4138c9251d0e80043047a50b1f30fce1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4138c9251d0e80043047a50b1f30fce1_JaffaCakes118
Size

457KB
MD5

4138c9251d0e80043047a50b1f30fce1
SHA1

34888d65250756f8d5c8f323a23c0224a1a699d1
SHA256

369dbb844e1d3723f238b13800b0b7cb0e12baa5d8839d0414262d91f08da715
SHA512

8c30a4bb5461faaaf28774d5495e1d8fe3d0e8317f33e6cf27fdbf3f2ced20644545087386d1bd0e79f4ba768a6df522c96be093ca11ae5e77bcbb2f23dfbb3c
SSDEEP

6144:NJZjgfgc4NWkKqPChXHIvzRXGQOJkyw3LK5KkZxh4c7lbN/N6Ns:NJZUt4QFRIvztTOJkRLK5RZxic7lbNT

Score

1^/10

Malware Config

Signatures

Files

4138c9251d0e80043047a50b1f30fce1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

84038263cf4375fa0942913965bd3db8

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:3b:f8:85:49:64:12:20:7e:cb:70:ac:fa:c6:75:5b
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

24/11/2006, 00:00

Not After

23/11/2008, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=Secure Application Development,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetFileAttributesA
Process32Next
Module32Next
GetFileAttributesExA
Module32First
Process32First
CreateToolhelp32Snapshot
FreeResource
SizeofResource
LockResource
WritePrivateProfileStringA
GetTempFileNameA
LoadResource
FindResourceA
LoadLibraryW
GetLastError
LocalFree
LocalAlloc
CreateFileW
DeleteFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
InterlockedIncrement
CreateEventA
GetWindowsDirectoryA
CreateFileA
ReadFile
WriteFile
GetProcAddress
MoveFileExA
SetFileAttributesA
GetTickCount
CreateProcessA
CloseHandle
lstrlenA
GetTempPathA
GetCurrentProcess
FlushInstructionCache
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
GetModuleHandleA
SetUnhandledExceptionFilter
GetCommandLineA
InterlockedDecrement
EnterCriticalSection
GetCurrentThreadId
GetStartupInfoA
VirtualProtect
SetLastError
DeviceIoControl
ExpandEnvironmentStringsA
GetLongPathNameW
lstrlenW
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
LoadLibraryExA
GetLongPathNameA
OutputDebugStringA
DebugBreak
WaitForSingleObject
GetModuleFileNameA
SetEvent
CopyFileA
CreateDirectoryA
GetVolumeInformationA
GetLogicalDrives
GetDriveTypeA
LoadLibraryExW
MultiByteToWideChar
LeaveCriticalSection
GetEnvironmentVariableA
FindFirstFileA
GetShortPathNameA
MoveFileA
FindNextFileA
RemoveDirectoryA
OpenProcess
HeapFree
HeapAlloc
GetProcessHeap
FreeLibrary
TerminateProcess
WideCharToMultiByte
ReadProcessMemory
lstrcmpiA
GetSystemDirectoryA
SetFilePointer
GetFileSize
SearchPathW
Sleep
DuplicateHandle
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateThread
GetCurrentProcessId
GetVersionExA
FindClose

user32

LoadStringA
CreateDialogParamA
ShowWindow
PeekMessageA
GetMessageA
TranslateMessage
MessageBoxA
GetActiveWindow
DestroyWindow
IsDialogMessageA
SetWindowLongA
GetWindowTextLengthA
DispatchMessageA
CharNextA
wvsprintfA
EndDialog
SetDlgItemTextA
DialogBoxParamA
PostMessageA
BeginPaint
ScreenToClient
DrawTextA
EndPaint
PostQuitMessage
GetWindowLongA
GetWindowThreadProcessId
FindWindowA
FindWindowExA
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetSystemMetrics
LoadImageA
SendMessageA
SetWindowTextA
GetDlgItem
EnableWindow
DefWindowProcA

gdi32

SelectObject
SetBkMode
SetTextColor
GetStockObject

shell32

ShellExecuteA
SHGetSpecialFolderPathA
CommandLineToArgvW
SHGetFolderPathA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

comctl32

InitCommonControlsEx

msvcrt

_mbstok
_mbsicmp
_mbslwr
tolower
_CxxThrowException
_mbschr
_mbsnbicmp
sscanf
mbstowcs
_stricmp
_mbsnbcpy
malloc
memcpy
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__dllonexit
_onexit
??1type_info@@UAE@XZ
_controlfp
_mbsnbcmp
_strlwr
fputs
strrchr
_vsnprintf
fopen
rewind
fgets
_strnicmp
fseek
fprintf
fclose
_osver
_except_handler3
_snprintf
atoi
_ismbcdigit
wcslen
_beginthread
_purecall
_mbsrchr
sprintf
strstr
??2@YAPAXI@Z
memmove
realloc
setlocale
_mbsstr
free
__CxxFrameHandler
_mbscmp

shlwapi

SHGetValueA
PathFileExistsA
PathCombineA
StrStrIA
SHDeleteKeyA
wnsprintfA
StrChrW
StrStrIW
SHSetValueA
SHDeleteValueA
PathAppendA
PathIsDirectoryA
StrCmpNIA

urlmon

URLDownloadToFileA

wininet

HttpOpenRequestA
InternetCloseHandle
HttpSendRequestA
InternetOpenA
InternetConnectA

psapi

GetModuleInformation

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

advapi32

SetNamedSecurityInfoA
RegCloseKey
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CloseServiceHandle
ControlService
ChangeServiceConfigA
OpenServiceA
OpenSCManagerA
RegEnumValueA
RegQueryValueExA
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
RegDeleteValueA
RegEnumKeyExA
RegCreateKeyExA
RegEnumKeyA
DeleteAce
GetExplicitEntriesFromAclA
GetUserNameA

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 376KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

84038263cf4375fa0942913965bd3db8

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

61:3b:f8:85:49:64:12:20:7e:cb:70:ac:fa:c6:75:5bCertificate

Extended Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

comctl32

msvcrt

shlwapi

urlmon

wininet

psapi

version

advapi32

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 20KB - Virtual size: 20KB

.rsrc Size: 376KB - Virtual size: 376KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

61:3b:f8:85:49:64:12:20:7e:cb:70:ac:fa:c6:75:5b
Certificate

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 376KB - Virtual size: 376KB