 36KB - Virtual size: 61KB

.rsrc
Size: 76KB - Virtual size: 75KB