30aa56b2ff5b1ec581044e8d7fc09e71_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

30aa56b2ff5b1ec581044e8d7fc09e71_JaffaCakes118
Size

422KB
MD5

30aa56b2ff5b1ec581044e8d7fc09e71
SHA1

8770fc8c041e42ab05aa0d1dae4f9867f991017a
SHA256

a92bc96b553715a6b929fbea2f4d0bf257a87c15b1b720c029f896f59995d8cf
SHA512

9b0caf510a605c40b337932c5a46a1095c8c4bfc146ffa32d84782c49f384dbccf61cda38507b3bbc1bc52505957cc8e444fdd423c2a2eaf72b835844d653366
SSDEEP

3072:Ce/2TCkMuN/+vBEVSNBF6lib/yTmKy5OpeQwrIk8avRsX37EWbNuSQtAOZvszIcs:CAaN/+52SNBQ+yTm40Db+GdDTiblv

Score

1^/10

Malware Config

Signatures

Files

30aa56b2ff5b1ec581044e8d7fc09e71_JaffaCakes118
.exe windows:6 windows x86 arch:x86

4c1dd8c8b6b3c9806d3dbdab48db8138

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

Issuer

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

Not Before

18/01/2008, 16:00

Not After

31/12/2011, 16:00

Subject

CN=deepxw Software,O=deepxw Software,1.2.840.113549.1.9.1=#1306646565707877

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7a:5a:46:12:98:c9:d3:cd:1b:60:bc:d3:2e:a8:2c:c5:3d:28:1f:df
Signer

Actual PE Digest

7a:5a:46:12:98:c9:d3:cd:1b:60:bc:d3:2e:a8:2c:c5:3d:28:1f:df

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

b:\open_tcpz\tcpz\tcpz\ui\objfre_wxp_x86\i386\tcpz.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CloseServiceHandle
ControlService
OpenServiceW
OpenSCManagerW
DeleteService
StartServiceW
CreateServiceW
CloseEventLog
ReadEventLogW
OpenEventLogW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

kernel32

GetProcessIoCounters
LocalFree
GetSystemInfo
GetModuleHandleW
GetVersionExW
lstrcpynW
GetPrivateProfileIntW
FreeLibrary
GetLastError
CreateMutexW
SetFilePointer
UnmapViewOfFile
IsBadReadPtr
MapViewOfFile
CreateFileMappingW
WriteFile
LoadLibraryW
CopyFileW
GetTempPathW
DeviceIoControl
GetFileAttributesW
GetCurrentDirectoryW
GetEnvironmentVariableW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetExitCodeProcess
WaitForSingleObject
FindResourceExW
GetCurrentProcess
GetLocalTime
GetProcAddress
GetProcessTimes
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeFormatW
GetDateFormatW
OpenProcess
ReadProcessMemory
GetTickCount
Sleep
CreateThread
TerminateThread
lstrlenW
GetVersion
GetWindowsDirectoryW
GetModuleFileNameW
FindFirstFileW
GetLocaleInfoW
GetPrivateProfileStringW
IsValidLocale
FindNextFileW
WritePrivateProfileStringW
lstrcmpiW
GetFileSize
VirtualAlloc
ReadFile
FindResourceW
LoadResource
SizeofResource
LockResource
VirtualFree
QueryPerformanceFrequency
QueryPerformanceCounter
MultiByteToWideChar
GetProcessHeap
HeapAlloc
HeapFree
lstrcmpW
CreateFileW
lstrcpyW
lstrcatW
CloseHandle
InterlockedExchange
RaiseException
LoadLibraryA
LocalAlloc
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
DeleteFileW

gdi32

Escape
TextOutW
RectVisible
PtVisible
LPtoDP
GetWindowExtEx
GetViewportExtEx
GetMapMode
ExtTextOutW
SetBkColor
SetTextColor
FloodFill
SetPixel
CreateFontW
GetBkColor
CreatePen
DPtoLP
Polygon
Ellipse
CreateFontIndirectW
CreateDCW
GetDeviceCaps
DeleteDC
DeleteObject
CreateRoundRectRgn
CreateRectRgn
CombineRgn
FrameRgn
StretchBlt
GetObjectW
CreateSolidBrush
GetStockObject
GetTextExtentPoint32W
BitBlt
Rectangle
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetTextMetricsW

user32

GetParent
CharNextW
GetWindowPlacement
MessageBoxW
FindWindowW
EnumWindows
LoadAcceleratorsW
GetDC
LoadMenuW
DestroyMenu
TranslateAcceleratorW
GetWindowTextW
SetForegroundWindow
ReleaseDC
ReleaseCapture
ModifyMenuW
GetWindowLongW
CheckMenuItem
GetCursorPos
EnableMenuItem
LoadIconW
SetParent
UpdateWindow
SetWindowRgn
IsIconic
GetSystemMenu
DrawIcon
InflateRect
CreateWindowExW
LoadCursorW
GetDlgItem
GetFocus
GetNextDlgTabItem
SetFocus
KillTimer
wsprintfW
SendMessageW
ScreenToClient
EnableWindow
DrawIconEx
GetWindowRect
LoadImageW
GetClassNameW
PostMessageW
GetClientRect
ClientToScreen
InvalidateRect
TrackPopupMenu
GetSubMenu
SetLayeredWindowAttributes
SetWindowLongW
SetWindowPos
PtInRect
GetSysColor
DrawStateW
CopyRect
GetSystemMetrics
LoadBitmapW
SetTimer
IsWindowEnabled
SetCursor
DrawEdge
ScrollDC
GetKeyState
GetTopWindow
DrawTextW
TabbedTextOutW
GrayStringW
OffsetRect

