45c7fab70dc96856a3b8dd73f7172381_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

45c7fab70dc96856a3b8dd73f7172381_JaffaCakes118
Size

13.1MB
MD5

45c7fab70dc96856a3b8dd73f7172381
SHA1

16a1b64c8bb6463890317dca8f290ccc31be5405
SHA256

6d35f60409096de49a34c847b16dbb51b0fad67b4c4885a4702964d48cfb5a93
SHA512

6c34b0d43b026cb648e24a1a88051a7447120e99936327f4a37ced269ecf580ab0c22f20cd615670b3d9b9cdde170c4033dd5e0f451e37e424f0917c60665e4b
SSDEEP

49152:H8GNFC7YwBpD9vnIV43u7w9VFZnpu+2RJlieGF:cGNFCEIXIVxUFNpuBRJlieGF

Score

1^/10

Malware Config

Signatures

Files

45c7fab70dc96856a3b8dd73f7172381_JaffaCakes118
.exe windows:4 windows x86 arch:x86

46fea428a15f5be2f6d2355b635b841c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:df:80:45:7f:6f:03:c0:a2:f0:e2:59:51:35:96:93
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24-01-2007 00:00

Not After

24-01-2008 23:59

Subject

CN=2Squared Software,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=2Squared Software,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f9:30:ba:ff:02:3b:c1:3d:38:d0:53:99:51:be:f0:2e:03:13:8d:d8
Signer

Actual PE Digest

f9:30:ba:ff:02:3b:c1:3d:38:d0:53:99:51:be:f0:2e:03:13:8d:d8

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\Timothy\My Documents\WorkCode\AntiSpwareBot\trunk\release\AntiSpywareBot.pdb

Imports

kernel32

GlobalFindAtomA
GlobalGetAtomNameA
MoveFileA
GetThreadLocale
SetFilePointer
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetVolumeInformationA
GetFullPathNameA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
LocalAlloc
SetFileAttributesA
InterlockedIncrement
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetCurrentDirectoryA
GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
GetTickCount
GetTempFileNameA
RtlUnwind
VirtualProtect
VirtualAlloc
VirtualQuery
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
lstrcmpW
IsDebuggerPresent
ExitThread
GetTimeFormatA
GetDateFormatA
SetEnvironmentVariableA
SetStdHandle
GetFileType
GetSystemTimeAsFileTime
ExitProcess
RaiseException
HeapSize
GetACP
IsValidCodePage
VirtualFree
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetDriveTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLogicalDriveStringsA
lstrcatA
Module32First
Module32Next
GetSystemDirectoryA
GetLogicalDrives
GetBinaryTypeA
GetCurrentProcessId
GlobalAddAtomA
SuspendThread
SetThreadPriority
InterlockedDecrement
GetModuleFileNameW
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
SetCurrentDirectoryA
lstrcpyA
TerminateThread
SetLastError
WinExec
CreateFileA
SystemTimeToFileTime
DeleteFileA
lstrcpynA
FileTimeToLocalFileTime
GetFileAttributesA
FindNextFileA
RemoveDirectoryA
FreeLibrary
LoadLibraryA
CreateProcessA
SearchPathA
ExpandEnvironmentStringsA
LocalFree
ReadFile
FormatMessageA
FileTimeToSystemTime
GetFileTime
GetCurrentProcess
GetTempPathA
GetSystemInfo
CreateThread
FindClose
FindFirstFileA
Process32Next
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetSystemTime
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
FlushFileBuffers
WriteFile
GetVersionExA
TerminateProcess
GetLocalTime
Sleep
InitializeCriticalSection
GetModuleFileNameA
SetConsoleScreenBufferSize
GetStdHandle
LeaveCriticalSection
GetConsoleScreenBufferInfo
EnterCriticalSection
AllocConsole
DeleteCriticalSection
FreeConsole
CreateDirectoryA
GlobalFree
SetEvent
MulDiv
GlobalUnlock
GlobalLock
ResetEvent
GetWindowsDirectoryA
CreateEventA
GlobalAlloc
CloseHandle
ResumeThread
WaitForSingleObject
GetProcAddress
FreeResource
GetModuleHandleA
GetEnvironmentVariableA
lstrlenA
CompareStringW
CompareStringA
GetVersion
GetLastError
MultiByteToWideChar
InterlockedExchange
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SetUnhandledExceptionFilter
SizeofResource

