530f1ef86e117f5c7949aa56b73c0642_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

530f1ef86e117f5c7949aa56b73c0642_JaffaCakes118
Size

1.5MB
MD5

530f1ef86e117f5c7949aa56b73c0642
SHA1

0cbd84b52ab13d2f75f0499c270bfc9c732407a6
SHA256

40980cf6ae8dcd7e9d5ab6ece687686d7077d6719c3fc4b65c43c2f0e0b05808
SHA512

2c1cb8e96c8263b7aabf6d966d1fde6194df22591522fd65144d9365fb6ce8ae1cbb65a388a124a9c8f7e7de933e4e4c2bf1aa175bbf697e31b0764aa1451487
SSDEEP

24576:JWbP3PwDwDjdeS2iVNP+4iF5Rr3KvkZ1v/ThxZWwlkP1iiHUwxtgvT5ETXu0oPyZ:A+wDJedrh66/fZN6P1Fxt+ETbHVSIP

Score

1^/10

Malware Config

Signatures

Files

530f1ef86e117f5c7949aa56b73c0642_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e6ae3b950e074626dde03d7c499c461a

Code Sign

07:1b:86:4f:59:b4:a7:39:32:76:e5:7c:53:09:2b:a6
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03/09/2013, 00:00

Not After

08/09/2014, 12:00

Subject

CN=InstallX\, LLC,O=InstallX\, LLC,L=Sartell,ST=Minnesota,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

af:68:be:47:29:21:ba:af:eb:51:22:6e:83:b9:5a:d0:4f:61:a5:f6
Signer

Actual PE Digest

af:68:be:47:29:21:ba:af:eb:51:22:6e:83:b9:5a:d0:4f:61:a5:f6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tfs.vs2012\admin\windows\MAIN\Installer.QuickStart.Application\ReleaseNoMFC\quickstart.pdb

Imports

comctl32

ImageList_Create
InitCommonControlsEx
ImageList_Add

kernel32

CloseHandle
GetTickCount
GetLastError
MultiByteToWideChar
FileTimeToSystemTime
SystemTimeToFileTime
Sleep
GetTempPathA
FindResourceExW
FindResourceW
LoadResource
LockResource
GetCurrentThreadId
SetUnhandledExceptionFilter
ReleaseMutex
RtlCaptureStackBackTrace
CreateMutexA
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
SizeofResource
GetVersion
GetModuleHandleA
GetProcAddress
GetLocalTime
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
OutputDebugStringW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
UnhandledExceptionFilter
GetStringTypeW
GetModuleFileNameW
GetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
InterlockedIncrement
SetLastError
RtlUnwind
LoadLibraryExW
ExitThread
CreateThread
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleExW
ExitProcess
InterlockedDecrement
DecodePointer
EncodePointer
HeapSize
HeapReAlloc
HeapDestroy
AreFileApisANSI
DeleteFileW
WideCharToMultiByte
RaiseException
FormatMessageA
LocalAlloc
lstrlenA
LocalFree
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
GetSystemTime
GetTempFileNameA
DeleteFileA
RemoveDirectoryA
SetFileAttributesA
CopyFileA
GetFileAttributesA
GetModuleFileNameA
GetCurrentDirectoryA
GetFullPathNameA
GetLongPathNameA
GetVersionExA
GetSystemInfo
GetCurrentProcess
GetWindowsDirectoryA
GetSystemDirectoryA
ExpandEnvironmentStringsA
HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryA
FreeLibrary
GetTimeZoneInformation
CreateFileA
OpenProcess
GetExitCodeProcess
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
LoadLibraryExA
FindResourceExA
GetFileSize
ReadFile
WriteFile
SetFilePointer
CreateProcessA
CreateToolhelp32Snapshot
Process32First
Process32Next
TerminateProcess
Module32First
Module32Next
GetCurrentProcessId
CreateEventA
WaitForSingleObjectEx
ResetEvent
SetEvent
GetUserDefaultUILanguage
VirtualQuery
GetCurrentThread
GetFullPathNameW
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
UnlockFileEx
GetSystemTimeAsFileTime
InitializeCriticalSection
LoadLibraryW
FormatMessageW
LeaveCriticalSection
GetFileAttributesW
CreateFileW
FlushFileBuffers
GetTempPathW
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
CreateFileMappingA
GetDiskFreeSpaceA
GetFileAttributesExW
DeleteCriticalSection

user32

SetWindowLongA
GetWindowLongA
PostMessageA
GetWindowTextLengthA
GetWindowTextA
ScreenToClient
SetWindowTextA
IsWindow
ClientToScreen
SetWindowPos
MessageBoxA
SetTimer
DestroyWindow
SetForegroundWindow
EnableWindow
KillTimer
GetParent
SetParent
GetWindowRect
SendMessageA
ShowWindow
UpdateWindow
GetSystemMetrics
GetShellWindow
GetWindowThreadProcessId
LoadStringA
EnumWindows
IsWindowEnabled
FindWindowExA
GetClassNameA
EnumChildWindows
FindWindowA
GetDesktopWindow
SetCursor
LoadCursorA
ReleaseCapture
GetKeyboardState
CreateWindowExA
GetClassInfoExA
RegisterClassExA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
CallWindowProcA
DefWindowProcA
LoadBitmapA
LoadImageA
DialogBoxParamA
CreateDialogParamA
EndDialog
GetDlgItem
SendMessageW
CopyRect
InflateRect
FrameRect
BeginPaint
EndPaint
MessageBoxExA
WaitForInputIdle
PostQuitMessage
LoadAcceleratorsA
SetDlgItemTextA
OffsetRect
SystemParametersInfoA
AdjustWindowRectEx
SetClassLongA
LoadIconA
IsIconic
GetFocus
SetFocus
IsWindowVisible
InvalidateRgn
InvalidateRect
MoveWindow
GetClientRect

shell32

Shell_NotifyIconA
ShellExecuteExA
SHGetSpecialFolderPathA

ole32

CoCreateGuid
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
OleUninitialize
CoInitializeSecurity
OleInitialize
StringFromGUID2

oleaut32

VariantClear
SafeArrayDestroy
SafeArrayUnaccessData
VariantChangeType
SysFreeString
SysAllocStringLen
SysAllocString
VariantInit
SafeArrayCreateVector
SafeArrayAccessData
SysStringLen