mfc42u

ord2036
ord2440
ord1569
ord2706
ord6688
ord6238
ord4238
ord693
ord2574
ord4396
ord3365
ord3635
ord4768
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord5790
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord3591
ord6017
ord6190
ord682
ord2572
ord4394
ord3625
ord2755
ord4124
ord5706
ord1921
ord4499
ord6193
ord1131
ord4262
ord804
ord2579
ord4400
ord3389
ord3724
ord1941
ord3915
ord790
ord6928
ord825
ord3133
ord1808
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4992
ord5261
ord2294
ord800
ord5949
ord942
ord861
ord540
ord538
ord4704
ord755
ord3087
ord470
ord324
ord4419
ord4435
ord4831
ord4847
ord4370
ord641
ord4229
ord3792
ord4470
ord1560
ord3658
ord3621
ord2385
ord2406
ord268
ord3614
ord3566
ord1634
ord1633
ord5781
ord2371
ord640
ord2236
ord323
ord3865
ord6451
ord2397
ord6168
ord5785
ord5871
ord613
ord6166
ord289
ord3568
ord1761
ord535
ord858
ord1197
ord5798
ord5446
ord6390
ord2810
ord1143
ord4294
ord4219
ord3084
ord4279
ord2855
ord5142
ord3093
ord6107
ord4198
ord941
ord567
ord3716
ord4418
ord3397
ord5286
ord1768
ord6051
ord795
ord2235
ord3991
ord5436
ord6379
ord3297
ord2836
ord2099
ord1165
ord2858
ord2859
ord2078
ord3592
ord940
ord6211
ord3870
ord2746
ord6195
ord2756
ord6868
ord5568
ord2910
ord4667
ord4269
ord815
ord561
ord3733
ord4616
ord5710
ord5285
ord5303
ord4692
ord4074
ord2717
ord5298
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord5296
ord3948
ord4270
ord3871
ord3688
ord4128
ord4292
ord5783
ord5784
ord472
ord2854
ord3605
ord656
ord2372
ord2559
ord3577
ord4392
ord2570
ord4213
ord2015
ord2403
ord616
ord1794
ord2745
ord4118
ord5047
ord4532
ord3701
ord3569
ord4390
ord2567
ord609
ord2634
ord283
ord5869
ord2144
ord1230
ord818
ord3737
ord3711
ord5830

msvcrt

_onexit
memset
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_lock
__dllonexit
_wcmdln
??1type_info@@UAE@XZ
_controlfp
wcsstr
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
__CxxFrameHandler
_purecall
_wcsicmp
wcsncmp
_wcsupr
swprintf
_wcslwr
_wtoi
__argc
__wargv
wcsrchr
wcstoul
malloc
free
memcpy
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_unlock

ntdll

RtlUnwind

shell32

Shell_NotifyIconW
DragQueryFileW
DragFinish
CommandLineToArgvW
ShellExecuteW
ShellExecuteExW
SHGetFileInfoW

shlwapi

PathFileExistsW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

imagehlp

CheckSumMappedFile

comctl32

InitCommonControlsEx
_TrackMouseEvent

comdlg32

GetSaveFileNameW

iphlpapi

NotifyAddrChange
GetIfEntry
GetAdaptersAddresses
GetTcpTable
GetTcpStatistics

ws2_32

WSAGetLastError

wintrust

CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
WinVerifyTrust

msimg32

GradientFill

psapi

GetProcessMemoryInfo

Sections

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c1dd8c8b6b3c9806d3dbdab48db8138

Code Sign

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4cCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

7a:5a:46:12:98:c9:d3:cd:1b:60:bc:d3:2e:a8:2c:c5:3d:28:1f:dfSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

mfc42u

msvcrt

ntdll

shell32

shlwapi

version

imagehlp

comctl32

comdlg32

iphlpapi

ws2_32

wintrust

msimg32

psapi

Sections

.text Size: 152KB - Virtual size: 152KB

.data Size: 3KB - Virtual size: 10KB

.rsrc Size: 248KB - Virtual size: 247KB

.reloc Size: 14KB - Virtual size: 13KB

18:23:2a:ce:52:10:a6:b0:4d:86:17:a5:00:40:af:4c
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

7a:5a:46:12:98:c9:d3:cd:1b:60:bc:d3:2e:a8:2c:c5:3d:28:1f:df
Signer

.text
Size: 152KB - Virtual size: 152KB

.data
Size: 3KB - Virtual size: 10KB

.rsrc
Size: 248KB - Virtual size: 247KB

.reloc
Size: 14KB - Virtual size: 13KB