f1cb666ab97ebe6f61ba36ac1df8fb43_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f1cb666ab97ebe6f61ba36ac1df8fb43_JaffaCakes118
Size

498KB
MD5

f1cb666ab97ebe6f61ba36ac1df8fb43
SHA1

ad557c714019867dc5677ab1d8321b1f4bf9bb9f
SHA256

8fa394070e0b60511b887736dd832a0a2c45bc293257c3dcf710b1a2fe41bd8f
SHA512

cb979931836408535afbbcf2215bb51e39105788d383ea6f83cb4f66e95017dbd76ea5f607100e4cffb98330b9afa0ab944a14c80909a29f9abc8dc4ad18c21b
SSDEEP

6144:E1VXL/ZR04zQy+Mtsz3svvii3IzaP4J0q7Je2LQxFl40DqtFbMg0Y4c8:E1VXLhR0yltk3Utr4ePrDqUg0/

Score

1^/10

Malware Config

Signatures

Files

f1cb666ab97ebe6f61ba36ac1df8fb43_JaffaCakes118
.dll windows:6 windows x86 arch:x86

c9e051d31e4e0a85191529cd6afee731

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9b:67:a1:8f:75:a8:39:2e:af:94:0e:d9:cf:2e:53:2c:fb:ac:e7:89
Signer

Actual PE Digest

9b:67:a1:8f:75:a8:39:2e:af:94:0e:d9:cf:2e:53:2c:fb:ac:e7:89

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

bitswarm.pdb

Imports

msvcrt

_vscprintf
towupper
_wcsicmp
_vscwprintf
time
srand
rand
strchr
strncmp
_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
ferror
wctomb
_itoa
_snprintf
_iob
isleadbyte
__mb_cur_max
mbtowc
memset
_onexit
_lock
__dllonexit
_purecall
memmove
memcpy
_unlock
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
malloc
_callnewh
free
?what@exception@@UBEPBDXZ
wcschr
_CxxThrowException
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_errno
__CxxFrameHandler
??0exception@@QAE@ABV0@@Z

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentProcess
GetTickCount
QueryPerformanceCounter
RtlUnwind
GetCurrentThreadId
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentThread
QueryPerformanceFrequency
GlobalAlloc
GlobalFree
TerminateThread
WaitForMultipleObjects
GetQueuedCompletionStatus
ResumeThread
GetTempFileNameW
MoveFileExW
CopyFileW
DeleteFileW
CreateFileW
DeviceIoControl
GetFileAttributesW
SetFileAttributesW
CreateIoCompletionPort
CreateThread
RaiseException
ReadFile
WriteFile
InitializeCriticalSectionAndSpinCount
SetEvent
WaitForSingleObject
CreateEventW
OutputDebugStringA
SetThreadPriority
CloseHandle
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GetModuleHandleW
GetLastError
PostQueuedCompletionStatus
FreeLibrary
LoadLibraryW
InterlockedExchange
Sleep
InterlockedCompareExchange

rpcrt4

UuidToStringW
UuidToStringA
RpcStringFreeA
RpcStringFreeW

logging

?Trace@CLoggingEngine@@QAEXW4LOGGING_COMPONENT_CODE@@W4TRACE_FLAG@@PBDKJPBX22@Z
?TraceMessage@ClegacyTraceHelper@@QAAXW4TRACE_FLAG@@PB_WZZ
??0ClegacyTraceHelper@@QAE@W4LOGGING_COMPONENT_CODE@@PBDKPBX@Z
?AddComponent@CLoggingEngine@@QAEJPAVCLoggingModule@@W4TRACE_FLAG@@@Z
UnhandledExFilter
LoggingGetCore
??0CLoggingModule@@QAE@W4LOGGING_COMPONENT_CODE@@@Z

esestore

EseStoreReleaseConnection
EseStoreGetConnection
ReleaseEseStore
EseInitialize
EseUninitialize
EseStoreGetJetSessionAndDbid
GetEseStore

meshsessions

GetRemotePeerId
CreateEndpoint
TestHook
AcceptIncomingSession
Connect
Send
SimpleReceive
PublishService
CloseWlcHandle

wsock32

htons
htonl
ntohl
ntohs

ole32

CoUninitialize
CoInitializeEx

iphlpapi

NotifyAddrChange

lkrhwlc

??0CLKRHashTable@LKRhash@@QAE@PBDP6G?BKPBX@ZP6GKK@ZP6G_NKK@ZP6GX1H@ZNKK_N@Z
?InsertRecord@CLKRHashTable@LKRhash@@QAE?AW4LK_RETCODE@2@PBX_N@Z
?DeleteRecord@CLKRHashTable@LKRhash@@QAE?AW4LK_RETCODE@2@PBX@Z
?FindKey@CLKRHashTable@LKRhash@@QBE?AW4LK_RETCODE@2@KPAPBX@Z

utilclasses

??1IRefCounted@@MAE@XZ
?AddRef@IRefCounted@@UAGJXZ
?Release@IRefCounted@@UAGJXZ
??0IRefCounted@@QAE@XZ

esent

JetBeginTransaction2
JetSetColumns
JetGetTableColumnInfoA
JetSetCurrentIndexA
JetSeek
JetSetIndexRange
JetDelete
JetPrepareUpdate
JetSetColumn
JetUpdate
JetMove
JetRetrieveColumn
JetMakeKey
JetCloseTable
JetOpenTableA
JetRollback
JetCommitTransaction

Exports

Exports

CommitFileHashFromArray
CommitFileHashFromContext
CommittedEnclosures
ComputeFileHashAsync
EnclosuresChanged
GetDatagramsLinkCallback
GetDeviceConnectivityTicketCallback
GetDeviceTicketCallback
GetFileFullHashInfo
GetFileFullHashSize
Initialize
InitializeUser
MappingChanged
MappingCreated
MappingDeleted
ReleaseFileHashContext
RetryEnclosures
SetOnlineState
SetPerformanceCounterAddress
SetSessionManager
SyncActivity
Synchronized
Uninitialize
UninitializeUser

Sections

.text
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9e051d31e4e0a85191529cd6afee731

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:05:a2:30:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

9b:67:a1:8f:75:a8:39:2e:af:94:0e:d9:cf:2e:53:2c:fb:ac:e7:89Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

rpcrt4

logging

esestore

meshsessions

wsock32

ole32

iphlpapi

lkrhwlc

utilclasses

esent

Exports

Exports

Sections

.text Size: 392KB - Virtual size: 391KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 23KB - Virtual size: 22KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

9b:67:a1:8f:75:a8:39:2e:af:94:0e:d9:cf:2e:53:2c:fb:ac:e7:89
Signer

.text
Size: 392KB - Virtual size: 391KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 23KB - Virtual size: 22KB