3ac2b24a99fb3549d8023c1145949f9e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3ac2b24a99fb3549d8023c1145949f9e_JaffaCakes118
Size

140KB
MD5

3ac2b24a99fb3549d8023c1145949f9e
SHA1

aa9b7e09cb213f79d770a0cd932cfc46ca0a8462
SHA256

685bcb524af84356407a8baa7dbe45b4f95d1e038171d06aa464b028d5fe883a
SHA512

db5df6c75974ba36cece361889c9467fc570166ffa431ed82101b404ee1f95ad9acc4e89bd58811bf7d1a7a43017ec3c802878aef7a289a6bbcc949757d0be44
SSDEEP

3072:ykS/RDdFt5l17T9exC/0EOeV8etaQYgn9Q5HAVcBmDic9JMwXGgU0A4:Q/RDPt53XdpsQN9Q5F8EsGgU8

Score

1^/10

Malware Config

Signatures

Files

3ac2b24a99fb3549d8023c1145949f9e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

505d8945178bbc178f731f3ed7e2571c

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

34:11:c5:0a:8e:92:1d:c1:af:43:2c:f0:12:a1:5e:d0
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

29/08/2006, 07:13

Not After

29/08/2007, 07:13

Subject

CN=TNL Corp.,OU=Marketing,O=TNL Corp.,L=Goyang,ST=kyunggi\ ,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:23:a1:f7:29:30:5e:7d:dc:d6:93:68:6e:fc:00:21:38:d9:df:e5
Signer

Actual PE Digest

14:23:a1:f7:29:30:5e:7d:dc:d6:93:68:6e:fc:00:21:38:d9:df:e5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

MultiByteToWideChar
GetLastError
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiA
lstrlenA
lstrcatA
lstrcpyA
SetEvent
CloseHandle
WinExec
GetTempFileNameA
GetTempPathA
CreateFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetTickCount
WaitForSingleObject
FreeLibrary
GetProcAddress
LoadLibraryA
CreateEventA
WriteFile
DeleteFileA
ReadFile
lstrcmpA
Sleep
CreateThread
lstrcpynA
LeaveCriticalSection
EnterCriticalSection
ResetEvent
GetVersionExA
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetModuleFileNameA
GetCurrentProcessId
TerminateThread
CreateDirectoryA
WaitForMultipleObjects
CreateMutexA
SetFileAttributesA
GetFileAttributesA
GetLongPathNameA
GetWindowsDirectoryA
GetSystemDirectoryA
CallNamedPipeA
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeA
GetFileSize
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetShortPathNameA
MoveFileExA
CopyFileA
GetFileType
DuplicateHandle
GetCurrentProcess
SystemTimeToFileTime
DosDateTimeToFileTime
GetCurrentDirectoryA
SetFileTime
TerminateProcess
OpenProcess
GetCurrentThreadId
FindClose
FindFirstFileA
GetThreadLocale
GetLocaleInfoA
GetACP
GetSystemTimeAsFileTime
QueryPerformanceCounter
ExitProcess
GetStartupInfoA
GetModuleHandleA
InterlockedExchange
SetFilePointer

user32

wsprintfA
DestroyIcon
GetWindowThreadProcessId
PeekMessageA
TranslateMessage
DispatchMessageA
UpdateWindow
RegisterWindowMessageA
GetDesktopWindow
DefWindowProcA

advapi32

RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegCloseKey

ole32

CoCreateInstance
CoInitialize
CoCreateGuid
CoUninitialize

shell32

SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA

oleaut32

SysAllocString
VariantInit
SysStringLen
SysAllocStringLen
VariantClear
SysFreeString

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Xran@_String_base@std@@QBEXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@Viterator@12@0PBD@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Nomemory@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcr71

??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@XZ
free
malloc
__CxxFrameHandler
??3@YAXPAX@Z
??0exception@@QAE@ABV0@@Z
atoi
_itoa
_mbschr
_mbsstr
_controlfp
__security_error_handler
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_callnewh
memset
strncat
wcsncmp
wcschr
wcsncpy
wcsstr
strncpy
gmtime
calloc
_mbsnbcpy
_mbsrev
_mbsicmp
isdigit
mktime
time
atol
bsearch
_vsnprintf
strncmp
??_V@YAXPAX@Z
strrchr
memmove
strchr
strstr
_mbslwr
_except_handler3
_strnicmp
_strlwr
_stricmp
_wcslwr
_wcsicmp
_setmbcp
_mbsnbicmp

mfc71

ord2415
ord2392
ord2396
ord2398
ord2400
ord2390
ord5233
ord5235
ord1054
ord6090
ord757
ord566
ord3333
ord4261
ord4481
ord2838
ord5566
ord5213
ord2403
ord395
ord4541
ord3683
ord4038
ord4014
ord6278
ord1207
ord5230
ord4568
ord3948
ord2248
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord635
ord3207
ord4265
ord4486
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2862
ord2714
ord4307
ord2835
ord2731
ord2537
ord5200
ord1599
ord1655
ord1656
ord1964
ord5165
ord1362
ord4967
ord3345
ord6277
ord3802
ord6279
ord1522
ord2172
ord2178
ord2405
ord2387
ord2385
ord2408
ord2413
ord2394
ord2410
ord934
ord930
ord932
ord928
ord923
ord3801
ord5960
ord1600
ord4277
ord4722
ord3403
ord1306
ord2173
ord5205
ord4185
ord6275
ord5073
ord1908
ord5148
ord4244
ord1402
ord3945
ord1617
ord1620
ord5915
ord4019
ord2424
ord2425
ord2992
ord5356
ord943
ord4904
ord2939
ord4135
ord4309
ord5012
ord5009
ord2615
ord1913
ord2246
ord4299
ord4799
ord1160
ord1557
ord2372
ord1084
ord3648

urlmon

URLDownloadToFileA

iphlpapi

GetAdaptersInfo

wininet

HttpSendRequestA
HttpOpenRequestA
InternetConnectA
HttpQueryInfoA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile
InternetOpenA

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

505d8945178bbc178f731f3ed7e2571c

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

34:11:c5:0a:8e:92:1d:c1:af:43:2c:f0:12:a1:5e:d0Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

14:23:a1:f7:29:30:5e:7d:dc:d6:93:68:6e:fc:00:21:38:d9:df:e5Signer

Headers

File Characteristics

Imports

version

kernel32

user32

advapi32

ole32

shell32

oleaut32

msvcp71

msvcr71

mfc71

urlmon

iphlpapi

wininet

Sections

.text Size: 92KB - Virtual size: 89KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 1KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

34:11:c5:0a:8e:92:1d:c1:af:43:2c:f0:12:a1:5e:d0
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

14:23:a1:f7:29:30:5e:7d:dc:d6:93:68:6e:fc:00:21:38:d9:df:e5
Signer

.text
Size: 92KB - Virtual size: 89KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 1KB