177a6ec20d9ccd87ceb9cc0e008ce80c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

177a6ec20d9ccd87ceb9cc0e008ce80c_JaffaCakes118
Size

6.1MB
MD5

177a6ec20d9ccd87ceb9cc0e008ce80c
SHA1

ae42dc0f85c68ad492d609328e97c873a0ec1ab9
SHA256

9aa57a2937b608107e159269d45b453408f2e05ba56e015a685bbcc7b9f8a903
SHA512

9ca836f4ac9a8fb9c4c15dcfb18da2390b7c9754b28d3dbfbfc59fb08367a07c32eb41e297692c38a5eaee6ba0805f64d987a302048f1431033bafdf0b2ed35a
SSDEEP

49152:AsTmaEhnX2UwC0MiEy+ZGySug1aaGqosd:8aExyTEJG3d1a0

Score

1^/10

Malware Config

Signatures

Files

177a6ec20d9ccd87ceb9cc0e008ce80c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e1bc48f42b062b627416fafb995bdb87

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

46:a5:fc:45:fe:2c:55:bc:ed:e6:5c:88:83:fb:b6:f8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/10/2010, 00:00

Not After

26/11/2013, 23:59

Subject

CN=Prevx,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Prevx,L=Derby,ST=Derby,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bf:31:b3:e3:62:97:b6:74:30:64:80:2c:01:c8:52:6e:e2:98:1a:6b
Signer

Actual PE Digest

bf:31:b3:e3:62:97:b6:74:30:64:80:2c:01:c8:52:6e:e2:98:1a:6b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\tasks\code\tasks\factory\sourcenow\binary\objfre_wlh_x86\i386\prevx.pdb

Imports

advapi32

OpenSCManagerW
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegFlushKey
RegSaveKeyW
RegSetValueExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
LookupAccountNameW
OpenServiceA
StartServiceW
QueryServiceConfigW
OpenServiceW
RegQueryValueExW
RegOpenKeyExW
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumKeyExA
RegQueryInfoKeyW
RegSetValueExW
CloseServiceHandle
QueryServiceStatus
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
SetServiceStatus
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegQueryInfoKeyA
RegCreateKeyExW
RegRestoreKeyA
RegSaveKeyA
SetNamedSecurityInfoW
SetEntriesInAclW
GetSidSubAuthority
GetSidSubAuthorityCount
RegDeleteKeyA
RegDeleteKeyW
DuplicateTokenEx
CreateProcessAsUserA
RevertToSelf
GetUserNameW
ImpersonateLoggedOnUser
StartServiceCtrlDispatcherA
GetUserNameA

kernel32

SetFilePointer
SetEvent
ResetEvent
ReleaseMutex
WaitForSingleObject
CreateDirectoryA
TerminateProcess
OpenProcess
SizeofResource
LockResource
LoadResource
FindResourceA
GetFileSize
CreateThread
GetLocalTime
CreateProcessA
WideCharToMultiByte
SetEndOfFile
MoveFileExW
DeleteFileW
MoveFileExA
DeleteFileA
GetCurrentThreadId
FindClose
FindFirstFileA
ExpandEnvironmentStringsW
GetCurrentProcess
GlobalFree
GetSystemInfo
GetVersionExA
QueryDosDeviceW
CreateMutexA
FlushFileBuffers
GlobalUnlock
GlobalLock
FreeResource
WritePrivateProfileStringA
GetWindowsDirectoryA
GetCommandLineW
ExitProcess
GetTempPathA
RemoveDirectoryW
GetEnvironmentVariableW
GetEnvironmentVariableA
GetShortPathNameW
GetShortPathNameA
SearchPathW
SearchPathA
ExpandEnvironmentStringsA
ReadFile
GetWindowsDirectoryW
GetSystemDirectoryW
DeleteCriticalSection
GetComputerNameExW
CreateFileA
FindFirstFileW
CopyFileW
SetFileAttributesA
GetDriveTypeA
GetLogicalDrives
GetVolumeInformationA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetLogicalDriveStringsW
GetLongPathNameA
MoveFileA
GetDriveTypeW
GetTempFileNameW
SetFileAttributesW
TerminateThread
InterlockedDecrement
CreateDirectoryW
MoveFileW
FindNextFileA
GetFileTime
GetUserDefaultUILanguage
SystemTimeToFileTime
InitializeCriticalSection
GetProcessHeap
GetQueuedCompletionStatus
WaitForMultipleObjects
CreateIoCompletionPort
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
SetThreadPriority
GetCurrentThread
OpenEventA
CreateFileMappingA
OpenMutexA
CreateEventA
OpenFileMappingA
GetCommandLineA
GetModuleHandleW
SetErrorMode
GetModuleFileNameW
LoadLibraryW
DeviceIoControl
HeapReAlloc
GetCurrentProcessId
GetModuleHandleA
FreeLibrary
GetProcAddress
GetVersionExW
GetLongPathNameW
GetFileAttributesW
GetFullPathNameA
SetLastError
lstrcpynA
GetSystemDirectoryA
GetModuleFileNameA
GetFileAttributesA
LoadLibraryA
CreateFileW
CloseHandle
LocalAlloc
LocalFree
MultiByteToWideChar
GetTempPathW
HeapAlloc
GetCurrentDirectoryA
ExitThread
FileTimeToLocalFileTime
FileTimeToSystemTime
GetExitCodeThread
FormatMessageA
DuplicateHandle
SleepEx
RaiseException
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
VirtualProtect
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
HeapSize
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
VirtualQuery
RtlUnwind
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
OutputDebugStringA
VirtualAlloc
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
SetUnhandledExceptionFilter
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
GetStartupInfoA
HeapFree
InterlockedExchange
GetLastError
InterlockedIncrement
MulDiv
GlobalAlloc
CopyFileA
Sleep
WriteFile
GetTickCount
FindNextFileW

gdi32

CreatePatternBrush
CreatePen
CreateSolidBrush
CreateCompatibleBitmap
GetPixel
GetDeviceCaps
Rectangle
StretchBlt
CreateRoundRectRgn
MoveToEx
LineTo
CreateRectRgn
CombineRgn
FillRgn
SetBkMode
GetStockObject
SetTextColor
CreateFontA
DeleteObject
CreateCompatibleDC
SelectObject
GetObjectW
CreateDIBSection
BitBlt
DeleteDC
RoundRect

user32

RegisterWindowMessageA
DestroyWindow
DefWindowProcW
SetWindowRgn
SendMessageW
CreateWindowExW
LoadBitmapA
CallWindowProcW
SetWinEventHook
UnhookWinEvent
GetClassNameA
UnhookWindowsHookEx
PostThreadMessageW
SetWindowsHookExW
CallNextHookEx
GetGUIThreadInfo
GetKeyboardLayout
GetAsyncKeyState
ToUnicodeEx
UpdateWindow
ShowWindow
SetWindowPos
GetClientRect
FindWindowExW
SetWindowLongW
GetWindowLongW
SendInput
GetParent
TrackPopupMenu
FindWindowW
MessageBeep
SetScrollRange
SetScrollPos
GetScrollInfo
SetScrollInfo
GetWindow
GetAncestor
DestroyMenu
IsIconic
CreatePopupMenu
AppendMenuW
RegisterClassW
FindWindowExA
SetWindowTextW
MoveWindow
GetWindowRect
GetDesktopWindow
LoadImageA
InvalidateRect
GetCursorPos
PostMessageW
CloseClipboard
SetClipboardData
EmptyClipboard
SetTimer
KillTimer
UnregisterClassW
LoadCursorW
SetCursor
MessageBoxA
GetWindowTextW
GetMessageW
DispatchMessageW
TranslateMessage
IsWindow
OpenClipboard
GetWindowTextA
ReleaseDC
GetDC
SetFocus
GetFocus
DrawTextW
DrawTextA
MapVirtualKeyExW
FillRect
PostQuitMessage
BeginPaint
EndPaint
GetWindowInfo
ExitWindowsEx
GetSystemMetrics
AttachThreadInput
SetForegroundWindow
SetWindowTextA
MessageBoxW
FindWindowA
GetKeyboardState
MapVirtualKeyW
EnumWindows
GetWindowThreadProcessId
GetForegroundWindow
MonitorFromRect
GetMonitorInfoW
EqualRect
EnableWindow
LoadIconA
DestroyIcon
SendMessageA
IsWindowVisible
GetScrollPos
DrawIconEx
PtInRect

comctl32

ImageList_Create
ImageList_ReplaceIcon

comdlg32

GetOpenFileNameW
GetSaveFileNameW
GetSaveFileNameA

shell32

CommandLineToArgvW
Shell_NotifyIconA
ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHBrowseForFolderW
SHGetPathFromIDListW

ws2_32

getsockopt
connect
bind
getsockname
ntohs
socket
send
select
__WSAFDIsSet
WSASetLastError
closesocket
inet_addr
inet_ntoa
WSAStartup
gethostname
htons
gethostbyname
ioctlsocket
WSAGetLastError
WSACleanup
setsockopt
recv

setupapi

SetupDiGetClassDevsW
SetupDiSetClassInstallParamsW
SetupDiEnumDeviceInfo
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsW
SetupDiDestroyDeviceInfoList

oleacc

AccessibleChildren
AccessibleObjectFromWindow
AccessibleObjectFromEvent

oleaut32

VariantClear
SysFreeString
SysAllocString
OleLoadPicture

ole32

CreateStreamOnHGlobal
CoTaskMemFree
CoInitializeEx
CoInitialize
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

netapi32

NetWkstaGetInfo
NetApiBufferFree

crypt32

CertGetNameStringW
CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CryptMsgClose

wintrust

WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext

Sections

.text
Size: 983KB - Virtual size: 983KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1bc48f42b062b627416fafb995bdb87

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

46:a5:fc:45:fe:2c:55:bc:ed:e6:5c:88:83:fb:b6:f8Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

bf:31:b3:e3:62:97:b6:74:30:64:80:2c:01:c8:52:6e:e2:98:1a:6bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

comctl32

comdlg32

shell32

ws2_32

setupapi

oleacc

oleaut32

ole32

wtsapi32

netapi32

crypt32

wintrust

Sections

.text Size: 983KB - Virtual size: 983KB

.data Size: 22KB - Virtual size: 32KB

.rsrc Size: 5.0MB - Virtual size: 5.0MB

.reloc Size: 60KB - Virtual size: 59KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

46:a5:fc:45:fe:2c:55:bc:ed:e6:5c:88:83:fb:b6:f8
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

bf:31:b3:e3:62:97:b6:74:30:64:80:2c:01:c8:52:6e:e2:98:1a:6b
Signer

.text
Size: 983KB - Virtual size: 983KB

.data
Size: 22KB - Virtual size: 32KB

.rsrc
Size: 5.0MB - Virtual size: 5.0MB

.reloc
Size: 60KB - Virtual size: 59KB