42caecc1f8113f2732947845801fa26a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

42caecc1f8113f2732947845801fa26a_JaffaCakes118
Size

1.5MB
MD5

42caecc1f8113f2732947845801fa26a
SHA1

4adff6a99bf383593f744c36680fe31c06cbc394
SHA256

4c707c3c6f85d9f4d4d595c2902898d68edc57e3ec2121780ad6c0ada99bbff3
SHA512

70c0e26087e38bce0bbf458c3952ca5c55a43f95b9af98c5eaf10b13174f5feb3ae9c2d3d32e914d5258a9ca13d4bb90aac4572e3b31c97ca99da87f7798bbee
SSDEEP

24576:R7TKP6fQq2eczm0Q6/Tk65vt1OnF7ZXmALyhMnCGeKGnwnZzK0l5tT0uTXkuG931:5ATe0+Xhy6CG285l5WuTUR3m8Iy

Score

1^/10

Malware Config

Signatures

Files

42caecc1f8113f2732947845801fa26a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4166e3094eacd419f88fd0168bd24203

Code Sign

07:1b:86:4f:59:b4:a7:39:32:76:e5:7c:53:09:2b:a6
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03/09/2013, 00:00

Not After

08/09/2014, 12:00

Subject

CN=InstallX\, LLC,O=InstallX\, LLC,L=Sartell,ST=Minnesota,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fe:f7:46:33:7b:c5:ed:52:ab:80:9e:4b:08:f7:06:9d:bd:8e:f6:01
Signer

Actual PE Digest

fe:f7:46:33:7b:c5:ed:52:ab:80:9e:4b:08:f7:06:9d:bd:8e:f6:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\winapps\Windows\MAIN\Installer.QuickStart.Application\ReleaseNoMFC\quickstart.pdb

Imports

comctl32

ImageList_Create
InitCommonControlsEx
ImageList_Add

kernel32

MultiByteToWideChar
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
GetTickCount
CloseHandle
Sleep
GetCurrentThreadId
SetUnhandledExceptionFilter
ReleaseMutex
RtlCaptureStackBackTrace
CreateMutexA
WaitForSingleObject
SizeofResource
InitializeCriticalSectionAndSpinCount
GetTempPathA
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
OutputDebugStringW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
UnhandledExceptionFilter
GetStringTypeW
GetModuleFileNameW
GetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
InterlockedIncrement
SetLastError
RtlUnwind
LoadLibraryExW
ExitThread
CreateThread
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleExW
ExitProcess
InterlockedDecrement
DecodePointer
EncodePointer
HeapSize
HeapReAlloc
HeapDestroy
AreFileApisANSI
DeleteFileW
DeleteCriticalSection
WideCharToMultiByte
RaiseException
FormatMessageA
GetModuleHandleA
LocalAlloc
lstrlenA
LocalFree
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
GetSystemTime
GetTempFileNameA
DeleteFileA
RemoveDirectoryA
SetFileAttributesA
CopyFileA
GetFileAttributesA
GetModuleFileNameA
GetCurrentDirectoryA
GetFullPathNameA
GetLongPathNameA
GetVersionExA
GetSystemInfo
GetCurrentProcess
GetWindowsDirectoryA
GetSystemDirectoryA
ExpandEnvironmentStringsA
HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryA
GetProcAddress
FreeLibrary
GetTimeZoneInformation
CreateFileA
OpenProcess
GetExitCodeProcess
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
LoadLibraryExA
FindResourceExA
GetFileSize
ReadFile
WriteFile
SetFilePointer
CreateProcessA
CreateToolhelp32Snapshot
Process32First
Process32Next
TerminateProcess
Module32First
Module32Next
GetCurrentProcessId
CreateEventA
WaitForSingleObjectEx
ResetEvent
SetEvent
GetUserDefaultUILanguage
VirtualQuery
GetCurrentThread
GetFullPathNameW
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
UnlockFileEx
GetSystemTimeAsFileTime
InitializeCriticalSection
LoadLibraryW
FormatMessageW
LeaveCriticalSection
GetFileAttributesW
CreateFileW
FlushFileBuffers
GetTempPathW
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
CreateFileMappingA
GetDiskFreeSpaceA
GetFileAttributesExW

user32

SetWindowLongA
GetWindowLongA
PostMessageA
GetWindowTextLengthA
GetWindowTextA
ScreenToClient
SetWindowTextA
IsWindow
ClientToScreen
SetWindowPos
MessageBoxA
SetTimer
DestroyWindow
SetForegroundWindow
EnableWindow
KillTimer
GetParent
SetParent
GetWindowRect
SendMessageA
ShowWindow
UpdateWindow
GetSystemMetrics
GetShellWindow
GetWindowThreadProcessId
LoadStringA
EnumWindows
IsWindowEnabled
FindWindowExA
GetClassNameA
EnumChildWindows
FindWindowA
GetDesktopWindow
SetCursor
LoadCursorA
ReleaseCapture
GetKeyboardState
CreatePopupMenu
DestroyMenu
AppendMenuA
TrackPopupMenu
CreateWindowExA
GetClassInfoExA
RegisterClassExA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
CallWindowProcA
DefWindowProcA
LoadBitmapA
LoadImageA
DialogBoxParamA
CreateDialogParamA
EndDialog
GetDlgItem
SendMessageW
CopyRect
InflateRect
FrameRect
BeginPaint
EndPaint
MessageBoxExA
WaitForInputIdle
PostQuitMessage
LoadAcceleratorsA
SetDlgItemTextA
GetCursorPos
OffsetRect
SystemParametersInfoA
AdjustWindowRectEx
SetClassLongA
LoadIconA
IsIconic
GetFocus
SetFocus
IsWindowVisible
InvalidateRgn
InvalidateRect
MoveWindow
GetClientRect

shell32

Shell_NotifyIconA
ShellExecuteExA
SHGetSpecialFolderPathA

ole32

CoCreateGuid
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
OleUninitialize
CoInitializeSecurity
OleInitialize
StringFromGUID2

oleaut32

VariantClear
SafeArrayDestroy
SafeArrayUnaccessData
VariantChangeType
SysFreeString
SysAllocStringLen
SysAllocString
VariantInit
SafeArrayCreateVector
SafeArrayAccessData
SysStringLen

