f5c1a6b498af5867ffa7669154388d1e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f5c1a6b498af5867ffa7669154388d1e_JaffaCakes118
Size

24KB
MD5

f5c1a6b498af5867ffa7669154388d1e
SHA1

8f42e159193c7af9cca08b24566d7a932dd8b15e
SHA256

91e527820402908e130257f452ddb9fce1e8648874f90b622028ef8f8d94dc7c
SHA512

e918a6911384a4de478108a8beb0c6778bd40243a62a5ba410aa2ae46e327c3fc74eac649068dfb16ed5abd298e08283099aa682cbbb55e5d59bec09bcf5147e
SSDEEP

768:GOIZvgaeMkmTuzJPXoA3Bz9IpwKRNOocAhm:ZVfMvGJAkxepwKRNO/Ah

Score

1^/10

Malware Config

Signatures

Files

f5c1a6b498af5867ffa7669154388d1e_JaffaCakes118
.dll windows:6 windows x86 arch:x86

03e8c1116764c0cce949b5d94d3762b1

Code Sign

73:11:e9:33:08:dd:a8:cd:16:ff:98:5a:1e:b9:1c:b5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

19/10/2015, 00:00

Not After

18/10/2018, 23:59

Subject

CN=Dassault Systemes SE,O=Dassault Systemes SE,L=Vélizy-Villacoublay Cedex,ST=Yvelines,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c3:91:02:8c:79:3b:10:fa:16:79:d7:9a:d8:59:a4:db:c4:6a:db:25:85:15:47:8f:36:47:8a:cd:08:13:2d:7d
Signer

Actual PE Digest

c3:91:02:8c:79:3b:10:fa:16:79:d7:9a:d8:59:a4:db:c4:6a:db:25:85:15:47:8f:36:47:8a:cd:08:13:2d:7d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\R419\BSF\intel_a\code\bin\RemoteSet.pdb

Imports

js0group

??1CATBaseUnknown_var@@QAE@XZ
?Locate@CATHashDico@@QBEPAXABVCATUnicodeString@@@Z
??ACATHashDico@@QBEPAXABVCATHashCodeIter@@@Z
?RemoveAll@CATHashDico@@QAEXXZ
??0CATHashCodeIter@@QAE@ABVCATHashDico@@@Z
??1CATHashCodeIter@@QAE@XZ
??ECATHashCodeIter@@QAEPAXH@Z
?Beginning@CATHashCodeIter@@QAEXXZ
??0CATListValCATUnicodeString@@QAE@XZ
?Append@CATListValCATUnicodeString@@QAEXABVCATUnicodeString@@@Z
?CATFatalError@@YAXPBD0000H@Z
CATGetEnv
?CATGetFunctionAddress@@YA?AULibraryHandler@@PBD00HHH@Z
?Insert@CATHashDico@@QAEHABVCATUnicodeString@@PAX@Z
??1CATHashDico@@QAE@XZ
??0CATHashDico@@QAE@H@Z
??1CATCollecRoot@@QAE@XZ
?ThrowErrorNullVar@CATBaseUnknown_var@@QBEXXZ
??9CATBaseUnknown_var@@QBGHPAVCATBaseUnknown@@@Z
??8CATBaseUnknown_var@@QBGHPAVCATBaseUnknown@@@Z

catsysts

??BCATString@@QBEPBDXZ
??4CATString@@QAEAAV0@PBD@Z
??1CATString@@QAE@XZ
??0CATString@@QAE@QBD@Z
??0CATString@@QAE@XZ
??9CATUnicodeString@@QBEHPBD@Z
??8CATUnicodeString@@QBEHPBD@Z
?GetLengthInChar@CATUnicodeString@@QBEHXZ
?ConvertToUCChar@CATUnicodeString@@QBEPBGXZ
??BCATUnicodeString@@QBEPBDXZ
?ConvertToChar@CATUnicodeString@@QBEPBDXZ
??4CATUnicodeString@@QAEAAV0@ABV0@@Z
??4CATUnicodeString@@QAEAAV0@PBD@Z
??0CATSysTSUnicodeString@@QAE@XZ
??0CATSysTSUnicodeString@@QAE@PBD@Z
??0CATSysTSUnicodeString@@QAE@PBGH@Z
??1CATSysTSUnicodeString@@QAE@XZ
??4CATSysTSUnicodeString@@QAEAAV0@PBD@Z
??8CATSysTSUnicodeString@@QBEEABV0@@Z
?ConvertToChar@CATSysTSUnicodeString@@QBEPBDXZ
??0CATSysTSListOfUnicodeString@@QAE@XZ
??1CATSysTSListOfUnicodeString@@UAE@XZ
?GetLength@CATSysTSListOfUnicodeString@@QBEHXZ
?Get@CATSysTSListOfUnicodeString@@QBEJHAAVCATSysTSUnicodeString@@@Z
??0CATUnicodeString@@QAE@XZ
??0CATUnicodeString@@QAE@QBD@Z
??1CATUnicodeString@@QAE@XZ

