14d119b8df9bc6abe240297e535d4a9c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14d119b8df9bc6abe240297e535d4a9c_JaffaCakes118
Size

698KB
MD5

14d119b8df9bc6abe240297e535d4a9c
SHA1

4fc3dca94fed4e515fddd51012588a4c2972af34
SHA256

f7098d7b1172d7d19c9c342420280d64c685e1c6cb5f7f5eca8dd09159e23482
SHA512

293c2cfc50e1d1557f677cc33c6c9e98d506dcaa5e3d8c26fa172907deadcbf74e7a0bcbcc3197ecbdf40bd62dc88804660561d9695ae112717a9a6cb19ccf53
SSDEEP

12288:8dHn9Rwfzl0/PVcFN8VNhbKqWRUlLOsl3NPzZvwvoiUgW4Utjv:8dHsfR01cvaNNWUN3NtPyL4jv

Score

1^/10

Malware Config

Signatures

Files

14d119b8df9bc6abe240297e535d4a9c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3e80b6cdfd4bf9b636c7ba6ce00b0beb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:23:75:68:bb:83:8b:3e:16:37:05:a7:36:5e:ec:19
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

03/11/2012, 00:00

Not After

03/12/2013, 23:59

Subject

CN=Qzoneinteractive,OU=EC Team,O=Qzoneinteractive,L=Gwangjin-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:7d:bf:c3:13:d8:00:64:2d:2c:67:0f:00:0f:fe:74:0f:4e:f6:b5
Signer

Actual PE Digest

61:7d:bf:c3:13:d8:00:64:2d:2c:67:0f:00:0f:fe:74:0f:4e:f6:b5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

closesocket
bind
socket
WSAStartup
WSACleanup
connect
WSAGetLastError
recv
send
htonl
inet_addr
WSASetLastError
htons
gethostbyname
setsockopt

netapi32

Netbios

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetStartupInfoW
TerminateProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RaiseException
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CreateDirectoryW
GetModuleFileNameW
FindFirstFileW
FindClose
GetLastError
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
CreateFileW
WriteFile
CloseHandle
GetCurrentProcess
GetSystemDirectoryW
GetWindowsDirectoryW
Sleep
WaitForSingleObject
lstrlenW
GetSystemTime
FileTimeToSystemTime
FreeResource
MulDiv
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetConsoleMode
SetLastError
FreeLibrary
lstrcmpiW
LoadLibraryExW
GetModuleHandleW
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
SetFilePointer
ReadFile
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
GetFileAttributesW
SetFileTime
CreateFileA
HeapAlloc
GetProcessHeap
HeapFree
FormatMessageW
LocalFree
HeapDestroy
HeapReAlloc
HeapSize
InterlockedCompareExchange
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
ExitProcess
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetModuleHandleA
RtlUnwind
InitializeCriticalSectionAndSpinCount
lstrcpynW
GetConsoleCP
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
FlushInstructionCache

user32

DrawTextW
GetWindowTextW
GetDlgCtrlID
SetCursor
CallWindowProcW
DefWindowProcW
SetWindowTextW
GetDC
ReleaseDC
KillTimer
OffsetRect
FillRect
EndPaint
BeginPaint
IsWindow
IsDialogMessageW
GetDlgItem
EnableWindow
ShowWindow
MoveWindow
GetActiveWindow
PostQuitMessage
MessageBoxW
DialogBoxParamW
CreateDialogParamW
DestroyWindow
SetDlgItemTextW
PostMessageW
SetTimer
LoadCursorW
RedrawWindow
ScreenToClient
InvalidateRect
UpdateWindow
GetSysColor
SetWindowLongW
SendMessageW
GetSystemMetrics
LoadImageW
EndDialog
GetWindow
GetWindowLongW
GetMonitorInfoW
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
SetWindowPos
UnregisterClassA
wsprintfW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CharNextW
MonitorFromWindow

advapi32

CryptAcquireContextW
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
CryptCreateHash

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoUninitialize
CoCreateInstance

shell32

ord680
SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
SHGetFolderPathW

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

gdi32

CreateSolidBrush
DeleteObject
GetObjectW
DPtoLP
GetDeviceCaps
DeleteDC
BitBlt
SetTextColor
SelectObject
SetBkMode
SetTextAlign
SetViewportOrgEx
TextOutW
GetViewportOrgEx
Rectangle
GetStockObject
CreateCompatibleBitmap
CreateFontIndirectW
CreateCompatibleDC

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 533KB - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e80b6cdfd4bf9b636c7ba6ce00b0beb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

7f:23:75:68:bb:83:8b:3e:16:37:05:a7:36:5e:ec:19Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

61:7d:bf:c3:13:d8:00:64:2d:2c:67:0f:00:0f:fe:74:0f:4e:f6:b5Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

netapi32

version

kernel32

user32

advapi32

ole32

shell32

oleaut32

comctl32

gdi32

Sections

.text Size: 111KB - Virtual size: 110KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 533KB - Virtual size: 532KB

.reloc Size: 12KB - Virtual size: 12KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

7f:23:75:68:bb:83:8b:3e:16:37:05:a7:36:5e:ec:19
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

61:7d:bf:c3:13:d8:00:64:2d:2c:67:0f:00:0f:fe:74:0f:4e:f6:b5
Signer

.text
Size: 111KB - Virtual size: 110KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 533KB - Virtual size: 532KB

.reloc
Size: 12KB - Virtual size: 12KB