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

userenv

ExpandEnvironmentStringsForUserA

psapi

EnumProcesses
GetModuleFileNameExA

wininet

InternetReadFileExA
InternetSetOptionA
InternetErrorDlg
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetCombineUrlA
InternetGetCookieA
InternetSetCookieA
FindCloseUrlCache
InternetCloseHandle
InternetOpenA
InternetSetStatusCallback
HttpQueryInfoA
InternetConnectA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA

shlwapi

SHDeleteEmptyKeyA
PathIsDirectoryEmptyA
PathRemoveFileSpecA
UrlEscapeA
PathStripPathA
PathCombineA
PathFindExtensionA
PathRenameExtensionA

gdiplus

GdipDeleteGraphics
GdipCreateFromHDC
GdipSetCompositingMode

urlmon

IsValidURL

gdi32

PatBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
SetWindowOrgEx
BitBlt
DeleteDC
SelectObject
GetStockObject
GetObjectA

advapi32

ImpersonateLoggedOnUser
RegQueryInfoKeyA
RegEnumKeyExA
RevertToSelf
OpenProcessToken
GetTokenInformation
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
SetTokenInformation
LookupPrivilegeValueA
DuplicateTokenEx
GetLengthSid
AdjustTokenPrivileges
RegOpenCurrentUser
RegOpenUserClassesRoot
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-qu
Size: 263KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-ti
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 512B - Virtual size: 59B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-qu
Size: 512B - Virtual size: 45B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-ti
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4166e3094eacd419f88fd0168bd24203

Code Sign

07:1b:86:4f:59:b4:a7:39:32:76:e5:7c:53:09:2b:a6Certificate

Extended Key Usages

Key Usages

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1Certificate

Extended Key Usages

Key Usages

fe:f7:46:33:7b:c5:ed:52:ab:80:9e:4b:08:f7:06:9d:bd:8e:f6:01Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

shell32

ole32

oleaut32

version

userenv

psapi

wininet

shlwapi

gdiplus

urlmon

gdi32

advapi32

Sections

.text Size: 145KB - Virtual size: 145KB

.text-qu Size: 263KB - Virtual size: 262KB

.text-co Size: 83KB - Virtual size: 83KB

.text-co Size: 50KB - Virtual size: 49KB

.text-co Size: 21KB - Virtual size: 21KB

.text-co Size: 11KB - Virtual size: 11KB

.text-co Size: 10KB - Virtual size: 9KB

.text-co Size: 257KB - Virtual size: 257KB

.text-ti Size: 42KB - Virtual size: 42KB

.text-co Size: 11KB - Virtual size: 11KB

.text-co Size: 512B - Virtual size: 59B

.text-co Size: 12KB - Virtual size: 12KB

.rdata Size: 207KB - Virtual size: 207KB

.data Size: 13KB - Virtual size: 22KB

.data-qu Size: 512B - Virtual size: 45B

.data-co Size: 512B - Virtual size: 172B

.data-co Size: 512B - Virtual size: 56B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 3KB - Virtual size: 2KB

.data-ti Size: 1KB - Virtual size: 1KB

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 4B

.data-co Size: 512B - Virtual size: 40B

.rsrc Size: 397KB - Virtual size: 397KB

07:1b:86:4f:59:b4:a7:39:32:76:e5:7c:53:09:2b:a6
Certificate

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1
Certificate

fe:f7:46:33:7b:c5:ed:52:ab:80:9e:4b:08:f7:06:9d:bd:8e:f6:01
Signer

.text
Size: 145KB - Virtual size: 145KB

.text-qu
Size: 263KB - Virtual size: 262KB

.text-co
Size: 83KB - Virtual size: 83KB

.text-co
Size: 50KB - Virtual size: 49KB

.text-co
Size: 21KB - Virtual size: 21KB

.text-co
Size: 11KB - Virtual size: 11KB

.text-co
Size: 10KB - Virtual size: 9KB

.text-co
Size: 257KB - Virtual size: 257KB

.text-ti
Size: 42KB - Virtual size: 42KB

.text-co
Size: 11KB - Virtual size: 11KB

.text-co
Size: 512B - Virtual size: 59B

.text-co
Size: 12KB - Virtual size: 12KB

.rdata
Size: 207KB - Virtual size: 207KB

.data
Size: 13KB - Virtual size: 22KB

.data-qu
Size: 512B - Virtual size: 45B

.data-co
Size: 512B - Virtual size: 172B

.data-co
Size: 512B - Virtual size: 56B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 3KB - Virtual size: 2KB

.data-ti
Size: 1KB - Virtual size: 1KB

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 4B

.data-co
Size: 512B - Virtual size: 40B

.rsrc
Size: 397KB - Virtual size: 397KB