52f02511e42c9ce7464213eba07b088e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

52f02511e42c9ce7464213eba07b088e_JaffaCakes118
Size

1.5MB
MD5

52f02511e42c9ce7464213eba07b088e
SHA1

0d4784e546d44626a4b3a19374fe17f12cd6e369
SHA256

0f0d08c76ecdb629866e55cf8e4d15663ec10815f39f8dadd779f816721788b6
SHA512

ce97d38df5cb4f01b6396afd5fa1b2207a62819ce3611e96f2c6a4c97db599b865b29b561830f2e1c1a03bb493fc93836d98937a0620282e4dee752c23077f55
SSDEEP

24576:VWbP3PwDwDjdeS2iVNP+4iF5Rr3KvkZ1v/ThxZWwlkP1iiHUwxtgvT5ETXu0sPI+:s+wDJedrh66/fZN6P1Fxt+ETL9SIw

Score

1^/10

Malware Config

Signatures

Files

52f02511e42c9ce7464213eba07b088e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e6ae3b950e074626dde03d7c499c461a

Code Sign

07:1b:86:4f:59:b4:a7:39:32:76:e5:7c:53:09:2b:a6
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03/09/2013, 00:00

Not After

08/09/2014, 12:00

Subject

CN=InstallX\, LLC,O=InstallX\, LLC,L=Sartell,ST=Minnesota,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:07:e4:23:0d:75:41:76:48:a0:ac:15:f9:0a:1e:07:89:6e:78:0a
Signer

Actual PE Digest

67:07:e4:23:0d:75:41:76:48:a0:ac:15:f9:0a:1e:07:89:6e:78:0a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tfs.vs2012\admin\windows\MAIN\Installer.QuickStart.Application\ReleaseNoMFC\quickstart.pdb

Imports

comctl32

ImageList_Create
InitCommonControlsEx
ImageList_Add

kernel32

CloseHandle
GetTickCount
GetLastError
MultiByteToWideChar
FileTimeToSystemTime
SystemTimeToFileTime
Sleep
GetTempPathA
FindResourceExW
FindResourceW
LoadResource
LockResource
GetCurrentThreadId
SetUnhandledExceptionFilter
ReleaseMutex
RtlCaptureStackBackTrace
CreateMutexA
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
SizeofResource
GetVersion
GetModuleHandleA
GetProcAddress
GetLocalTime
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
OutputDebugStringW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
UnhandledExceptionFilter
GetStringTypeW
GetModuleFileNameW
GetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
InterlockedIncrement
SetLastError
RtlUnwind
LoadLibraryExW
ExitThread
CreateThread
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleExW
ExitProcess
InterlockedDecrement
DecodePointer
EncodePointer
HeapSize
HeapReAlloc
HeapDestroy
AreFileApisANSI
DeleteFileW
WideCharToMultiByte
RaiseException
FormatMessageA
LocalAlloc
lstrlenA
LocalFree
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
GetSystemTime
GetTempFileNameA
DeleteFileA
RemoveDirectoryA
SetFileAttributesA
CopyFileA
GetFileAttributesA
GetModuleFileNameA
GetCurrentDirectoryA
GetFullPathNameA
GetLongPathNameA
GetVersionExA
GetSystemInfo
GetCurrentProcess
GetWindowsDirectoryA
GetSystemDirectoryA
ExpandEnvironmentStringsA
HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryA
FreeLibrary
GetTimeZoneInformation
CreateFileA
OpenProcess
GetExitCodeProcess
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
LoadLibraryExA
FindResourceExA
GetFileSize
ReadFile
WriteFile
SetFilePointer
CreateProcessA
CreateToolhelp32Snapshot
Process32First
Process32Next
TerminateProcess
Module32First
Module32Next
GetCurrentProcessId
CreateEventA
WaitForSingleObjectEx
ResetEvent
SetEvent
GetUserDefaultUILanguage
VirtualQuery
GetCurrentThread
GetFullPathNameW
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
UnlockFileEx
GetSystemTimeAsFileTime
InitializeCriticalSection
LoadLibraryW
FormatMessageW
LeaveCriticalSection
GetFileAttributesW
CreateFileW
FlushFileBuffers
GetTempPathW
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
CreateFileMappingA
GetDiskFreeSpaceA
GetFileAttributesExW
DeleteCriticalSection

user32

SetWindowLongA
GetWindowLongA
PostMessageA
GetWindowTextLengthA
GetWindowTextA
ScreenToClient
SetWindowTextA
IsWindow
ClientToScreen
SetWindowPos
MessageBoxA
SetTimer
DestroyWindow
SetForegroundWindow
EnableWindow
KillTimer
GetParent
SetParent
GetWindowRect
SendMessageA
ShowWindow
UpdateWindow
GetSystemMetrics
GetShellWindow
GetWindowThreadProcessId
LoadStringA
EnumWindows
IsWindowEnabled
FindWindowExA
GetClassNameA
EnumChildWindows
FindWindowA
GetDesktopWindow
SetCursor
LoadCursorA
ReleaseCapture
GetKeyboardState
CreateWindowExA
GetClassInfoExA
RegisterClassExA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
CallWindowProcA
DefWindowProcA
LoadBitmapA
LoadImageA
DialogBoxParamA
CreateDialogParamA
EndDialog
GetDlgItem
SendMessageW
CopyRect
InflateRect
FrameRect
BeginPaint
EndPaint
MessageBoxExA
WaitForInputIdle
PostQuitMessage
LoadAcceleratorsA
SetDlgItemTextA
OffsetRect
SystemParametersInfoA
AdjustWindowRectEx
SetClassLongA
LoadIconA
IsIconic
GetFocus
SetFocus
IsWindowVisible
InvalidateRgn
InvalidateRect
MoveWindow
GetClientRect

shell32

Shell_NotifyIconA
ShellExecuteExA
SHGetSpecialFolderPathA

ole32

CoCreateGuid
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
OleUninitialize
CoInitializeSecurity
OleInitialize
StringFromGUID2

oleaut32

VariantClear
SafeArrayDestroy
SafeArrayUnaccessData
VariantChangeType
SysFreeString
SysAllocStringLen
SysAllocString
VariantInit
SafeArrayCreateVector
SafeArrayAccessData
SysStringLen

