54a87878167440e02c272545d9c80d40_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

54a87878167440e02c272545d9c80d40_JaffaCakes118
Size

27.8MB
MD5

54a87878167440e02c272545d9c80d40
SHA1

f55671137bd1fb832ae0ce8b2f5bdaa70898bc29
SHA256

269294f075ca5f420935fc7852e3205bd0873cfd2c629e02091671194f1d2fc0
SHA512

894f05d3a21c54b253e6870f08db58ae69d97ce12fe1631009afbf4820932c4e5f96f32401d36a1fa093ebb1a44d0b78142a13b1216f3586c473a55f6388951e
SSDEEP

393216:hvSpUPlaL9PHD1lFK0PLAomdsNUYHVok0/tdcBdvs1lzMVpAo6xAn2pF64dpMEj:4pu4tj1lFlLAWUYH6k0Wdvs5MWwEj

Score

1^/10

Malware Config

Signatures

Files

54a87878167440e02c272545d9c80d40_JaffaCakes118
.exe windows:5 windows x86 arch:x86

41cea14291d84ebf6512af33f87e726e

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

12:e1:05:87:4b:d7:b6:03:0b:1f:1a:bb:57:c2:1d:0d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

01/04/2013, 00:00

Not After

01/07/2014, 23:59

Subject

CN=Destiny Media,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Destiny Media,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:43:61:bb:d2:ff:20:55:32:62:e0:e8:6e:c2:fb:dc:85:3f:69:9c
Signer

Actual PE Digest

6f:43:61:bb:d2:ff:20:55:32:62:e0:e8:6e:c2:fb:dc:85:3f:69:9c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\workspace\Installer\Installer\Release\ZonaInstallerFull.pdb

Imports

uxtheme

DrawThemeBackground
OpenThemeData
DrawThemeText
IsThemeActive

shlwapi

StrToIntW
PathIsDirectoryW
wnsprintfW

gdiplus

GdipDrawImageRectI
GdipLoadImageFromFile
GdipAlloc
GdipFree
GdipDisposeImage
GdipCreateBitmapFromStream
GdipDeleteGraphics
GdipCloneImage
GdipCreateFromHDC
GdiplusStartup
GdiplusShutdown

kernel32

CreateNamedPipeW
WriteFile
ReadFile
CreateFileW
GetTempFileNameW
SetFilePointer
GetDriveTypeW
CreateProcessW
SystemTimeToFileTime
GetCurrentProcess
GetLogicalDriveStringsW
GlobalLock
WaitForSingleObject
OpenProcess
GlobalAlloc
WideCharToMultiByte
SizeofResource
GetVersionExW
GetExitCodeProcess
GetFileAttributesW
TerminateProcess
GetModuleFileNameW
MultiByteToWideChar
GlobalUnlock
GetTempPathW
GetFileSizeEx
SetLastError
GlobalFree
Process32FirstW
LocalAlloc
CreatePipe
Process32NextW
CreateToolhelp32Snapshot
GetDiskFreeSpaceExW
DeleteFileW
LocalFree
GetSystemTime
GetVolumeInformationW
ExpandEnvironmentStringsW
GetSystemDefaultLangID
FreeResource
GetFileSize
FormatMessageW
InterlockedDecrement
CreateDirectoryW
GetProcessHeap
CreateThread
TerminateThread
InitializeCriticalSection
ConnectNamedPipe
EnterCriticalSection
GlobalMemoryStatusEx
GetCurrentProcessId
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
CompareStringW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LoadLibraryW
InterlockedIncrement
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
CloseHandle
GetLastError
Sleep
LoadResource
FindResourceW
CreateMutexW
SetEnvironmentVariableA
MulDiv
lstrcmpiW
lstrcatW
FindResourceExW
LockResource
LeaveCriticalSection
lstrlenW
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedCompareExchange
GetShortPathNameW
DeleteCriticalSection
GetCommandLineW
HeapSetInformation
GetStartupInfoW
FindFirstFileExW
FindNextFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetProcAddress
GetModuleHandleW
ExitProcess
HeapFree
GetStdHandle
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
HeapAlloc
RtlUnwind
GetCPInfo
RaiseException

user32

EndPaint
BeginPaint
DrawStateW
MessageBoxW
SendMessageW
GetSystemMetrics
GetDesktopWindow
ShowWindow
DispatchMessageW
DefWindowProcW
UpdateWindow
CreateWindowExW
SetWindowLongW
GetWindowLongW
LoadIconW
RegisterClassExW
LoadAcceleratorsW
TranslateMessage
GetClientRect
LoadCursorW
PostQuitMessage
GetMessageW
TranslateAcceleratorW
SetWindowTextW
EnableWindow
GetWindowTextW
InvalidateRect
DestroyWindow
wsprintfW
GetWindowRect
GetClassInfoW
DrawFrameControl

gdi32

SetTextAlign
SelectObject
SetTextColor
SetBkMode
GetTextColor
GetTextExtentPoint32W
CreateFontW
TextOutW

advapi32

RegOpenKeyExW
GetUserNameA
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyW
RegQueryValueExW
EqualSid
RegCreateKeyExW
GetTokenInformation
OpenProcessToken
RegEnumKeyExW

shell32

SHGetFolderPathW
ShellExecuteExW
SHChangeNotify
ShellExecuteW
SHCreateDirectoryExW
SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
ord165
CommandLineToArgvW
ord190
SHOpenFolderAndSelectItems
SHFileOperationW

ole32

OleRun
CreateStreamOnHGlobal
CLSIDFromProgID
CoCreateGuid
StringFromGUID2
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysAllocString
GetErrorInfo

wininet

InternetCloseHandle
HttpOpenRequestW
HttpQueryInfoW
HttpAddRequestHeadersW
InternetOpenW
InternetQueryOptionW
InternetCrackUrlW
InternetReadFile
InternetConnectW
HttpSendRequestW
InternetSetOptionW

Sections

.text
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27.4MB - Virtual size: 27.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41cea14291d84ebf6512af33f87e726e

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

12:e1:05:87:4b:d7:b6:03:0b:1f:1a:bb:57:c2:1d:0dCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

6f:43:61:bb:d2:ff:20:55:32:62:e0:e8:6e:c2:fb:dc:85:3f:69:9cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

uxtheme

shlwapi

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

Sections

.text Size: 260KB - Virtual size: 260KB

.rdata Size: 65KB - Virtual size: 65KB

.data Size: 14KB - Virtual size: 23KB

.rsrc Size: 27.4MB - Virtual size: 27.4MB

.reloc Size: 89KB - Virtual size: 89KB

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

12:e1:05:87:4b:d7:b6:03:0b:1f:1a:bb:57:c2:1d:0d
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

6f:43:61:bb:d2:ff:20:55:32:62:e0:e8:6e:c2:fb:dc:85:3f:69:9c
Signer

.text
Size: 260KB - Virtual size: 260KB

.rdata
Size: 65KB - Virtual size: 65KB

.data
Size: 14KB - Virtual size: 23KB

.rsrc
Size: 27.4MB - Virtual size: 27.4MB

.reloc
Size: 89KB - Virtual size: 89KB