45cc6c57c8aef4d1e7458e95bdf2537c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

45cc6c57c8aef4d1e7458e95bdf2537c_JaffaCakes118
Size

431KB
MD5

45cc6c57c8aef4d1e7458e95bdf2537c
SHA1

176c72057f4eb79f59e5f33b757ac81cdd2461e9
SHA256

ed985a8621d95eec5324d0292e358e597a24012882d5f5ddc9bd62ddc24c383f
SHA512

0977e76edfcff06dc88eb87c631ab6e763afdad46bdc818a005d143d12a778fc5a11caab416519e6376b097f027f3ee4546f72b2e6cae6ceb4a03d17e6a803b7
SSDEEP

12288:y9CWI2w7Q3ak0pQR7stAJsrjrgegze9PkqhA:yfI2UQM0stAJsP0egze9sqq

Score

1^/10

Malware Config

Signatures

Files

45cc6c57c8aef4d1e7458e95bdf2537c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d54c647cca78e61062459859faa289b9

Code Sign

6a:5d:73:f2:62:c3:8b:bd:45:78:ab:6a:d7:13:31:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/06/2011, 00:00

Not After

01/07/2013, 23:59

Subject

CN=W3i\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=W3i\, LLC,L=Sartell,ST=Minnesota,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a1:8f:94:d6:a4:91:7a:2e:41:e1:47:56:31:43:e4:87:69:77:f1:4c
Signer

Actual PE Digest

a1:8f:94:d6:a4:91:7a:2e:41:e1:47:56:31:43:e4:87:69:77:f1:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tfs.vs2k10\nonelevated\windows\main\Installer.FreezeWrapStub.Application\ReleaseNoMFC\FreezeWrapStub.pdb

Imports

comctl32

InitCommonControlsEx

kernel32

GetTickCount
CreateMutexA
ReleaseMutex
Sleep
GetLastError
SetFileAttributesA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
FindResourceExA
RaiseException
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
RtlUnwind
CompareStringA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
ExitProcess
VirtualAlloc
VirtualFree
HeapCreate
LCMapStringW
LCMapStringA
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetDateFormatA
GetTimeFormatA
CreateThread
ExitThread
GetStartupInfoA
GetCommandLineA
HeapSize
HeapReAlloc
HeapDestroy
DeleteCriticalSection
FormatMessageA
GetModuleHandleA
LocalAlloc
lstrlenA
LocalFree
BeginUpdateResourceA
HeapAlloc
GetProcessHeap
UpdateResourceA
HeapFree
EndUpdateResourceA
LoadLibraryA
EnumResourceNamesA
EnumResourceLanguagesA
FreeLibrary
LoadLibraryExA
GetUserDefaultUILanguage
GetLocalTime
GetCurrentThreadId
GetPrivateProfileStringA
GetPrivateProfileIntA
MultiByteToWideChar
GetCurrentProcess
WaitForSingleObject
OpenProcess
GetExitCodeProcess
GetProcAddress
CloseHandle
GetTempPathA
GetVersionExA
GetSystemInfo
GetWindowsDirectoryA
GetSystemDirectoryA
ExpandEnvironmentStringsA
CreateEventA
WaitForSingleObjectEx
ResetEvent
SetEvent
CreateProcessA
CreateToolhelp32Snapshot
Process32First
Process32Next
TerminateProcess
Module32First
Module32Next
GetCurrentProcessId
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
GetSystemTime
DeleteFileA
RemoveDirectoryA
CopyFileA
GetFileAttributesA
MoveFileA
GetModuleFileNameA
GetLongPathNameA
CreateFileA
GetFileSize
ReadFile
WriteFile
SetFilePointer
SystemTimeToFileTime
FileTimeToSystemTime
GetTimeZoneInformation
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection

user32

DestroyWindow
IsWindow
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
UpdateWindow
SetForegroundWindow
SetWindowLongA
ShowWindow
EnableWindow
GetWindowLongA
PostMessageA
SendMessageA
DefWindowProcA
CallWindowProcA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
RegisterClassExA
GetClassInfoExA
CreateWindowExA
LoadCursorA
SendMessageW
GetDlgItem
EndDialog
CreateDialogParamA
DialogBoxParamA
LoadIconA
PostQuitMessage
WaitForInputIdle
MessageBoxExA
LoadStringA
GetShellWindow
GetWindowThreadProcessId
GetSystemMetrics
SystemParametersInfoA
EnumWindows
IsWindowEnabled
FindWindowExA
GetClassNameA
EnumChildWindows
FindWindowA
GetDesktopWindow
GetDlgCtrlID
GetSysColor
GetSysColorBrush
LoadAcceleratorsA
SetDlgItemTextA
IsIconic
GetFocus
SetFocus
IsWindowVisible
InvalidateRgn
InvalidateRect
MoveWindow
GetClientRect
GetWindowRect
KillTimer
SetTimer
MessageBoxA
SetWindowPos
ClientToScreen
ScreenToClient

