2bb8c797cfeb03502d4d7cb9a6fe4a56_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2bb8c797cfeb03502d4d7cb9a6fe4a56_JaffaCakes118
Size

203KB
MD5

2bb8c797cfeb03502d4d7cb9a6fe4a56
SHA1

1cbe6b9acf82c39cf11c1d2de7a8adb3bf0311e9
SHA256

e861ca5eca6e3cfe88740079620eb6947a46af83143dd54e17829896dc7699ac
SHA512

3e9675f19ba80562f8e4b54dbb41851b7fcb5ceba5f7fae77e70c4f5954673afda475b50927997dee77bc6c7bf1142e7b3358d3c123c965fece62c98ac6d8bf3
SSDEEP

3072:zm5FkZ0UlMsV77wJ/ZZJLEysK49b1D25JwZwZ09e/dWoLHGOhMQsw3sEMnORJAHD:KYvlvaLEysLOwZwseVZHGYbW+Aj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/upgrade.exe

Files

2bb8c797cfeb03502d4d7cb9a6fe4a56_JaffaCakes118
.cab
mcinst.exe
.exe windows:4 windows x86 arch:x86

4a37fba469c09c87717922e4e0f0277c

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

72:f0:ed:bf:f2:0c:b8:9b:db:3d:db:f1:9d:74:d2:1a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07/09/2006, 00:00

Not After

09/10/2007, 23:59

Subject

CN=McAfee\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IIS,O=McAfee\, Inc.,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\BuildSystem\Node\MCINST220_6330393732065.Build\build\Win32\Release\mcinst.pdb

Imports

wintrust

WinVerifyTrust

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

GetModuleFileNameA
WaitForSingleObject
CreateMutexA
MoveFileA
FindFirstFileA
GetTempPathA
WriteFile
ReadFile
GetFileSize
GetWindowsDirectoryA
WideCharToMultiByte
GetShortPathNameW
CopyFileW
GetTempFileNameW
MoveFileExW
SetFileAttributesW
GetVersionExW
RemoveDirectoryW
FindNextFileW
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
MultiByteToWideChar
GetLocalTime
OutputDebugStringA
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
GetSystemDirectoryA
EnterCriticalSection
LocalAlloc
FindNextFileA
SearchPathA
lstrlenW
ResumeThread
SuspendThread
GetCurrentProcess
SetPriorityClass
GetThreadTimes
SetThreadPriority
GetCurrentThread
lstrcmpiA
CreateThread
DuplicateHandle
CreateEventA
LocalFree
SetEvent
GetCurrentProcessId
CopyFileA
GetExitCodeProcess
CreateProcessA
GetSystemInfo
ExpandEnvironmentStringsA
SetFileAttributesA
GetFileAttributesA
GetTempFileNameA
CreateDirectoryA
GlobalFree
GlobalAlloc
lstrcpynA
MoveFileExA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetLastError
IsBadReadPtr
SystemTimeToFileTime
GetStringTypeA
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
Sleep
GetStdHandle
VirtualFree
HeapCreate
LCMapStringW
LCMapStringA
GetPrivateProfileSectionNamesA
GetProcessHeap
HeapAlloc
GetPrivateProfileSectionA
lstrlenA
HeapFree
GetLongPathNameA
DeleteFileA
ReleaseMutex
RemoveDirectoryA
GetShortPathNameA
WritePrivateProfileStringA
CreateFileA
SetFilePointer
FlushFileBuffers
CloseHandle
FindFirstFileW
GetLastError
FindClose
GetFileAttributesW
LoadLibraryA
GetProcAddress
GetThreadLocale
GetLocaleInfoA
GetACP
FreeLibrary
DeleteCriticalSection
GetVersionExA
InitializeCriticalSection
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
InterlockedExchange
WriteConsoleW
GetCurrentThreadId
TlsFree
GetConsoleMode
GetConsoleCP
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetCPInfo
GetStartupInfoA
GetCommandLineA
HeapDestroy
HeapReAlloc
HeapSize
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
SetEnvironmentVariableA
GetModuleHandleA
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualAlloc
VirtualQuery
GetStringTypeW

user32

LoadStringA
PostThreadMessageA
RegisterClassA
CreateWindowExA
SetWindowRgn
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
CharNextA
wsprintfA

advapi32

RegQueryInfoKeyA
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegCreateKeyA
LockServiceDatabase
ChangeServiceConfigA
UnlockServiceDatabase
ControlService
QueryServiceConfig2A
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
ChangeServiceConfig2A
RegEnumKeyExA
GetSecurityDescriptorControl
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegDeleteValueA
EnumServicesStatusExA
QueryServiceConfigA
CreateServiceA
OpenSCManagerA
OpenServiceA
DeleteService
CloseServiceHandle
RegEnumValueA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA

shell32

SHGetFolderPathA

ole32

CoUninitialize
CoCreateGuid
CoInitialize
CoTaskMemFree
StringFromCLSID

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString

shlwapi

PathAppendA
SHDeleteValueA

Sections

.text
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
upgrade.exe
.exe windows:4 windows x86 arch:x86

985601d3f82deacacc9d932783342360

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EnableScrollBar
DrawTextA
DrawStateA
DrawMenuBar
DrawIcon
DispatchMessageA
DestroyMenu
DestroyCursor
DefDlgProcA
CreateIcon
CreateDialogParamA
CreateDialogIndirectParamA
CreateCursor
CreateAcceleratorTableA
CharToOemA
CharNextA

kernel32

EnterCriticalSection
lstrcatA
VirtualAlloc
UnmapViewOfFile
TlsSetValue
TlsFree
SetLastError
RtlUnwind
OpenFile
LoadLibraryA
InitializeCriticalSection
GetPrivateProfileStringA
GetLocalTime
FreeResource
ExitThread
EnumResourceLanguagesA

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4a37fba469c09c87717922e4e0f0277c

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

72:f0:ed:bf:f2:0c:b8:9b:db:3d:db:f1:9d:74:d2:1aCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

wintrust

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 189KB - Virtual size: 189KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 27KB - Virtual size: 26KB

985601d3f82deacacc9d932783342360

Headers

File Characteristics

Imports

user32

kernel32

Sections

.text Size: 35KB - Virtual size: 34KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 40KB - Virtual size: 39KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

72:f0:ed:bf:f2:0c:b8:9b:db:3d:db:f1:9d:74:d2:1a
Certificate

.text
Size: 189KB - Virtual size: 189KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 27KB - Virtual size: 26KB

.text
Size: 35KB - Virtual size: 34KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 40KB - Virtual size: 39KB