529c119d77f942f4b40478de71153b31_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

529c119d77f942f4b40478de71153b31_JaffaCakes118
Size

6.2MB
MD5

529c119d77f942f4b40478de71153b31
SHA1

7fe9ef6b3697370597a051cfd9e3f1fbd495b6f2
SHA256

50b817a59adb7320afe3d3ee6889b95ae1f93f097b04ad80970e4814cdfd0009
SHA512

c20934a25de5cf118a622f26fe910a4c122493cb1a3fbfed89ab9e7fdda77e006e3acf10c10c41072c43819205bd4fafed86e395c94f1f7b1572b6b65914fb5d
SSDEEP

98304:Bzyhh5OoQGVSreXLqdxygFEJbrTv6qk6d6CgRThIdby7vryufkFTmaSn:BzytBQte58EJb+CQTC47TyufYjSn

Score

1^/10

Malware Config

Signatures

Files

529c119d77f942f4b40478de71153b31_JaffaCakes118
.exe windows:5 windows x86 arch:x86

49da4add8ea2d707f843a9ce9072b69b

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b7:0d:7d:c8:99:48:fc:4e:5e:bf:4f:9b:bf:65:26
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

07-04-2010 00:00

Not After

30-04-2012 23:59

Subject

CN=Turning Technologies\, LLC,O=Turning Technologies\, LLC,L=Youngstown,ST=Ohio,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\CodeBases_Majesty_Hotfixes\isdev\src\Runtime\MSI\Shared\Setup\Setup___Win32_Release_Unicode\setup.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

comctl32

ord17

kernel32

FindResourceW
GlobalUnlock
GlobalLock
GlobalFree
GetTickCount
GetExitCodeThread
CreateThread
CopyFileW
InterlockedIncrement
GetVersionExW
CompareStringA
CompareStringW
CreateEventW
InterlockedDecrement
QueryPerformanceFrequency
lstrcatW
GetTempFileNameW
LoadLibraryW
FreeLibrary
GetProcAddress
GetSystemDefaultLangID
GetUserDefaultLangID
lstrcmpW
lstrcmpiW
VerLanguageNameW
FindClose
FindNextFileW
CompareFileTime
FindFirstFileW
MoveFileW
GetPrivateProfileStringW
CreateDirectoryW
SetFileAttributesW
GetSystemTimeAsFileTime
LocalFree
FormatMessageW
GetSystemInfo
MulDiv
RaiseException
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
GetModuleHandleW
GetVersion
GetLocalTime
IsValidLocale
GetFileAttributesW
GetCommandLineW
lstrcmpiA
SetEndOfFile
lstrcpyA
VirtualQuery
IsBadReadPtr
FlushFileBuffers
GetDriveTypeW
GetLocaleInfoW
GetCurrentThread
GetDiskFreeSpaceW
GetExitCodeProcess
GetModuleFileNameW
InterlockedExchange
LoadLibraryA
LoadResource
SetStdHandle
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
LCMapStringA
InitializeCriticalSectionAndSpinCount
SetThreadContext
GetStringTypeW
GetStringTypeA
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapDestroy
HeapCreate
HeapReAlloc
VirtualAlloc
VirtualFree
FatalAppExitA
GetModuleHandleA
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetCurrentThreadId
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
lstrcpynA
lstrcmpA
lstrlenW
SearchPathW
VirtualProtect
SystemTimeToFileTime
QueryPerformanceCounter
SetEvent
ResetEvent
GetCurrentProcessId
GetDateFormatW
GetTimeFormatW
GetCurrentDirectoryW
FindResourceExW
TerminateProcess
OpenProcess
GetProcessTimes
lstrcpynW
GetProcessHeap
HeapAlloc
SizeofResource
GlobalAlloc
LockResource
ExpandEnvironmentStringsW
GetTempPathW
SetErrorMode
GetWindowsDirectoryW
lstrcpyW
GetSystemDirectoryW
SetCurrentDirectoryW
CreateProcessW
WaitForSingleObject
DeleteFileW
RemoveDirectoryW
Sleep
ExitProcess
GetCurrentProcess
DuplicateHandle
GetThreadContext
VirtualProtectEx
WriteProcessMemory
FlushInstructionCache
HeapFree
WriteFile
ReadFile
SetFilePointer
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CloseHandle
lstrlenA
GetLastError
SetLastError
SetConsoleCtrlHandler
ResumeThread
SetEnvironmentVariableA
CreateFileA
WriteConsoleW
LocalAlloc
WriteConsoleA
GetConsoleOutputCP

user32

wvsprintfW
CharUpperW
ExitWindowsEx
SendDlgItemMessageW
CharPrevW
LoadImageW
CreateDialogParamW
MoveWindow
SetCursor
GetDlgItemTextW
GetWindow
SetFocus
EnableWindow
SetDlgItemTextW
SetForegroundWindow
SetActiveWindow
GetDlgCtrlID
GetDC
GetSysColor
GetSysColorBrush
SendMessageW
IsDialogMessageW
GetWindowRect
GetSystemMetrics
SetRect
FindWindowW
IntersectRect
SubtractRect
IsWindow
DestroyWindow
CreateDialogIndirectParamW
CharNextW
MessageBoxW
WaitForInputIdle
GetWindowLongW
SetWindowLongW
GetClientRect
ClientToScreen
SetWindowPos
GetWindowDC
ReleaseDC
EndPaint
BeginPaint
EndDialog
SetWindowTextW
GetDlgItem
ShowWindow
DialogBoxIndirectParamW
GetDesktopWindow
MsgWaitForMultipleObjects
PeekMessageW
wsprintfW
LoadIconW
LoadCursorW
RegisterClassW
CreateWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
PostMessageW
KillTimer
PostQuitMessage
SetTimer
FillRect

gdi32

GetDIBColorTable
GetSystemPaletteEntries
CreatePalette
CreateHalftonePalette
UnrealizeObject
SelectPalette
RealizePalette
CreateFontW
SetBkMode
SetTextColor
GetObjectW
GetDeviceCaps
CreateFontIndirectW
CreateSolidBrush
CreateCompatibleDC
SelectObject
BitBlt
CreateDIBitmap
DeleteDC
DeleteObject
GetStockObject
TranslateCharsetInfo

advapi32

RegEnumKeyW
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegOpenKeyW
RegCreateKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteExW
ShellExecuteW
CommandLineToArgvW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CLSIDFromProgID
CoInitialize
CoCreateGuid
CreateItemMoniker
GetRunningObjectTable
StringFromGUID2
ProgIDFromCLSID
CoUninitialize
CoInitializeSecurity
CoCreateInstance

oleaut32

VariantClear
VarBstrFromDate
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VarBstrCat
GetErrorInfo
VarUI4FromStr
SystemTimeToVariantTime
CreateErrorInfo
SysStringLen
SysReAllocStringLen
LoadTypeLi
RegisterTypeLi
SetErrorInfo
VariantChangeType
SysFreeString
SysAllocStringLen

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW
UuidFromStringW

Sections

.text
Size: 684KB - Virtual size: 683KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 557KB - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49da4add8ea2d707f843a9ce9072b69b

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

b7:0d:7d:c8:99:48:fc:4e:5e:bf:4f:9b:bf:65:26Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

rpcrt4

Sections

.text Size: 684KB - Virtual size: 683KB

.rdata Size: 163KB - Virtual size: 162KB

.data Size: 10KB - Virtual size: 33KB

.rsrc Size: 557KB - Virtual size: 556KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

b7:0d:7d:c8:99:48:fc:4e:5e:bf:4f:9b:bf:65:26
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

.text
Size: 684KB - Virtual size: 683KB

.rdata
Size: 163KB - Virtual size: 162KB

.data
Size: 10KB - Virtual size: 33KB

.rsrc
Size: 557KB - Virtual size: 556KB