guidplmposmodelerinterfaces

?GetSettingsName@PLMPosSettingsStreamsInfo@@QAEJAAVCATSysTSUnicodeString@@@Z
??_7CATHashDicPLMPosSettingsStreamsInfo@@6B@
?__CastTo@PLMIPosProjectResourceManager_var@@AAGXPAUIUnknown@@@Z
??ACATListValPLMIPosResourceNode_var@@QAEAAVPLMIPosResourceNode_var@@H@Z
?Size@CATListValPLMIPosResourceNode_var@@QBEHXZ
??1CATListValPLMIPosResourceNode_var@@QAE@XZ
??0CATListValPLMIPosResourceNode_var@@QAE@XZ
?__CastTo@PLMIPosResourceNode_var@@AAGXPAUIUnknown@@@Z
?GetPosAccessService@@YAJAAVPLMIPosAccessServices_var@@@Z
?__CastTo@PLMIPosAccessServices_var@@AAGXPAUIUnknown@@@Z
?__CastTo@PLMIPosSettingsManager_var@@AAGXPAUIUnknown@@@Z
?GetSettingsStreams@PLMPosSettingsStreamsInfo@@QAEJAAPAVPLMPosListOfSettingsStreams@@@Z
?GetSettingsType@PLMPosSettingsStreamsInfo@@QAEJAAVCATSysTSUnicodeString@@@Z
??1PLMPosSettingsStreamsInfo@@QAE@XZ
?__CastTo@PLMIPosUserSettingsEnvironment_var@@AAGXPAUIUnknown@@@Z
??0PLMPosListOfSettingsStreams@@QAE@XZ
??1PLMPosListOfSettingsStreams@@QAE@XZ
?Get@PLMPosListOfSettingsStreams@@QAEJHAAVCATSysTSUnicodeString@@@Z
?Size@PLMPosListOfSettingsStreams@@QAEJAAH@Z

catobjectmodelerbase

??1CATOmbLifeCycleRootsBag@@QAE@XZ
?RemoveAll@CATOmbLifeCycleRootsBag@@QAEJXZ
?InsertRoot@CATOmbLifeCycleRootsBag@@QAEJPAUIUnknown@@@Z
??0CATOmbLifeCycleRootsBag@@QAE@XZ

catplmintegrationaccess

?GetSecurityParameters@CATAdpSecurityServices@@SAJPBDAAVCATString@@111@Z

plmpsisessioninterfaces

?GetCurrentEnvironment@PLMPSISessionHelpers@@QAEJAAPAVCATIAdpEnvironment@@@Z
?SetCurrentEnvironment@PLMPSISessionHelpers@@QAEJABVCATString@@@Z
?GetSessionHelpers@PLMPSISessionHelpers@@SAJAAPAV1@@Z

msvcr110

_calloc_crt
__dllonexit
_onexit
__CppXcptFilter
_amsg_exit
_unlock
_malloc_crt
_initterm
_initterm_e
_except_handler4_common
__clean_type_info_names_internal
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_lock
strncmp
??3@YAXPAX@Z
_callnewh
malloc
free

kernel32

IsProcessorFeaturePresent
IsDebuggerPresent
DisableThreadLibraryCalls
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
DecodePointer
EncodePointer
GetSystemTimeAsFileTime

Exports

Exports

CleanBags
CloseEnv
DASSAULT_SYSTEMES_CAA2_INTERNAL_RemoteSet
DeleteAllSettingsStreams
ExpandChildren
GetAllSettingsStreams
GetParentUserSettingsEnvironmentNames
GetRootResourceNodes
GetSessionInfo
GetSettingsStreams
InitSettingsEnvironment
SaveSettingsStreams
SetSettingsStreams

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03e8c1116764c0cce949b5d94d3762b1

Code Sign

73:11:e9:33:08:dd:a8:cd:16:ff:98:5a:1e:b9:1c:b5Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13Certificate

Extended Key Usages

Key Usages

c3:91:02:8c:79:3b:10:fa:16:79:d7:9a:d8:59:a4:db:c4:6a:db:25:85:15:47:8f:36:47:8a:cd:08:13:2d:7dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

js0group

catsysts

guidplmposmodelerinterfaces

catobjectmodelerbase

catplmintegrationaccess

plmpsisessioninterfaces

msvcr110

kernel32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 884B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

73:11:e9:33:08:dd:a8:cd:16:ff:98:5a:1e:b9:1c:b5
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

c3:91:02:8c:79:3b:10:fa:16:79:d7:9a:d8:59:a4:db:c4:6a:db:25:85:15:47:8f:36:47:8a:cd:08:13:2d:7d
Signer

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 884B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB