f422833adc4081654f1f8359d19d1f5c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f422833adc4081654f1f8359d19d1f5c_JaffaCakes118
Size

103KB
MD5

f422833adc4081654f1f8359d19d1f5c
SHA1

2d55ab210b5ab18410da9b8eb7e323375d763421
SHA256

e8c195f518db63a0f73fd01bb129b605ed1a4e05c1c9c3b726248c0dba478b3a
SHA512

9dfb281e9fdb193f0c49aa48fcc68efe1cb0091c5679b764f058abab6b842e03acc50389934a844b2013f5f24e6ea155a54f09daacad3cc05cf6d0f49dd1180a
SSDEEP

3072:sFMypmt6REW/oADBLi45RmyhEgNN9d5JoIe:AMeRJ/ogi4dHN91w

Score

1^/10

Malware Config

Signatures

Files

f422833adc4081654f1f8359d19d1f5c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a3ba50b62fd2f5f67901fef0a06975d5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

be:04:a8:de:d9:ce:93:e9
Certificate

Issuer

CN=Shylock

Not Before

07/10/2011, 14:55

Not After

06/10/2012, 14:55

Subject

CN=Shylock

06:2d:b1:1c:8e:d8:bb:7c:f2:a8:30:ca:50:d5:c4:1b:88:fd:ad:dd
Signer

Actual PE Digest

06:2d:b1:1c:8e:d8:bb:7c:f2:a8:30:ca:50:d5:c4:1b:88:fd:ad:dd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStartupInfoA
GetCurrentThread
CreateMutexA
FindFirstFileW
GetUserDefaultLCID
GetACP
SetLastError
GetTickCount
GetCurrentProcess
DeleteFileW
TerminateProcess
GetLocalTime
GetLastError
LoadLibraryA
GetSystemTimeAsFileTime
GetProcAddress
VirtualProtectEx
VirtualProtect
VirtualFree
VirtualAlloc
VirtualAllocEx
WaitForSingleObject
SystemTimeToFileTime
GetSystemTime
GetModuleHandleA
WaitForMultipleObjects
UnhandledExceptionFilter
UnmapViewOfFile
SetEndOfFile
LocalReAlloc
WriteFile
lstrcpynW
GetFileAttributesW
MapViewOfFile
MultiByteToWideChar
GetUserDefaultUILanguage
FormatMessageW
WideCharToMultiByte
LocalSize
MulDiv
lstrcmpW
lstrcatW
FindClose
GetCommandLineW
lstrcmpiW
CreateFileW
FoldStringW
LocalLock
CompareStringW
LocalUnlock
lstrlenW
LocalAlloc
LocalFree
GetLocaleInfoW
GlobalFree
SetUnhandledExceptionFilter
CreateFileMappingW
GetFileInformationByHandle
GlobalUnlock
GlobalLock
GetTimeFormatW
GetDateFormatW
QueryPerformanceCounter
GetCurrentProcessId
CloseHandle
ReadFile
lstrcpyW
GetCurrentThreadId

user32

CheckMenuItem
SetDlgItemTextW
SendMessageW
InvalidateRect
LoadIconW
LoadCursorW
GetSysColorBrush
RegisterClassExW
CharNextW
SetCursor
SetFocus
SetWindowTextW
CheckRadioButton
GetSubMenu
MessageBeep
EndDialog
DialogBoxParamW
GetSysColor
CloseClipboard
CharNextA
GetClipboardData
OpenClipboard
GetDesktopWindow
TrackPopupMenuEx
EnableMenuItem
IsClipboardFormatAvailable
DefWindowProcW
ChildWindowFromPoint
ScreenToClient
GetDlgCtrlID
WinHelpW
DrawTextW
CallWindowProcW
HideCaret
CheckDlgButton
GetWindowTextW
SetDlgItemInt
GetMenu
SetWindowPos
OffsetRect
MapWindowPoints
GetClientRect
EnableWindow
LoadMenuW
SetWindowLongW
GetWindowLongW
CreateDialogParamW
GetDlgItem
DestroyMenu
DestroyWindow
SetMenu
GetWindowRect
SystemParametersInfoW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
IsChild
IsDialogMessageW
GetMessageW
LoadAcceleratorsW
CreateWindowExW
MessageBoxW
LoadStringW
SetProcessDefaultLayout
GetProcessDefaultLayout
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
MessageBoxA
ShowWindow
UpdateWindow
DefWindowProcA
CloseWindow
PostQuitMessage
CheckMenuRadioItem

gdi32

SetBkMode
EnumFontsW
StartDocW
TextOutW
GetTextFaceW
SetAbortProc
CreateDCW
GetStockObject
StartPage
DeleteDC
EndDoc
AbortDoc
EndPage
SetTextColor
SetBkColor
GetObjectW
GetDeviceCaps
CreateFontIndirectW
DeleteObject
GetTextMetricsW
SetWindowExtEx
SetViewportExtEx
LPtoDP
SetMapMode
GetTextExtentPoint32W
SelectObject

advapi32

RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegDeleteValueW

Sections

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3ba50b62fd2f5f67901fef0a06975d5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

be:04:a8:de:d9:ce:93:e9Certificate

06:2d:b1:1c:8e:d8:bb:7c:f2:a8:30:ca:50:d5:c4:1b:88:fd:ad:ddSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 2.0MB

.text Size: 82KB - Virtual size: 82KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

be:04:a8:de:d9:ce:93:e9
Certificate

06:2d:b1:1c:8e:d8:bb:7c:f2:a8:30:ca:50:d5:c4:1b:88:fd:ad:dd
Signer

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 2.0MB

.text
Size: 82KB - Virtual size: 82KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB