1750576e1f32be0b34cdb25525cdcccc_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1750576e1f32be0b34cdb25525cdcccc_JaffaCakes118
Size

937KB
MD5

1750576e1f32be0b34cdb25525cdcccc
SHA1

b904118ae1b46b367b6fcdedda7e3caeb94cb1a8
SHA256

a8e37b26eb369ffbfc11c661d202a8b597d44953c6a38529bad4f5892bef5b38
SHA512

d028177e52092211c6e4e8ac2d611328013f8c75668dc920c776a37bea94296d58eb3412b7b80d4b1c6fe3876df0bba10b06b187fd9fb287f47f456e0c38b50b
SSDEEP

12288:0F3oans8PVeqG5FxuyyV2ArjAnVjQRBBs85KjifccTIrcqMJg0fGNRppAy:0yDb5FxubVYnmBFKjMco2tsG1uy

Score

1^/10

Malware Config

Signatures

Files

1750576e1f32be0b34cdb25525cdcccc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

82d6f5fea5de04be2368867d81f24008

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:94:d7:39:bc:82:c7:14:9e:be:00:e2:c8:d7:be:f6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

18/05/2010, 00:00

Not After

16/02/2011, 23:59

Subject

CN=Trend Micro\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=RD,O=Trend Micro\, Inc.,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c1:80:14:df:ee:db:46:7d:af:44:eb:7a:90:c6:bf:00:e8:dd:52:d3
Signer

Actual PE Digest

c1:80:14:df:ee:db:46:7d:af:44:eb:7a:90:c6:bf:00:e8:dd:52:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\CSM\src\Client\PccNT\PccNTMon\Release\PccNTMon.pdb

Imports

ofcpipc

OIPC_DeInit
OIPC_Init
OIPC_ReceiveStart
OIPC_ReceiveStop
OIPC_CreateCommand
OIPC_CmdDataCopy
OIPC_SendData
OIPC_FreeCommand

ofcpluginapi

plgin_DoTrayCommand
plgin_MainGetCtrlFlag
plgin_ApiDeInit
plgin_TrayDeInit
plgin_TrayInit
plgin_ApiInit
plgin_GetTrayMenu

tmpac

tmpac_CreateContext
tmpac_ReleaseContext
tmpac_DetectAutoProxyConfig

loadhttp

Post

libtrendsecure

isTGPUpdateTime
updateTransactionProtector
?setTrendProtectAU@TSECURE@@YAXXZ

timestring

__tmGetDateTimeStringW_tm
?_tmGetDateTimeStringW@@YAXPBUtm@@PA_WHHH@Z
?_tmGetDateFormatW@@YAXPA_WHH@Z
?_tmGetTimeFormatW@@YAXPA_WHH@Z

flowcontrol

FlowEnabled

vsapi32

ord627
ord614
ord628

version

VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

ws2_32

WSAStartup
WSACleanup
htonl
inet_ntoa

advapi32

RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyW
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegNotifyChangeKeyValue
GetUserNameW
RegQueryValueExA
RegCreateKeyExW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExA

psapi

GetProcessMemoryInfo

shlwapi

PathIsUNCW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathQuoteSpacesW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW

pwd

PWDEncrypt
PWDDecrypt

kernel32

ResumeThread
CopyFileW
SetFileAttributesW
ResetEvent
WaitForMultipleObjects
MultiByteToWideChar
GetComputerNameW
GetFileTime
CreateFileW
GetExitCodeThread
WriteFile
SetFilePointer
lstrcatW
GetSystemTime
lstrcpyW
ReadFile
DeleteFileW
FindClose
FindNextFileW
FindFirstFileW
lstrcmpW
GetTimeFormatW
GetDateFormatW
GetProcAddress
LoadLibraryW
WinExec
FreeLibrary
DuplicateHandle
GetCurrentProcess
GetPrivateProfileStringA
SetProcessShutdownParameters
LoadLibraryA
GetSystemDefaultLangID
CreateThread
GetCurrentProcessId
SetWaitableTimer
OpenWaitableTimerW
SleepEx
lstrlenW
ProcessIdToSessionId
GetFileSize
GetCurrentThread
GetModuleFileNameA
GetLongPathNameW
GetTempPathW
IsBadWritePtr
GetCommandLineW
GlobalFree
GetLocalTime
TryEnterCriticalSection
WideCharToMultiByte
OpenEventW
GetExitCodeProcess
GetCurrentThreadId
GetModuleHandleW
SetLastError
MulDiv
LocalFree
FormatMessageW
GlobalUnlock
GlobalLock
GlobalAlloc
InterlockedDecrement
GetModuleHandleA
FreeResource
GetVersionExA
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
SetThreadPriority
SuspendThread
GlobalGetAtomNameW
GetVersion
lstrcmpA
lstrlenA
GetThreadLocale
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationW
GetFullPathNameW
InterlockedExchange
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
WritePrivateProfileStringW
RaiseException
VirtualProtect
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GlobalFlags
SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
GetSystemTimeAsFileTime
ExitThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
ExitProcess
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
SetEnvironmentVariableA
GetPrivateProfileIntA
GetWindowsDirectoryA
lstrcpynA
WaitForSingleObjectEx
SetProcessWorkingSetSize
WaitForMultipleObjectsEx
lstrcatA
lstrcpyA
SetEvent
GetFileAttributesW
CreateDirectoryW
CreateProcessW
CloseHandle
GetUserDefaultLangID
CreateEventW
lstrcpynW
GetTickCount
Sleep
FileTimeToLocalFileTime
FileTimeToSystemTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
ReleaseMutex
CreateMutexW
GetSystemDirectoryW
GetVersionExW
GetLastError
GetPrivateProfileStringW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
GetPrivateProfileIntW
InterlockedCompareExchange
GetFileAttributesA
GetDriveTypeA
FindFirstFileA
GetFullPathNameA
GetCurrentDirectoryA
SetNamedPipeHandleState
WaitNamedPipeW
TerminateThread