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

userenv

ExpandEnvironmentStringsForUserA

psapi

EnumProcesses
GetModuleFileNameExA

wininet

InternetReadFileExA
InternetSetOptionA
InternetErrorDlg
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetCombineUrlA
InternetGetCookieA
InternetSetCookieA
FindCloseUrlCache
InternetCloseHandle
InternetOpenA
InternetSetStatusCallback
HttpQueryInfoA
InternetConnectA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA

shlwapi

SHDeleteEmptyKeyA
PathIsDirectoryEmptyA
PathRemoveFileSpecA
UrlEscapeA
PathStripPathA
PathCombineA
PathFindExtensionA
PathRenameExtensionA

gdiplus

GdipDeleteGraphics
GdipCreateFromHDC
GdipSetCompositingMode

urlmon

IsValidURL

gdi32

PatBlt
GetStockObject
CreateCompatibleDC
DeleteObject
SetWindowOrgEx
BitBlt
DeleteDC
SelectObject
CreateCompatibleBitmap
GetObjectA

advapi32

ImpersonateLoggedOnUser
RegEnumKeyExA
RegQueryInfoKeyA
RevertToSelf
OpenProcessToken
GetTokenInformation
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
SetTokenInformation
LookupPrivilegeValueA
DuplicateTokenEx
GetLengthSid
AdjustTokenPrivileges
RegOpenCurrentUser
RegOpenUserClassesRoot
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-qu
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-ti
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 512B - Virtual size: 59B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-qu
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-ti
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 410KB - Virtual size: 410KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6ae3b950e074626dde03d7c499c461a

Code Sign

07:1b:86:4f:59:b4:a7:39:32:76:e5:7c:53:09:2b:a6Certificate

Extended Key Usages

Key Usages

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1Certificate

Extended Key Usages

Key Usages

af:68:be:47:29:21:ba:af:eb:51:22:6e:83:b9:5a:d0:4f:61:a5:f6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

shell32

ole32

oleaut32

version

userenv

psapi

wininet

shlwapi

gdiplus

urlmon

gdi32

advapi32

Sections

.text Size: 145KB - Virtual size: 145KB

.text-qu Size: 243KB - Virtual size: 242KB

.text-co Size: 83KB - Virtual size: 83KB

.text-co Size: 49KB - Virtual size: 48KB

.text-co Size: 21KB - Virtual size: 20KB

.text-co Size: 11KB - Virtual size: 11KB

.text-co Size: 10KB - Virtual size: 9KB

.text-co Size: 257KB - Virtual size: 257KB

.text-ti Size: 42KB - Virtual size: 42KB

.text-co Size: 11KB - Virtual size: 11KB

.text-co Size: 512B - Virtual size: 59B

.text-co Size: 12KB - Virtual size: 12KB

.rdata Size: 204KB - Virtual size: 203KB

.data Size: 13KB - Virtual size: 22KB

.data-qu Size: 512B - Virtual size: 52B

.data-co Size: 512B - Virtual size: 172B

.data-co Size: 512B - Virtual size: 56B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 3KB - Virtual size: 2KB

.data-ti Size: 1KB - Virtual size: 1KB

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 4B

.data-co Size: 512B - Virtual size: 40B

.rsrc Size: 410KB - Virtual size: 410KB

07:1b:86:4f:59:b4:a7:39:32:76:e5:7c:53:09:2b:a6
Certificate

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1
Certificate

af:68:be:47:29:21:ba:af:eb:51:22:6e:83:b9:5a:d0:4f:61:a5:f6
Signer

.text
Size: 145KB - Virtual size: 145KB

.text-qu
Size: 243KB - Virtual size: 242KB

.text-co
Size: 83KB - Virtual size: 83KB

.text-co
Size: 49KB - Virtual size: 48KB

.text-co
Size: 21KB - Virtual size: 20KB

.text-co
Size: 11KB - Virtual size: 11KB

.text-co
Size: 10KB - Virtual size: 9KB

.text-co
Size: 257KB - Virtual size: 257KB

.text-ti
Size: 42KB - Virtual size: 42KB

.text-co
Size: 11KB - Virtual size: 11KB

.text-co
Size: 512B - Virtual size: 59B

.text-co
Size: 12KB - Virtual size: 12KB

.rdata
Size: 204KB - Virtual size: 203KB

.data
Size: 13KB - Virtual size: 22KB

.data-qu
Size: 512B - Virtual size: 52B

.data-co
Size: 512B - Virtual size: 172B

.data-co
Size: 512B - Virtual size: 56B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 3KB - Virtual size: 2KB

.data-ti
Size: 1KB - Virtual size: 1KB

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 4B

.data-co
Size: 512B - Virtual size: 40B

.rsrc
Size: 410KB - Virtual size: 410KB