1254d00ab2e0090df83ccf40e68b4f65_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1254d00ab2e0090df83ccf40e68b4f65_JaffaCakes118
Size

157KB
MD5

1254d00ab2e0090df83ccf40e68b4f65
SHA1

6927fa4ea967d35799dcb9a7bba47691385171b9
SHA256

10e7c9eebf42f99fac4a9e789dfbb5c71c0b0828e1eef16abdc149ffc828f180
SHA512

4a7276a1bf153c7803e6a4e3e38ad201275cb6123b2dd78a3fa04a7c602f08ccc7adf012ad903512a1d6b79541e9e08fef7417d1220bdd1166d1edb6168f88af
SSDEEP

3072:QVtN9OafZ3FkfXoIwWNDpUy3EBosGF0vYLA55m7J:EBrh3CfXoNWNDSy3EjC0gEyF

Score

1^/10

Malware Config

Signatures

Files

1254d00ab2e0090df83ccf40e68b4f65_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a771a92b3e3d66880a28feb2f20be476

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:5c:f8:2e:e8:49:a6:d6:d3:be:2d:bc:94:dc:06:2a
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

09/05/2012, 00:00

Not After

08/07/2013, 23:59

Subject

CN=UCF,O=UCF,L=Haeundae-gu,ST=BUSAN,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

37:14:17:80:08:eb:71:42:88:1a:8a:31:5a:8c:73:21:37:0e:ce:bf
Signer

Actual PE Digest

37:14:17:80:08:eb:71:42:88:1a:8a:31:5a:8c:73:21:37:0e:ce:bf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GlobalAddAtomA
GlobalFlags
GetCurrentThreadId
GetLocaleInfoA
GlobalDeleteAtom
lstrcmpW
GlobalFindAtomA
GetCPInfo
GetOEMCP
RtlUnwind
GetCommandLineA
HeapAlloc
HeapFree
RaiseException
VirtualAlloc
HeapReAlloc
HeapSize
ExitProcess
GetACP
IsValidCodePage
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
SetFilePointer
WriteFile
lstrcmpA
GlobalGetAtomNameA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
CompareStringA
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
lstrlenA
WTSGetActiveConsoleSessionId
WideCharToMultiByte
OutputDebugStringA
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetLastError
LoadLibraryA
GetVersionExA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentDirectoryA
Sleep
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetCurrentProcess
WaitForSingleObject
CloseHandle
FindResourceA
LoadResource
LockResource
SizeofResource

advapi32

StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
GetTokenInformation
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
DuplicateTokenEx
CreateProcessAsUserA
StartServiceA
SetServiceStatus
OpenServiceA
ControlService
QueryServiceStatus
CloseServiceHandle
CreateServiceA
OpenSCManagerA
DeleteService

shell32

SHGetSpecialFolderPathA

oleaut32

VariantClear
VariantChangeType
SystemTimeToVariantTime
VariantInit

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQueryUserToken

oleacc

CreateStdAccessibleObject
LresultFromObject

user32

DestroyMenu
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SystemParametersInfoA
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostQuitMessage
SetForegroundWindow
IsIconic
PostMessageA
SetWindowPos
SetWindowLongA
IsWindow
GetDlgItem
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
GetFocus
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
SetWindowTextA
GetWindowTextA
GetWindowThreadProcessId
SendMessageA
GetParent
GetWindowLongA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
LoadIconA
WinHelpA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetSystemMetrics
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
UnhookWindowsHookEx
LoadCursorA

gdi32

GetStockObject
DeleteDC
SelectObject
ScaleWindowExtEx
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
SaveDC
RestoreDC
SetMapMode
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
DeleteObject
GetDeviceCaps
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetViewportOrgEx

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a771a92b3e3d66880a28feb2f20be476

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

51:5c:f8:2e:e8:49:a6:d6:d3:be:2d:bc:94:dc:06:2aCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

37:14:17:80:08:eb:71:42:88:1a:8a:31:5a:8c:73:21:37:0e:ce:bfSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

oleaut32

userenv

wtsapi32

oleacc

user32

gdi32

winspool.drv

Sections

.text Size: 114KB - Virtual size: 113KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 1024B - Virtual size: 872B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

51:5c:f8:2e:e8:49:a6:d6:d3:be:2d:bc:94:dc:06:2a
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

37:14:17:80:08:eb:71:42:88:1a:8a:31:5a:8c:73:21:37:0e:ce:bf
Signer

.text
Size: 114KB - Virtual size: 113KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 1024B - Virtual size: 872B