user32

RemovePropW
GetPropW
SetPropW
GetClassNameW
GetClassLongW
CallNextHookEx
SetWindowsHookExW
GetCapture
IsChild
WinHelpW
SendDlgItemMessageA
CheckMenuItem
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
TranslateMessage
GetMessageW
TranslateAcceleratorW
SetMenu
SetRectEmpty
InsertMenuItemW
LoadAcceleratorsW
ReleaseCapture
SetCursor
DestroyMenu
ReuseDDElParam
UnpackDDElParam
InflateRect
GetMenuItemInfoW
WindowFromPoint
CharUpperW
ShowOwnedPopups
MapDialogRect
GetSysColorBrush
IsRectEmpty
CopyAcceleratorTableW
InvalidateRgn
SetCapture
CharNextW
SetWindowContextHelpId
RegisterClipboardFormatW
GetNextDlgGroupItem
PostThreadMessageW
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SetDlgItemInt
SendDlgItemMessageW
GetDlgItemTextW
CheckRadioButton
GetWindow
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DispatchMessageW
DrawFocusRect
CopyRect
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetWindowLongW
SetLayeredWindowAttributes
AnimateWindow
LoadCursorW
SystemParametersInfoW
GetFocus
ReleaseDC
GetDC
SetRect
GetParent
PtInRect
FillRect
RegisterWindowMessageW
GetCursorPos
BringWindowToTop
MessageBeep
DestroyIcon
LoadStringW
SetClassLongW
IsWindow
GetWindowLongW
GetWindowPlacement
GetSystemMetrics
RegisterClassW
UnregisterClassW
LoadIconW
SetForegroundWindow
SetActiveWindow
RedrawWindow
UpdateWindow
IsIconic
GetSystemMenu
PostMessageW
LoadMenuW
RemoveMenu
ModifyMenuW
InsertMenuW
GetSubMenu
GetMenuStringW
GetMenuState
GetMenuItemID
GetMenuItemCount
EnableMenuItem
AppendMenuW
DeleteMenu
CreatePopupMenu
DrawIcon
PeekMessageW
PostQuitMessage
GetSysColor
InvalidateRect
SendMessageW
KillTimer
SetTimer
FindWindowW
GetDesktopWindow
IsWindowVisible
EnableWindow
ClientToScreen
GetClientRect
LoadBitmapW
wsprintfW
GetDlgItem
GetWindowRect
ScreenToClient
SetWindowPos
ShowWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
GetKeyState
GetMenu
CreateWindowExW
GetClassInfoExW
AdjustWindowRectEx
EqualRect
DeferWindowPos
DefWindowProcW
CallWindowProcW
OffsetRect
IntersectRect
SystemParametersInfoA
GetLastActivePopup
MessageBoxW
GetActiveWindow
DestroyWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetWindowTextLengthW
GetWindowTextW
SetFocus
UnhookWindowsHookEx
IsWindowEnabled
GetClassInfoW
UnregisterClassA

gdi32

GetClipBox
ExtSelectClipRgn
DeleteDC
SetMapMode
CreatePatternBrush
CreateBitmap
IntersectClipRect
LineTo
MoveToEx
ScaleWindowExtEx
SetWindowExtEx
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
CreateRectRgnIndirect
GetTextExtentPoint32W
SelectObject
GetObjectW
CreateFontIndirectW
DeleteObject
CreateSolidBrush
BitBlt
CreateCompatibleDC
SelectClipRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutW
GetStockObject
CreatePen
CreateCompatibleBitmap
GetMapMode
GetTextMetricsW
SetViewportExtEx
GetRgnBox
GetBkColor
GetTextColor
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
ScaleViewportExtEx

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

shell32

ShellExecuteExW
DragFinish
SHGetSpecialFolderPathW
Shell_NotifyIconW
ShellExecuteW
DragQueryFileW

oledlg

OleUIBusyW

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoTaskMemAlloc
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SafeArrayCreate
OleCreateFontIndirect
SysFreeString
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
DispCallFunc
SysAllocString
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysStringLen

Sections

.text
Size: 656KB - Virtual size: 652KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82d6f5fea5de04be2368867d81f24008

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:94:d7:39:bc:82:c7:14:9e:be:00:e2:c8:d7:be:f6Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

c1:80:14:df:ee:db:46:7d:af:44:eb:7a:90:c6:bf:00:e8:dd:52:d3Signer

Headers

File Characteristics

PDB Paths

Imports

ofcpipc

ofcpluginapi

tmpac

loadhttp

libtrendsecure

timestring

flowcontrol

vsapi32

version

ws2_32

advapi32

psapi

shlwapi

pwd

kernel32

user32

gdi32

comdlg32

winspool.drv

shell32

oledlg

ole32

oleaut32

Sections

.text Size: 656KB - Virtual size: 652KB

.rdata Size: 232KB - Virtual size: 229KB

.data Size: 20KB - Virtual size: 52KB

.rsrc Size: 20KB - Virtual size: 16KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:94:d7:39:bc:82:c7:14:9e:be:00:e2:c8:d7:be:f6
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

c1:80:14:df:ee:db:46:7d:af:44:eb:7a:90:c6:bf:00:e8:dd:52:d3
Signer

.text
Size: 656KB - Virtual size: 652KB

.rdata
Size: 232KB - Virtual size: 229KB

.data
Size: 20KB - Virtual size: 52KB

.rsrc
Size: 20KB - Virtual size: 16KB