56afa99c7f19658fd7b030d7de4f4723_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

56afa99c7f19658fd7b030d7de4f4723_JaffaCakes118
Size

1.3MB
MD5

56afa99c7f19658fd7b030d7de4f4723
SHA1

42b10c6949b37016abf02415e2edfb9a9020e0e4
SHA256

0db0fc0040d3e4d69068cff087ac4cf6b7b54bb60a616298cc8d74f3e5b13fe7
SHA512

ad8a6c4544d14076f4eeafdbf2c178f04c22a195e4b09ad21d8bf9c68948321c94d4a05746dd807ba8501927a222c69fb38ec4840f2be544c56f5e81c1bf49e0
SSDEEP

24576:HjgFJFL6jnGtZjUWU84A0Tnt/72oAUA/Jpw:MRSy0TtTPAUA/Je

Score

1^/10

Malware Config

Signatures

Files

56afa99c7f19658fd7b030d7de4f4723_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e865d425cc61da7ddbbf95fd2ec14c39

Code Sign

01:00:00:00:00:01:11:db:40:c7:65
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

10/04/2007, 11:28

Not After

10/04/2009, 11:28

Subject

CN=uvnc bvba,O=uvnc bvba,C=BE,1.2.840.113549.1.9.1=#0c15727564692e64652e766f7340736b796e65742e6265

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d7:d2:1b:ba:da:f7:9c:d0:47:22:32:c0:27:6a:72:51:c9:c7:00:a4
Signer

Actual PE Digest

d7:d2:1b:ba:da:f7:9c:d0:47:22:32:c0:27:6a:72:51:c9:c7:00:a4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

send
listen
accept
inet_addr
gethostname
closesocket
socket
getpeername
gethostbyname
connect
WSAStartup
ioctlsocket
htonl
WSAGetLastError
htons
getsockname
shutdown
setsockopt
WSACleanup
recv
bind

winmm

timeSetEvent
timeGetTime

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsA
WTSEnumerateProcessesA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

UnmapViewOfFile
WaitForSingleObject
CreateFileMappingA
CreateMutexA
ReleaseMutex
OpenFileMappingA
GetCurrentProcess
SetLastError
Process32First
SetEvent
Sleep
CreateEventA
GetExitCodeProcess
Process32Next
CreateToolhelp32Snapshot
OutputDebugStringA
GetVersionExA
GetCurrentProcessId
SetCurrentDirectoryA
GetComputerNameA
ResumeThread
CreateThread
IsBadReadPtr
IsBadWritePtr
CreateFileA
GetSystemInfo
SetFilePointer
lstrlenA
SetEndOfFile
SetErrorMode
SystemTimeToFileTime
SetFileTime
WriteFile
GetDriveTypeA
FileTimeToSystemTime
ReadFile
FlushFileBuffers
CreateDirectoryA
GetLogicalDriveStringsA
MoveFileA
GetFileTime
GetSystemTime
GlobalLock
GetCurrentThread
GlobalAlloc
CreateProcessA
TerminateProcess
MapViewOfFile
GlobalUnlock
CloseHandle
SetProcessShutdownParameters
FindResourceA
LoadResource
SizeofResource
LockResource
MoveFileExA
AllocConsole
FormatMessageA
GetStdHandle
WriteConsoleA
GlobalDeleteAtom
GlobalGetAtomNameA
GlobalAddAtomA
ResetEvent
SearchPathA
GlobalFree
HeapSize
InterlockedDecrement
InterlockedIncrement
HeapReAlloc
ExitThread
RaiseException
GetStartupInfoA
GetCommandLineA
GetFileType
SetStdHandle
ExitProcess
GetModuleHandleW
FileTimeToLocalFileTime
HeapAlloc
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
TlsAlloc
DuplicateHandle
TlsSetValue
TlsFree
TlsGetValue
CreateSemaphoreA
ReleaseSemaphore
DeleteCriticalSection
InitializeCriticalSection
SetThreadPriority
GetTempPathA
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
GetPrivateProfileStructA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
OpenProcess
WritePrivateProfileStructA
WinExec
DeleteFileA
FindNextFileA
GetModuleFileNameA
FindClose
GetCPInfo
EnterCriticalSection
FindFirstFileA
LeaveCriticalSection
FreeLibrary
WideCharToMultiByte
GetCurrentThreadId
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetLastError
VirtualFree
VirtualAlloc
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetFullPathNameA
GetCurrentDirectoryA
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
OpenEventA
SetEnvironmentVariableA

