52b5f28f337c40c59009906c7c8ae6dd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

52b5f28f337c40c59009906c7c8ae6dd_JaffaCakes118
Size

1.5MB
MD5

52b5f28f337c40c59009906c7c8ae6dd
SHA1

1d0dcec4ed763c3c12ec759dc6fa47afdefc7ed3
SHA256

407c72f3cf3a13905d4f11cc5906836f58baddb800e0e59ff2db5fe95d869e87
SHA512

24913975b8ebf6b6ad0b330845621beec503db206c71b9b5350638a6fbd0b991910d3f695e24bfc70613584e17ce67e717ea6342a1593b06cfde58eed119bfb0
SSDEEP

12288:zCOSwJwYKWLQAm2TYRBr7GDkYRgujvOKV05klyjGih2G2OFvfvK6UaIOtbM0Gmo/:zCOpDMura6f4vKGI8/m1eC8+i0KMh

Score

1^/10

Malware Config

Signatures

Files

52b5f28f337c40c59009906c7c8ae6dd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

690db9770922b2da52bf049d612b32c8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:6d:34:42:12:06:8e:e6:cc:0e:61:0a:cd:f0:b1:3b:3e
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

09/07/2015, 15:35

Not After

09/08/2017, 16:49

Subject

CN=WinZip Computing LLC,O=WinZip Computing LLC,L=Storrs Mansfield,ST=Connecticut,C=US,1.2.840.113549.1.9.1=#0c0f68656c704077696e7a69702e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7c:4f:e6:79:a7:6d:fa:65:92:0d:a6:ec:4b:ef:b0:b9:6d:6e:91:34
Signer

Actual PE Digest

7c:4f:e6:79:a7:6d:fa:65:92:0d:a6:ec:4b:ef:b0:b9:6d:6e:91:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\UpdateNotifier\Win32\Release\WZUpdateNotifier.pdb

Imports

uxtheme

SetWindowTheme

kernel32

CreateDirectoryW
GetVersionExW
CreateSemaphoreW
GetStartupInfoW
TlsFree
TlsSetValue
TlsAlloc
SetLastError
Process32FirstW
WaitForSingleObject
CreateMutexW
Sleep
LockResource
SizeofResource
LoadResource
FindResourceW
FindResourceExW
DeleteFileW
CloseHandle
GetTempPathW
CreateFileW
WriteFile
GetUserDefaultUILanguage
LocalFree
lstrlenA
SearchPathW
GetProcAddress
UnmapViewOfFile
CreateFileMappingW
VerifyVersionInfoW
SetEnvironmentVariableA
SignalObjectAndWait
SetEndOfFile
GetThreadPriority
WriteConsoleW
SetStdHandle
GetNumaHighestNodeNumber
ChangeTimerQueueTimer
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
VirtualProtect
VirtualFree
LoadLibraryW
MultiByteToWideChar
ReadFile
GetNativeSystemInfo
RegisterWaitForSingleObject
UnregisterWait
WideCharToMultiByte
CreateThread
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32NextW
GetSystemDefaultUILanguage
CreateEventW
GetModuleFileNameW
SetThreadUILanguage
EnterCriticalSection
VerSetConditionMask
LoadLibraryExW
FreeLibrary
VirtualAlloc
SetThreadPriority
SetEvent
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
SwitchToThread
OutputDebugStringW
UnhandledExceptionFilter
TlsGetValue
SetThreadAffinityMask
GetProcessAffinityMask
DeleteTimerQueueTimer
SetFilePointerEx
ReadConsoleW
GetLastError
InitializeCriticalSectionAndSpinCount
GetDateFormatW
MapViewOfFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileType
GetTimeZoneInformation
GetOEMCP
GetACP
IsValidCodePage
GetStdHandle
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
CreateProcessW
GetCurrentProcess
GetLocalTime
InitializeCriticalSection
LeaveCriticalSection
ExitThread
DeleteCriticalSection
GetModuleHandleW
SetErrorMode
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentThreadId
FindFirstFileW
GetTickCount
GetLongPathNameW
FindClose
RemoveDirectoryW
FindNextFileW
GetUserDefaultLangID
InterlockedDecrement
GetFileSizeEx
DuplicateHandle
GetCurrentThread
GetExitCodeThread
InterlockedIncrement
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
InterlockedExchange
GetStringTypeW
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
GetCommandLineW
RtlUnwind
CreateTimerQueue
CreateTimerQueueTimer
GetTimeFormatW