user32

MessageBeep
SetCapture
CharNextA
CopyAcceleratorTableA
IsRectEmpty
InvalidateRgn
GetNextDlgGroupItem
RegisterClipboardFormatA
PostThreadMessageA
UnregisterClassA
SetWindowContextHelpId
MapDialogRect
DestroyMenu
InflateRect
RegisterWindowMessageA
WinHelpA
IsChild
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
PtInRect
DefWindowProcA
CallWindowProcA
OffsetRect
IntersectRect
GetWindowPlacement
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxA
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetActiveWindow
IsWindowVisible
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
GetKeyState
EndPaint
BeginPaint
GrayStringA
DrawTextExA
TabbedTextOutA
UnhookWindowsHookEx
GetWindowTextLengthA
GetWindowTextA
GetFocus
SetFocus
IsWindowEnabled
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GetWindow
PostQuitMessage
GetMenuState
GetMenuItemID
CopyIcon
GetCaretPos
ExitWindowsEx
LoadBitmapA
RedrawWindow
GetMenuItemCount
PeekMessageA
DispatchMessageA
TranslateMessage
GetSysColorBrush
SystemParametersInfoA
SetWindowPos
DrawTextA
GetWindowDC
ScreenToClient
ModifyMenuA
SetTimer
SendMessageA
CharUpperA
EnableWindow
PostMessageA
GetWindowRect
CopyRect
LoadMenuA
SetForegroundWindow
GetSubMenu
GetWindowLongA
SetWindowLongA
SetRect
GetCursorPos
GetDC
ReleaseDC
GetParent
HideCaret
SetWindowRgn
GetClientRect
InvalidateRect
LoadImageA
KillTimer
FillRect
LoadCursorA
GetSysColor
DestroyCursor
SetCursor
SetClassLongA
ClientToScreen
ReleaseCapture
GetCapture
WindowFromPoint
DrawEdge
DrawFocusRect
LoadIconA
IsIconic
DrawIcon
IsWindow
EqualRect
GetDesktopWindow
FindWindowA
GetSystemMetrics
TrackMouseEvent
RegisterClassA

gdi32

Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateBitmap
TextOutA
CreateRectRgnIndirect
GetTextExtentPoint32A
GetMapMode
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
PtVisible
RectVisible
GetObjectA
GetViewportExtEx
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
GetDIBits
CreateFontIndirectA
ExtTextOutA
GetTextMetricsA
SelectClipRgn
StretchBlt
SelectObject
GetDeviceCaps
DeleteDC
Rectangle
CombineRgn
DeleteObject
ExtCreateRegion
GetStockObject
CreateRectRgn
CreateSolidBrush
GetPixel
CreatePatternBrush
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetWindowExtEx

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comctl32

ord17
_TrackMouseEvent

shlwapi

SHDeleteKeyA
UrlUnescapeA
PathIsUNCA
PathStripToRootA
PathFindFileNameA
PathFindExtensionA
PathIsDirectoryA
PathFileExistsA

oledlg

ord8

ole32

CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
StgOpenStorageOnILockBytes
CoInitializeEx

oleaut32

SysAllocString
OleCreateFontIndirect
OleLoadPicture
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysFreeString
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
VariantCopy
SafeArrayDestroy

wininet

HttpOpenRequestA
InternetOpenUrlA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpQueryInfoA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetSetOptionExA
InternetQueryDataAvailable

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 716KB - Virtual size: 715KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12.2MB - Virtual size: 12.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46fea428a15f5be2f6d2355b635b841c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

0f:df:80:45:7f:6f:03:c0:a2:f0:e2:59:51:35:96:93Certificate

Extended Key Usages

Key Usages

f9:30:ba:ff:02:3b:c1:3d:38:d0:53:99:51:be:f0:2e:03:13:8d:d8Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

version

Sections

.text Size: 716KB - Virtual size: 715KB

.rdata Size: 156KB - Virtual size: 152KB

.data Size: 16KB - Virtual size: 29KB

.rsrc Size: 12.2MB - Virtual size: 12.2MB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

0f:df:80:45:7f:6f:03:c0:a2:f0:e2:59:51:35:96:93
Certificate

f9:30:ba:ff:02:3b:c1:3d:38:d0:53:99:51:be:f0:2e:03:13:8d:d8
Signer

.text
Size: 716KB - Virtual size: 715KB

.rdata
Size: 156KB - Virtual size: 152KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 12.2MB - Virtual size: 12.2MB