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

userenv

ExpandEnvironmentStringsForUserA

psapi

EnumProcesses
GetModuleFileNameExA

wininet

InternetReadFileExA
InternetSetOptionA
InternetErrorDlg
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetCombineUrlA
InternetGetCookieA
InternetSetCookieA
FindCloseUrlCache
InternetCloseHandle
InternetOpenA
InternetSetStatusCallback
HttpQueryInfoA
InternetConnectA
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA

shlwapi

SHDeleteEmptyKeyA
PathIsDirectoryEmptyA
PathRemoveFileSpecA
UrlEscapeA
PathStripPathA
PathCombineA
PathFindExtensionA
PathRenameExtensionA

gdiplus

GdipDeleteGraphics
GdipCreateFromHDC
GdipSetCompositingMode

urlmon

IsValidURL

gdi32

PatBlt
GetStockObject
CreateCompatibleDC
DeleteObject
SetWindowOrgEx
BitBlt
DeleteDC
SelectObject
CreateCompatibleBitmap
GetObjectA

advapi32

ImpersonateLoggedOnUser
RegEnumKeyExA
RegQueryInfoKeyA
RevertToSelf
OpenProcessToken
GetTokenInformation
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
SetTokenInformation
LookupPrivilegeValueA
DuplicateTokenEx
GetLengthSid
AdjustTokenPrivileges
RegOpenCurrentUser
RegOpenUserClassesRoot
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-qu
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-ti
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 512B - Virtual size: 59B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text-co
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-qu
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-ti
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data-co
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 389KB - Virtual size: 389KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6ae3b950e074626dde03d7c499c461a

Code Sign

07:1b:86:4f:59:b4:a7:39:32:76:e5:7c:53:09:2b:a6Certificate

Extended Key Usages

Key Usages

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1Certificate

Extended Key Usages

Key Usages

67:07:e4:23:0d:75:41:76:48:a0:ac:15:f9:0a:1e:07:89:6e:78:0aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

shell32

ole32

oleaut32

version

userenv

psapi

wininet

shlwapi

gdiplus

urlmon

gdi32

advapi32

Sections

.text Size: 145KB - Virtual size: 145KB

.text-qu Size: 243KB - Virtual size: 242KB

.text-co Size: 83KB - Virtual size: 83KB

.text-co Size: 49KB - Virtual size: 48KB

.text-co Size: 21KB - Virtual size: 20KB

.text-co Size: 11KB - Virtual size: 11KB

.text-co Size: 10KB - Virtual size: 9KB

.text-co Size: 257KB - Virtual size: 257KB

.text-ti Size: 42KB - Virtual size: 42KB

.text-co Size: 11KB - Virtual size: 11KB

.text-co Size: 512B - Virtual size: 59B

.text-co Size: 12KB - Virtual size: 12KB

.rdata Size: 204KB - Virtual size: 203KB

.data Size: 13KB - Virtual size: 22KB

.data-qu Size: 512B - Virtual size: 52B

.data-co Size: 512B - Virtual size: 172B

.data-co Size: 512B - Virtual size: 56B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 3KB - Virtual size: 2KB

.data-ti Size: 1KB - Virtual size: 1KB

.data-co Size: 512B - Virtual size: 40B

.data-co Size: 512B - Virtual size: 4B

.data-co Size: 512B - Virtual size: 40B

.rsrc Size: 389KB - Virtual size: 389KB

07:1b:86:4f:59:b4:a7:39:32:76:e5:7c:53:09:2b:a6
Certificate

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1
Certificate

67:07:e4:23:0d:75:41:76:48:a0:ac:15:f9:0a:1e:07:89:6e:78:0a
Signer

.text
Size: 145KB - Virtual size: 145KB

.text-qu
Size: 243KB - Virtual size: 242KB

.text-co
Size: 83KB - Virtual size: 83KB

.text-co
Size: 49KB - Virtual size: 48KB

.text-co
Size: 21KB - Virtual size: 20KB

.text-co
Size: 11KB - Virtual size: 11KB

.text-co
Size: 10KB - Virtual size: 9KB

.text-co
Size: 257KB - Virtual size: 257KB

.text-ti
Size: 42KB - Virtual size: 42KB

.text-co
Size: 11KB - Virtual size: 11KB

.text-co
Size: 512B - Virtual size: 59B

.text-co
Size: 12KB - Virtual size: 12KB

.rdata
Size: 204KB - Virtual size: 203KB

.data
Size: 13KB - Virtual size: 22KB

.data-qu
Size: 512B - Virtual size: 52B

.data-co
Size: 512B - Virtual size: 172B

.data-co
Size: 512B - Virtual size: 56B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 3KB - Virtual size: 2KB

.data-ti
Size: 1KB - Virtual size: 1KB

.data-co
Size: 512B - Virtual size: 40B

.data-co
Size: 512B - Virtual size: 4B

.data-co
Size: 512B - Virtual size: 40B

.rsrc
Size: 389KB - Virtual size: 389KB