ole32

CoTaskMemAlloc
OleInitialize
OleUninitialize
StringFromGUID2
CoCreateGuid
CoCreateInstance

oleaut32

SysAllocStringLen
SysAllocString
VariantInit
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VariantClear
VariantChangeType
SysFreeString

userenv

ExpandEnvironmentStringsForUserA

psapi

GetModuleFileNameExA
EnumProcesses

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wininet

InternetErrorDlg
HttpQueryInfoA
InternetCrackUrlA
InternetCombineUrlA
InternetGetCookieA
InternetSetCookieA
InternetCloseHandle
HttpSendRequestA
HttpAddRequestHeadersA
InternetReadFileExA
HttpOpenRequestA
InternetConnectA
InternetSetOptionA
InternetSetStatusCallback
InternetOpenA

shlwapi

PathCombineA
UrlEscapeA
PathStripPathA
PathRenameExtensionA
PathRemoveFileSpecA
SHDeleteEmptyKeyA

gdi32

SetBkColor

advapi32

ImpersonateLoggedOnUser
RegCloseKey
RevertToSelf
CreateProcessAsUserA
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
SetTokenInformation
LookupPrivilegeValueA
DuplicateTokenEx
RegCreateKeyExA
GetLengthSid
AdjustTokenPrivileges
RegOpenCurrentUser
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegOpenUserClassesRoot

shell32

SHGetSpecialFolderPathA
ShellExecuteExA

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-ti
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 512B - Virtual size: 439B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-ti
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d54c647cca78e61062459859faa289b9

Code Sign

6a:5d:73:f2:62:c3:8b:bd:45:78:ab:6a:d7:13:31:8dCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

a1:8f:94:d6:a4:91:7a:2e:41:e1:47:56:31:43:e4:87:69:77:f1:4cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

ole32

oleaut32

userenv

psapi

version

wininet

shlwapi

gdi32

advapi32

shell32

Sections

.text Size: 145KB - Virtual size: 145KB

.text-co Size: 54KB - Virtual size: 54KB

.text-co Size: 16KB - Virtual size: 15KB

.text-co Size: 13KB - Virtual size: 12KB

.text-co Size: 10KB - Virtual size: 9KB

.text-ti Size: 41KB - Virtual size: 40KB

.text-co Size: 5KB - Virtual size: 5KB

.text-co Size: 4KB - Virtual size: 3KB

.text-co Size: 512B - Virtual size: 439B

.rdata Size: 77KB - Virtual size: 76KB

.data Size: 9KB - Virtual size: 16KB

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 128B

.data-co Size: 512B - Virtual size: 44B

.data-co Size: 512B - Virtual size: 48B

.data-ti Size: 1KB - Virtual size: 1KB

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 40B

.rsrc Size: 45KB - Virtual size: 44KB

6a:5d:73:f2:62:c3:8b:bd:45:78:ab:6a:d7:13:31:8d
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

a1:8f:94:d6:a4:91:7a:2e:41:e1:47:56:31:43:e4:87:69:77:f1:4c
Signer

.text
Size: 145KB - Virtual size: 145KB

.text-co
Size: 54KB - Virtual size: 54KB

.text-co
Size: 16KB - Virtual size: 15KB

.text-co
Size: 13KB - Virtual size: 12KB

.text-co
Size: 10KB - Virtual size: 9KB

.text-ti
Size: 41KB - Virtual size: 40KB

.text-co
Size: 5KB - Virtual size: 5KB

.text-co
Size: 4KB - Virtual size: 3KB

.text-co
Size: 512B - Virtual size: 439B

.rdata
Size: 77KB - Virtual size: 76KB

.data
Size: 9KB - Virtual size: 16KB

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 128B

.data-co
Size: 512B - Virtual size: 44B

.data-co
Size: 512B - Virtual size: 48B

.data-ti
Size: 1KB - Virtual size: 1KB

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 40B

.rsrc
Size: 45KB - Virtual size: 44KB