2658bcfcc1b9518c835f29687ecf7996_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2658bcfcc1b9518c835f29687ecf7996_JaffaCakes118
Size

3.9MB
MD5

2658bcfcc1b9518c835f29687ecf7996
SHA1

0eb1febc51c224a6ec777670f4760e8b78306654
SHA256

dde2149879d041aeacd0eba22827810cb88a926badf56acfc2f0563562ed356d
SHA512

4113f6253f29d19365756c1254cfd11e54f1961e32352c9f14993c660e41e3a15c59f174339e003e070331d563222ad13a86e834857f85128ee2f856bf447422
SSDEEP

98304:uhW3+iSkv8FCykLM3j4Fh4NLJAhKJlyynVqEqpm24ZkO/Y69EY:uhy+iv8FCykLM3jgh4+KJFnZqg24ZYIN

Score

1^/10

Malware Config

Signatures

Files

2658bcfcc1b9518c835f29687ecf7996_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2c79c6d3dcf1eb4c32c4cd3fb47e0cc8

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:b4:1b
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

01/08/2005, 13:13

Not After

01/08/2006, 13:13

Subject

CN=WinSoftware Corporation\, Inc.,OU=Administrative Department,O=WinSoftware Corporation\, Inc.,L=Roseau,ST=Roseau,C=DM

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\vss_wd\_source\Products\WinLine\WinFirewall2005\Uninstaller\WF5 Release\Uninstaller.pdb

Imports

kernel32

GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetHandleCount
SetEnvironmentVariableA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsBadWritePtr
HeapCreate
InterlockedExchange
HeapDestroy
HeapSize
GetFileType
SetStdHandle
TerminateProcess
HeapReAlloc
GetCommandLineA
GetStartupInfoA
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualProtect
HeapFree
HeapAlloc
GetTickCount
SetErrorMode
GetOEMCP
GetCPInfo
GlobalFlags
WritePrivateProfileStringA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
InterlockedIncrement
GetFileTime
GetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
FreeResource
GlobalAddAtomA
InterlockedDecrement
GetCurrentThread
GlobalDeleteAtom
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
MulDiv
lstrcpyA
lstrcpynA
FreeLibrary
LoadLibraryA
GetProcAddress
ExitProcess
GetFileSize
VirtualAlloc
VirtualFree
WaitForSingleObject
GetCurrentProcess
GetTempPathA
WriteFile
CloseHandle
GetModuleHandleA
GetModuleFileNameA
CreateFileA
SetFilePointer
ReadFile
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP

user32

wsprintfA
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
SetForegroundWindow
GetMenu
AdjustWindowRectEx
EqualRect
RegisterClassA
DefWindowProcA
IntersectRect
GetWindowPlacement
SetWindowContextHelpId
MapDialogRect
SetWindowPos
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
EndDialog
ModifyMenuA
CheckMenuItem
GetMenuCheckMarkDimensions
GetMessageA
TranslateMessage
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetLastActivePopup
IsWindowEnabled
EndPaint
BeginPaint
GrayStringA
DrawTextExA
TabbedTextOutA
PostQuitMessage
GetMenuStringA
SetWindowLongA
MapWindowPoints
CallWindowProcA
GetSysColorBrush
CharUpperA
UnregisterClassA
LoadBitmapA
LoadStringA
MessageBoxA
DrawIcon
SendMessageA
IsIconic
GetClientRect
LoadIconA
EnableWindow
GetClassInfoA
DestroyMenu
IsRectEmpty
IsZoomed
PostMessageA
GetMenuItemID
SetMenuDefaultItem
EnableMenuItem
AppendMenuA
CreatePopupMenu
SetRect
SetWindowsHookExA
CallNextHookEx
GetSubMenu
WindowFromPoint
UnhookWindowsHookEx
ClientToScreen
SystemParametersInfoA
GetSysColor
UpdateWindow
SetRectEmpty
GetMenuItemRect
UnionRect
TrackPopupMenuEx
TrackPopupMenu
FillRect
FrameRect
CharNextA
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
SetMenuItemInfoA
SetMenuItemBitmaps
GetDesktopWindow
GetMenuItemInfoA
GetMenuDefaultItem
OffsetRect
InflateRect
GetMenuItemCount
GetMenuState
IsMenu
InsertMenuItemA
GetFocus
ValidateRect
DrawTextA
ReleaseCapture
GetWindowLongA
PostThreadMessageA
RegisterClipboardFormatA
DispatchMessageA
GetSystemMetrics
GetDlgItem
DrawStateA
GetSystemMenu
PtInRect
SetWindowRgn
ScreenToClient
GetDC
InvalidateRect
ReleaseDC
GetWindowDC
GetWindowRect
GetClassNameA
GetWindow
GetCursorPos
ShowWindow
IsWindow
RedrawWindow
FindWindowExA
SetCursor
GetParent
CopyRect
SetCapture
LoadCursorA
GetDlgCtrlID
IsChild

gdi32

CreateRectRgnIndirect
CreateFontA
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
ExcludeClipRect
GetClipBox
RestoreDC
SaveDC
GetTextColor
DeleteObject
GetRgnBox
SetStretchBltMode
DPtoLP
CreateBitmap
GetMapMode
SetMapMode
CreateSolidBrush
GetBitmapBits
SetBitmapBits
GetPixel
Rectangle
CreateBrushIndirect
MoveToEx
CreatePen
LineTo
GetBkColor
GetBkMode
SetBkColor
TextOutA
SetBkMode
SetTextColor
GetDeviceCaps
GetStockObject
StretchBlt
GetTextExtentPoint32A
GetDIBits
CreateCompatibleDC
BitBlt
DeleteDC
CreateEllipticRgn
SelectObject
CreateCompatibleBitmap
GetObjectA
CreateFontIndirectA
CreateRectRgn
CombineRgn

msimg32

AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyA
CloseServiceHandle
ChangeServiceConfigA
QueryServiceConfigA
ControlService
RegQueryValueA
RegCloseKey
RegOpenKeyA
OpenSCManagerA
OpenServiceA
QueryServiceStatus

shell32

ShellExecuteA

comctl32

ImageList_AddMasked
ord17
ImageList_DrawEx
ImageList_GetImageInfo
ImageList_GetIconSize
_TrackMouseEvent
ImageList_GetImageCount
ImageList_Draw
ImageList_Destroy
ImageList_Create

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
StgOpenStorageOnILockBytes
CoTaskMemFree
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries

oleaut32

SysFreeString
SysStringLen
SysAllocStringByteLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
SystemTimeToVariantTime
SysAllocString
OleCreateFontIndirect
SafeArrayDestroy

Sections

.text
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c79c6d3dcf1eb4c32c4cd3fb47e0cc8

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

3f:b4:1bCertificate

Extended Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 212KB - Virtual size: 209KB

.rdata Size: 52KB - Virtual size: 50KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 3.6MB - Virtual size: 3.6MB

01
Certificate

0a
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

3f:b4:1b
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

.text
Size: 212KB - Virtual size: 209KB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 3.6MB - Virtual size: 3.6MB