user32

TrackPopupMenu
IsDlgButtonChecked
CheckDlgButton
SetDlgItemInt
GetDlgItemInt
ExitWindowsEx
GetProcessWindowStation
GetAsyncKeyState
MapVirtualKeyA
VkKeyScanA
SetRect
WaitMessage
PeekMessageA
IsIconic
DestroyWindow
EnumDesktopWindows
CloseClipboard
GetClassNameA
OpenDesktopA
DrawIconEx
WaitForInputIdle
WindowFromPoint
RegisterWindowMessageA
EnumWindows
GetIconInfo
GetWindowTextA
GetClipboardData
EmptyClipboard
ChangeClipboardChain
IsWindow
OpenClipboard
GetMenuItemID
SetClipboardData
SetClipboardViewer
GetClipboardOwner
keybd_event
GetKeyboardState
mouse_event
SetActiveWindow
MessageBeep
FlashWindow
GetDesktopWindow
ChangeDisplaySettingsExA
EnumDisplaySettingsA
SetCursor
ScreenToClient
GetWindowRect
SendDlgItemMessageA
SetCapture
SetForegroundWindow
LoadStringA
GetParent
GetClientRect
SetFocus
GetDC
GetScrollInfo
ReleaseDC
GetDlgItem
EndDialog
GetCursorPos
PostMessageA
SetCaretBlinkTime
ReleaseCapture
SetWindowTextA
CallWindowProcA
GetDlgItemTextA
DialogBoxParamA
GetSubMenu
LoadMenuA
EnableMenuItem
SetMenuDefaultItem
DestroyMenu
EnableWindow
ToAscii
IsWindowVisible
GetKeyState
GetCaretBlinkTime
SetDlgItemTextA
MoveWindow
MessageBoxA
wsprintfA
FindWindowA
GetWindowThreadProcessId
SystemParametersInfoA
GetForegroundWindow
SendMessageA
GetMessageA
GetUserObjectInformationA
SetTimer
RegisterClassExA
PostQuitMessage
GetThreadDesktop
KillTimer
LoadIconA
OpenInputDesktop
CloseDesktop
TranslateMessage
SetWindowLongA
GetWindowLongA
CreateWindowExA
DefWindowProcA
SetWindowPos
ShowWindow
SetThreadDesktop
DispatchMessageA
GetSystemMetrics
LoadImageA
AdjustWindowRect
LoadCursorA
IsRectEmpty
InvalidateRect

gdi32

GetBitmapBits
GetObjectA
CreateDIBSection
GetDeviceCaps
SetDIBColorTable
GdiFlush
CreatePalette
CreateCompatibleBitmap
RealizePalette
SelectPalette
GetPixel
BitBlt
ExtEscape
GetSystemPaletteEntries
MoveToEx
LineTo
SetROP2
PatBlt
DeleteDC
StretchBlt
GetDIBits
CreateDCA
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
GetClipBox
CreateSolidBrush
GetStockObject

advapi32

RegSetValueExA
LookupAccountSidA
GetUserNameA
RegCreateKeyA
OpenSCManagerA
SetServiceStatus
QueryServiceStatus
RegCreateKeyExA
RegisterServiceCtrlHandlerExA
CreateServiceA
DeleteService
StartServiceCtrlDispatcherA
CloseServiceHandle
OpenServiceA
AdjustTokenPrivileges
DuplicateTokenEx
LookupPrivilegeValueA
SetTokenInformation
FreeSid
RevertToSelf
AllocateAndInitializeSid
ImpersonateLoggedOnUser
EqualSid
GetTokenInformation
OpenProcessToken
CreateProcessAsUserA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shell32

SHAppBarMessage
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA
ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

imm32

ImmGetDefaultIMEWnd

Sections

.text
Size: 453KB - Virtual size: 452KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 796KB - Virtual size: 795KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e865d425cc61da7ddbbf95fd2ec14c39

Code Sign

01:00:00:00:00:01:11:db:40:c7:65Certificate

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:08:d9:61:1c:d6Certificate

Key Usages

04:00:00:00:00:01:08:d9:61:24:48Certificate

Key Usages

d7:d2:1b:ba:da:f7:9c:d0:47:22:32:c0:27:6a:72:51:c9:c7:00:a4Signer

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

winmm

version

wtsapi32

userenv

kernel32

user32

gdi32

advapi32

shell32

ole32

imm32

Sections

.text Size: 453KB - Virtual size: 452KB

.rdata Size: 86KB - Virtual size: 86KB

.data Size: 11KB - Virtual size: 124KB

.rsrc Size: 796KB - Virtual size: 795KB

01:00:00:00:00:01:11:db:40:c7:65
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

04:00:00:00:00:01:08:d9:61:24:48
Certificate

d7:d2:1b:ba:da:f7:9c:d0:47:22:32:c0:27:6a:72:51:c9:c7:00:a4
Signer

.text
Size: 453KB - Virtual size: 452KB

.rdata
Size: 86KB - Virtual size: 86KB

.data
Size: 11KB - Virtual size: 124KB

.rsrc
Size: 796KB - Virtual size: 795KB