General

Malware Config

Signatures

Files

• 04f63e9df9ee48236ace3c32141b1279_JaffaCakes118

  .dll regsvr32 windows:6 windows x86 arch:x86

  128519a4e6ea04421cfbf9f20d56db5e

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  49:6b:67:c8:83:38:6c:82:b7:e6:ff:63:ce:fe:14:66

  Certificate

  Issuer

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Not Before

  11-01-2015 00:00

  Not After

  11-01-2016 23:59

  Subject

  CN=Wild West,O=Wild West,L=San Diego,ST=California,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  08-02-2010 00:00

  Not After

  07-02-2020 23:59

  Subject

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  1b:a1:15:33:6b:e1:10:52:e3:25:13:e6:59:ec:45:51:55:c9:ec:03

  Signer

  Actual PE Digest

  1b:a1:15:33:6b:e1:10:52:e3:25:13:e6:59:ec:45:51:55:c9:ec:03

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  kernel32

  FreeLibrary

  GetProcAddress

  GetModuleHandleW

  SizeofResource

  LoadResource

  FindResourceW

  LoadLibraryExW

  GetModuleFileNameW

  CreateMutexW

  ReleaseMutex

  WaitForSingleObject

  lstrcmpiW

  LeaveCriticalSection

  LockResource

  FindResourceExW

  GetThreadLocale

  SetThreadLocale

  DecodePointer

  EncodePointer

  SetEndOfFile

  SetFilePointer

  MultiByteToWideChar

  DeleteCriticalSection

  DisableThreadLibraryCalls

  GetLastError

  RaiseException

  InitializeCriticalSectionAndSpinCount

  InterlockedDecrement

  EnterCriticalSection

  InterlockedIncrement

  CreateFileW

  WriteConsoleW

  SetStdHandle

  LoadLibraryW

  OutputDebugStringW

  ReadConsoleW

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  GetLocaleInfoW

  LCMapStringW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetSystemTimeAsFileTime

  GetCurrentProcessId

  QueryPerformanceCounter

  GetModuleFileNameA

  GetOEMCP

  GetACP

  IsValidCodePage

  CloseHandle

  FlushFileBuffers

  HeapDestroy

  HeapAlloc

  HeapReAlloc

  HeapFree

  HeapSize

  GetProcessHeap

  GetCPInfo

  IsDebuggerPresent

  IsProcessorFeaturePresent

  GetCommandLineA

  GetCurrentThreadId

  ExitProcess

  GetModuleHandleExW

  Sleep

  WideCharToMultiByte

  GetStringTypeW

  SetLastError

  GetStdHandle

  GetFileType

  GetStartupInfoW

  WriteFile

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  RtlUnwind

  GetConsoleCP

  GetConsoleMode

  ReadFile

  SetFilePointerEx

  user32

  CharNextW

  CharLowerBuffW

  advapi32

  RegDeleteValueW

  RegCreateKeyExW

  RegSetValueExW

  RegOpenKeyExW

  RegEnumKeyExW

  RegQueryInfoKeyW

  RegCloseKey

  RegDeleteKeyW

  RegQueryValueExW

  shell32

  SHGetFolderPathW

  ole32

  CoTaskMemRealloc

  StringFromGUID2

  CoTaskMemAlloc

  CLSIDFromString

  CoCreateInstance

  CoTaskMemFree

  CoCreateGuid

  oleaut32

  SysStringLen

  UnRegisterTypeLi

  RegisterTypeLi

  DispCallFunc

  LoadTypeLi

  LoadRegTypeLi

  SysStringByteLen

  SysAllocStringByteLen

  VariantCopy

  SysAllocString

  VarUI4FromStr

  VariantClear

  VariantInit

  VarBstrCmp

  SysFreeString

  shlwapi

  PathAppendW

  Exports

  Exports

  DllCanUnloadNow

  DllGetClassObject

  DllInstall

  DllRegisterServer

  DllUnregisterServer

  Sections

  .text

  Size: 159KB - Virtual size: 158KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 45KB - Virtual size: 44KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 9KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 38KB - Virtual size: 37KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