54552ab73bc0406e49834d23fa7edb63_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

54552ab73bc0406e49834d23fa7edb63_JaffaCakes118
Size

222KB
MD5

54552ab73bc0406e49834d23fa7edb63
SHA1

825d9f44753f0d2a2a18cf680a4f908cab85dc5d
SHA256

1d59540b5ecb15d208625e7bb18396a467394df7419d9b50fd9db2d8f6647680
SHA512

a23be97e2254c7f6222efe5ba32377a8cbb96a4e181a67d5b29bd3ac9dc9afbaabbbf00fd5d2389d9eac750a9a217fa26caee7326fcb24dd60d0b4c1883e66f0
SSDEEP

3072:umWGnCiuEo7jnji4OJSa3UypyP4XCiJnim36ZqHQoG3eJPtvgpTeb7:N8pEonnm4qSafpe44mqgzGOcpa

Score

1^/10

Malware Config

Signatures

Files

54552ab73bc0406e49834d23fa7edb63_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0a6d8f294725da2779fb05e3ce8074eb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:69:b2:18:a1:22:41:2e:6d:5c:c3:23:0c:1e:c9:c2
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/02/2013, 00:00

Not After

26/04/2015, 23:59

Subject

CN=nbiz Ltd.,O=nbiz Ltd.,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessVersion
GetCPInfo
GetOEMCP
GetTickCount
RtlUnwind
HeapFree
HeapAlloc
GetTimeZoneInformation
GetStartupInfoA
GetCommandLineA
ExitProcess
RaiseException
SetStdHandle
GetFileType
GetACP
HeapReAlloc
HeapSize
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WritePrivateProfileStringA
IsBadWritePtr
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalFlags
GetProfileStringA
FileTimeToLocalFileTime
FileTimeToSystemTime
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
SetErrorMode
GetFileTime
MulDiv
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpA
GetCurrentThreadId
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
EnterCriticalSection
lstrcmpiA
GetThreadLocale
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
FormatMessageA
LocalFree
InterlockedDecrement
InterlockedIncrement
Sleep
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FindResourceA
SizeofResource
LoadResource
LockResource
GetFileSize
ReadFile
GetModuleHandleA
DuplicateHandle
GetLastError
SetLastError
OpenProcess
TerminateProcess
WaitForSingleObject
CreateToolhelp32Snapshot
Process32First
Process32Next
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileA
lstrlenA
WriteFile
CloseHandle
CreateProcessA
FindFirstFileA
DeleteFileA
RemoveDirectoryA
FindNextFileA
FindClose
GetModuleFileNameA
GetEnvironmentVariableA
lstrcpyA
lstrcatA
GetCurrentProcess
GetCurrentThread
MultiByteToWideChar
GetFileAttributesA
VirtualAlloc

user32

UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
MapDialogRect
SetWindowPos
SetWindowContextHelpId
CopyRect
GetDC
ReleaseDC
MessageBeep
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetActiveWindow
CallNextHookEx
ValidateRect
IsWindowVisible
GetCursorPos
SetWindowsHookExA
wsprintfA
SendMessageA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
PostQuitMessage
PostMessageA
GetDesktopWindow
CharUpperA
EnableWindow
IsIconic
GetClientRect
DrawIcon
LoadIconA
GetClassNameA
GetWindowLongA
PostThreadMessageA
RegisterClipboardFormatA
InvalidateRect
GetWindowRect
GetParent
GetWindow
GetSystemMetrics
IsDialogMessageA
GetMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
DefDlgProcA
IsWindowUnicode
GetNextDlgGroupItem
SetRect
CopyAcceleratorTableA
CharNextA
InflateRect
GetSysColorBrush
PtInRect
LoadCursorA
LoadStringA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ShowWindow
MoveWindow
SetWindowTextA
SetDlgItemTextA
GetKeyState
DestroyMenu
EndDialog
ClientToScreen

gdi32

IntersectClipRect
DeleteObject
ScaleWindowExtEx
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetMapMode
DPtoLP
GetTextColor
GetBkColor
LPtoDP
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
PatBlt
GetDeviceCaps
CreateDIBitmap
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegOpenKeyA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

comctl32

ord17

oledlg

ord8

ole32

CreateILockBytesOnHGlobal
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoFreeUnusedLibraries
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoTaskMemFree
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID

olepro32

ord253

oleaut32

VariantTimeToSystemTime
SysAllocStringLen
SysFreeString
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen
SysStringLen
VariantClear

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a6d8f294725da2779fb05e3ce8074eb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

41:69:b2:18:a1:22:41:2e:6d:5c:c3:23:0c:1e:c9:c2Certificate

Extended Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

Sections

.text Size: 144KB - Virtual size: 141KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 20KB - Virtual size: 34KB

.rsrc Size: 12KB - Virtual size: 10KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

41:69:b2:18:a1:22:41:2e:6d:5c:c3:23:0c:1e:c9:c2
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

.text
Size: 144KB - Virtual size: 141KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 20KB - Virtual size: 34KB

.rsrc
Size: 12KB - Virtual size: 10KB