user32

DrawIconEx
SetWindowPos
PtInRect
FillRect
GetIconInfo
GetDC
SetWindowLongW
InflateRect
OffsetRect
GetWindowLongW
SystemParametersInfoW
ReleaseDC
SetCapture
GetWindowDC
GetWindowRect
LoadStringW
ReleaseCapture
GetSystemMetrics
SendMessageW
CallWindowProcW
DefWindowProcW
DrawTextW
DialogBoxParamW
GetDlgItem
EndDialog
GetComboBoxInfo
MessageBoxW
GetMessageW
PostQuitMessage
TrackPopupMenu
SetForegroundWindow
LoadCursorW
TranslateMessage
RegisterClassExW
AppendMenuW
GetCursorPos
CreatePopupMenu
CreateWindowExW
DestroyMenu
DispatchMessageW
GetClientRect
EnumWindows
GetClassNameW
GetWindowThreadProcessId
KillTimer
ShowWindow
DestroyWindow
SetLayeredWindowAttributes
AdjustWindowRectEx
DestroyIcon
SetTimer
PostMessageW
LoadImageW
ClientToScreen
MonitorFromRect
GetWindow
GetMonitorInfoW
PeekMessageW
WaitMessage
GetClassLongW
SetFocus
GetFocus
UnregisterClassW
MonitorFromPoint
SetWindowTextW

gdi32

CreateFontW
GetStockObject
CreateFontIndirectW
GetDeviceCaps
SetBkMode
DeleteObject
SelectObject
CreateRectRgnIndirect
CombineRgn
GetObjectW
CreateSolidBrush
SetTextColor

advapi32

RegOpenKeyExW
RegEnumKeyW
RegCloseKey
RegEnumValueW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW

shell32

SHGetFolderPathW
Shell_NotifyIconW
SHCreateDirectoryExW
ShellExecuteW
SHFileOperationW
DoEnvironmentSubstW

ole32

CoTaskMemFree
CoSetProxyBlanket
CoCreateGuid
CreateBindCtx
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocStringLen
SysFreeString
VariantClear
VariantCopy
VariantInit
SysAllocString

shlwapi

PathAddBackslashW
UrlCreateFromPathW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW
PathStripPathW
PathCombineW

comctl32

ord410
ord412
ord413

urlmon

RegisterBindStatusCallback
RevokeBindStatusCallback
CreateURLMonikerEx

wininet

InternetCheckConnectionW

winhttp

WinHttpAddRequestHeaders
WinHttpReadData
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpSetOption
WinHttpSendRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpQueryHeaders

Sections

.text
Size: 533KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 748KB - Virtual size: 748KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

690db9770922b2da52bf049d612b32c8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:37:e8Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:6d:34:42:12:06:8e:e6:cc:0e:61:0a:cd:f0:b1:3b:3eCertificate

Extended Key Usages

Key Usages

7c:4f:e6:79:a7:6d:fa:65:92:0d:a6:ec:4b:ef:b0:b9:6d:6e:91:34Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

uxtheme

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

urlmon

wininet

winhttp

Sections

.text Size: 533KB - Virtual size: 532KB

.rdata Size: 113KB - Virtual size: 112KB

.data Size: 16KB - Virtual size: 35KB

.rsrc Size: 748KB - Virtual size: 748KB

.reloc Size: 78KB - Virtual size: 77KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:6d:34:42:12:06:8e:e6:cc:0e:61:0a:cd:f0:b1:3b:3e
Certificate

7c:4f:e6:79:a7:6d:fa:65:92:0d:a6:ec:4b:ef:b0:b9:6d:6e:91:34
Signer

.text
Size: 533KB - Virtual size: 532KB

.rdata
Size: 113KB - Virtual size: 112KB

.data
Size: 16KB - Virtual size: 35KB

.rsrc
Size: 748KB - Virtual size: 748KB

.reloc
Size: 78KB - Virtual size: 77KB