01b0bc949dc518cfd31dfa2de21298b1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

01b0bc949dc518cfd31dfa2de21298b1_JaffaCakes118
Size

774KB
MD5

01b0bc949dc518cfd31dfa2de21298b1
SHA1

2752debf0428dbd9763f7c25d820c734b61c93ce
SHA256

42e6fff593020220c24be9faef142eae150656effd2bde52fd10ae145bd607aa
SHA512

5b204f67c7bff1574e4602eb4202a652a95d88fa1cde780ba01e95274bdd221786d754b4f05b6a783303eba60ee1cd82a8d05eb16f099526709dc740d5baddd8
SSDEEP

6144:7KzXU11R1+hzV5rZtZC50KzXU11R1+hzV5g5rZtZC50KzXU11R1+hzV5rZC5g5re:OXUPiTEXUPpTEXUPiZTEXUP4

Score

1^/10

Malware Config

Signatures

Files

01b0bc949dc518cfd31dfa2de21298b1_JaffaCakes118
.dll windows:6 windows x86 arch:x86

d5c70b4bf37fb1e87c41bfb05e506a12

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

aa:d9:51:0c:46:0f:80:8f:75:26:d3:19:3e:ad:03:5d:6e:96:29:b7
Signer

Actual PE Digest

aa:d9:51:0c:46:0f:80:8f:75:26:d3:19:3e:ad:03:5d:6e:96:29:b7

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

MFCM140.i386.pdb

Imports

kernel32

DecodePointer
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
Sleep
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
LeaveCriticalSection
EnterCriticalSection
CloseHandle

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

vcruntime140

__FrameUnwindFilter
__telemetry_main_invoke_trigger
_purecall
__CxxFrameHandler3
__telemetry_main_return_trigger
__std_type_info_destroy_list
_except_handler4_common
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__vcrt_InitializeCriticalSectionEx

user32

PostMessageA
SendMessageA
GetClientRect
CopyRect
GetWindow
SetWindowPos

mfc140

ord7677
ord5388
ord8182
ord10202
ord5937
ord6469
ord2381
ord13784
ord5210
ord5390
ord5231
ord5756
ord5504
ord2370
ord2263
ord485
ord2241
ord7614
ord3592
ord7688
ord9305
ord2575
ord2565
ord4383
ord13474
ord13473
ord4467
ord8305
ord14147
ord14047
ord8775
ord13402
ord5397
ord7781
ord14053
ord8734
ord8731
ord5511
ord12874
ord13781
ord12286
ord8086
ord7687
ord8089
ord3916
ord3287
ord3288
ord5228
ord5528
ord5739
ord9166
ord3968
ord2342
ord4138
ord3294
ord6329
ord6940
ord2542
ord835
ord1363
ord7398
ord12163
ord7649
ord6274
ord12112
ord12066
ord3825
ord372
ord9183
ord3291
ord10458
ord3258
ord11692
ord8880
ord2251
ord2250
ord274
ord1528
ord1042
ord1661
ord1044

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
abort
_initterm_e
terminate
_execute_onexit_table
_initterm
_seh_filter_dll

mscoree

_CorDllMain

Exports

Exports

AfxmReleaseManagedReferences

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5c70b4bf37fb1e87c41bfb05e506a12

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70Certificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

aa:d9:51:0c:46:0f:80:8f:75:26:d3:19:3e:ad:03:5d:6e:96:29:b7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

vcruntime140

user32

mfc140

api-ms-win-crt-runtime-l1-1-0

mscoree

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 1024B - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 1KB - Virtual size: 1KB

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

aa:d9:51:0c:46:0f:80:8f:75:26:d3:19:3e:ad:03:5d:6e:96:29:b7
Signer

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 1024B - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 1KB - Virtual size: 1KB