e9bd9dcb986881d37aa3c446a404e9fd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e9bd9dcb986881d37aa3c446a404e9fd_JaffaCakes118
Size

304KB
MD5

e9bd9dcb986881d37aa3c446a404e9fd
SHA1

98d359c9bda834b73d14be1cdc230f5250991cdb
SHA256

22943865f1e1299295e0ae6916531cc5319d6d0d9ed95cc1f86a85697e2a54c7
SHA512

f8767ed289dd52942e58269d4dc1bcf913c8c690803ea46795d048588921a877b55da8f0e4c1aaa823425d80c410e548be4613efc93bc3cef9ba50875b5bfc75
SSDEEP

3072:Uubc8f07f9+U4NttifyQX9Vv6osNL1BJVUnMfH5BFRvTBfuqM+wdDWR61cukC/RJ:UuY8f05+l9ZQt5I1HVUUB3vTBmDiR0ZJ

Score

1^/10

Malware Config

Signatures

Files

e9bd9dcb986881d37aa3c446a404e9fd_JaffaCakes118
.dll windows:5 windows x86 arch:x86

0a29a5817e960ae0cda9a975d0670c99

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:b1:54:e0:74:6b:42:4c:a2:8c:9c:31:0b:83:74:b2:4b
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

25/02/2015, 09:23

Not After

26/02/2016, 09:23

Subject

CN=Lucuma,O=Lucuma,L=Hod Hasharon,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a6:a1:68:f7:72:cd:8e:05:54:01:ee:bc:46:cc:c4:c8:c2:39:d4:97
Signer

Actual PE Digest

a6:a1:68:f7:72:cd:8e:05:54:01:ee:bc:46:cc:c4:c8:c2:39:d4:97

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
ReadFile
InterlockedCompareExchange
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
InterlockedExchange
LoadLibraryW
GetProcAddress
SetEndOfFile
WriteFile
FlushFileBuffers
SetLastError
CloseHandle
CreateFileW
ReadConsoleW
WriteConsoleW
GetSystemTimeAsFileTime
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
EncodePointer
DecodePointer
Sleep
GetStringTypeW
GetLastError
HeapFree
GetCommandLineA
GetCurrentThreadId
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
HeapSize
GetStdHandle
GetModuleFileNameW
IsValidCodePage
GetACP
GetOEMCP
GetProcessHeap
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
LoadLibraryExW
OutputDebugStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle

ws2_32

ioctlsocket
WSASetLastError
WSAGetLastError

Exports

Exports

Lock_dailyPixel
Set_ClearLSParamName
Set_ConfigHandle
Set_ConfigParamName
Set_WlistHandle
Set_WlistParamName
Set_dailyPixelID
Set_dailyPixelURL
Set_localStoreBackUPHandle
Set_localStoreDefaultValue
Set_localStoreHandle
Set_localStoreParam
Set_mainPath
Set_mainPathID
Set_sleepParamName
SleepTimer
Unlock_dailyPixel
WSARecvHookedProcess
WSASendHookedProcess
recvChrHookedProcess
recvFFHookedProcess
sendFFHookedProcess

Sections

.text
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UXIHOEO
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HKT
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a29a5817e960ae0cda9a975d0670c99

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

11:21:b1:54:e0:74:6b:42:4c:a2:8c:9c:31:0b:83:74:b2:4bCertificate

Extended Key Usages

Key Usages

a6:a1:68:f7:72:cd:8e:05:54:01:ee:bc:46:cc:c4:c8:c2:39:d4:97Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

Exports

Exports

Sections

.text Size: 189KB - Virtual size: 188KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 7KB - Virtual size: 15KB

.UXIHOEO Size: 4KB - Virtual size: 4KB

.HKT Size: 13KB - Virtual size: 13KB

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 35KB - Virtual size: 34KB

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:b1:54:e0:74:6b:42:4c:a2:8c:9c:31:0b:83:74:b2:4b
Certificate

a6:a1:68:f7:72:cd:8e:05:54:01:ee:bc:46:cc:c4:c8:c2:39:d4:97
Signer

.text
Size: 189KB - Virtual size: 188KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 7KB - Virtual size: 15KB

.UXIHOEO
Size: 4KB - Virtual size: 4KB

.HKT
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 35KB - Virtual size: 34KB