28555f9f9d8db1b23bf2efffc31d2055_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

28555f9f9d8db1b23bf2efffc31d2055_JaffaCakes118
Size

415KB
MD5

28555f9f9d8db1b23bf2efffc31d2055
SHA1

8ea01a90165c035e6e14de76f1a4a9e648267498
SHA256

d3ff9a6c419a76edfb17fae9bf43bb342ba3aec0a6ca71deb4cb1aa095c93d6d
SHA512

4eb9c9a55e5d68ed3542288a734345770ce6fca7c75e6e4c5c98afacd3bc9b4ff4b379dc81605e50d8cf9d70dd78bcbcdcc4956100dd61431922906408cc07bd
SSDEEP

12288:jBqjlSShePnpxGYFWt5NpzCTPQnzOozU89q:jBqcShePnOYFWKTPQnzvYcq

Score

1^/10

Malware Config

Signatures

Files

28555f9f9d8db1b23bf2efffc31d2055_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

1978a2b806b3cf19a9201f6f6699fd73

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:2a:cd:9e:52:b3:fc:95:24:22:9d:8d:21:3d:87:58
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/01/2019, 00:00

Not After

04/02/2020, 23:59

Subject

CN=上海展盟网络科技有限公司,OU=IT,O=上海展盟网络科技有限公司,L=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:9d:6a:bc:d0:f9:df:4e:41:ee:cf:e8:d9:0f:a5:0b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21/01/2019, 00:00

Not After

04/02/2020, 23:59

Subject

CN=上海展盟网络科技有限公司,OU=IT,O=上海展盟网络科技有限公司,L=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ab:4d:ca:4a:52:72:fd:65:89:58:e3:a6:ee:13:75:3e:a4:7f:dc:0f:19:52:1c:4c:22:7b:93:57:66:9a:44:a3
Signer

Actual PE Digest

ab:4d:ca:4a:52:72:fd:65:89:58:e3:a6:ee:13:75:3e:a4:7f:dc:0f:19:52:1c:4c:22:7b:93:57:66:9a:44:a3

Digest Algorithm

sha256

PE Digest Matches

true

23:76:8b:d1:6f:5b:94:f1:62:77:67:5d:89:93:83:a3:88:49:1f:ac
Signer

Actual PE Digest

23:76:8b:d1:6f:5b:94:f1:62:77:67:5d:89:93:83:a3:88:49:1f:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\7654Browser_Official\src\out\Release\Checker.dll.pdb

Imports

shlwapi

PathRemoveFileSpecA
PathAppendA

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

advapi32

RegCloseKey
RegCreateKeyExW
RegSetValueExW
SetThreadToken
OpenProcessToken
CreateProcessAsUserA
AllocateAndInitializeSid
DuplicateToken
DuplicateTokenEx
EqualSid
FreeSid
GetTokenInformation
InitializeSecurityDescriptor
RevertToSelf
SetSecurityDescriptorDacl
SetTokenInformation
RegisterServiceCtrlHandlerW
SetServiceStatus
ChangeServiceConfigW
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
StartServiceW
RegOpenKeyExW

kernel32

OpenProcess
GetVersionExW
FreeLibrary
GetModuleFileNameA
GetProcAddress
LoadLibraryW
LocalAlloc
LocalFree
FreeConsole
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetLastError
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
FindNextFileA
FindFirstFileExA
Sleep
CreateMutexW
GetLastError
CloseHandle
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetCurrentProcess
FindClose
ReadConsoleW
WriteConsoleW
GetTimeZoneInformation
GetDriveTypeW
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetModuleHandleW
ReadFile
WriteFile
GetTempPathW
CreateFileW
GetFileAttributesW
GetCurrentDirectoryW
GetCurrentThreadId
GetModuleHandleA
CreateEventW
SetThreadPriority
DuplicateHandle
GetCurrentThread
GetThreadPriority
RaiseException
CreateThread
IsDebuggerPresent
GetModuleFileNameW
GetCurrentProcessId
GetTickCount
SetFilePointerEx
FlushFileBuffers
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentVariableW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
RegisterWaitForSingleObject
UnregisterWaitEx
GetModuleHandleExW
GetCommandLineW
GetNativeSystemInfo
TerminateProcess
VirtualFree
VirtualAlloc
SetEvent
GetSystemDirectoryW
GetWindowsDirectoryW
WaitForSingleObjectEx
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
RtlUnwind
GetProcessHeap
GetFullPathNameW
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
ExitProcess
ExitThread
GetACP

ole32

CoTaskMemFree

shell32

SHGetKnownFolderPath
SHGetFolderPathW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
GetHandleVerifier
ServiceMain

Sections

.text
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1978a2b806b3cf19a9201f6f6699fd73

Code Sign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

2c:2a:cd:9e:52:b3:fc:95:24:22:9d:8d:21:3d:87:58Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0d:9d:6a:bc:d0:f9:df:4e:41:ee:cf:e8:d9:0f:a5:0bCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

ab:4d:ca:4a:52:72:fd:65:89:58:e3:a6:ee:13:75:3e:a4:7f:dc:0f:19:52:1c:4c:22:7b:93:57:66:9a:44:a3Signer

23:76:8b:d1:6f:5b:94:f1:62:77:67:5d:89:93:83:a3:88:49:1f:acSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

wtsapi32

advapi32

kernel32

ole32

shell32

Exports

Exports

Sections

.text Size: 286KB - Virtual size: 286KB

.rdata Size: 81KB - Virtual size: 81KB

.data Size: 8KB - Virtual size: 16KB

.gfids Size: 3KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1024B - Virtual size: 848B

.reloc Size: 16KB - Virtual size: 15KB

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

2c:2a:cd:9e:52:b3:fc:95:24:22:9d:8d:21:3d:87:58
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0d:9d:6a:bc:d0:f9:df:4e:41:ee:cf:e8:d9:0f:a5:0b
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

ab:4d:ca:4a:52:72:fd:65:89:58:e3:a6:ee:13:75:3e:a4:7f:dc:0f:19:52:1c:4c:22:7b:93:57:66:9a:44:a3
Signer

23:76:8b:d1:6f:5b:94:f1:62:77:67:5d:89:93:83:a3:88:49:1f:ac
Signer

.text
Size: 286KB - Virtual size: 286KB

.rdata
Size: 81KB - Virtual size: 81KB

.data
Size: 8KB - Virtual size: 16KB

.gfids
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1024B - Virtual size: 848B

.reloc
Size: 16KB - Virtual size: 15KB