f80c1e7bee26a6688b2e8d36e23b35d6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f80c1e7bee26a6688b2e8d36e23b35d6_JaffaCakes118
Size

755KB
MD5

f80c1e7bee26a6688b2e8d36e23b35d6
SHA1

eefb241edb534614004d6fa41f2ebfabe9aafb39
SHA256

b6bb73e018c4846cddf68d616dde8db3cc61854b4fd355f7139c18a2921e05c5
SHA512

af73bfca4c4211529654f43d3ba65218bfdc1de278a6e78b4e35dd3e19157fe0a828a436b515a551fd5200aef633bb370a742793898851f0ad8790628dcc96cd
SSDEEP

12288:OWwkiBcno9a/Cc+U2zyHBhbOZnYVLzVOzIAiuocfC4dyTzvd0XzQI:tVAzcL22HBhbOZuLzVOJrocfbUTzvdyx

Score

1^/10

Malware Config

Signatures

Files

f80c1e7bee26a6688b2e8d36e23b35d6_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

d8e09359344a84481cece4093ba2528b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:fc:26:3a:35:11:34:19:4c:f1:6e:1e:6d:0e:08:06
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/01/2011, 00:00

Not After

14/03/2014, 23:59

Subject

CN=OpenCandy Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=OpenCandy Inc.,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:30:7e:08:33:cb:56:c9:0b:c9:96:7e:c3:36:c5:ef:2b:85:f8:25
Signer

Actual PE Digest

44:30:7e:08:33:cb:56:c9:0b:c9:96:7e:c3:36:c5:ef:2b:85:f8:25

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
GetFileSize
GetCurrentProcessId
GetEnvironmentVariableW
FindFirstFileW
FindNextFileW
FindClose
ReadFile
GetTimeZoneInformation
GetCurrentProcess
WaitForSingleObject
OutputDebugStringW
WriteFile
DeleteFileW
GetCurrentThreadId
SetLastError
FlushInstructionCache
ExpandEnvironmentStringsW
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
OpenFileMappingW
CreateMutexW
OpenMutexW
ReleaseMutex
CreateDirectoryW
GetShortPathNameW
GetTempPathW
SetFilePointer
GetTickCount
CreateEventW
SetEvent
CreateProcessW
MoveFileExW
LoadLibraryExW
GlobalUnlock
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetFileAttributesA
CreateProcessA
GetExitCodeProcess
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetFullPathNameW
SetEndOfFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GlobalLock
GlobalAlloc
GetCurrentDirectoryA
CreateFileA
PeekNamedPipe
GetFileInformationByHandle
Process32NextW
FlushFileBuffers
GetModuleHandleA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileAttributesW
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
LCMapStringA
ExitProcess
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapCreate
RtlUnwind
GetDriveTypeW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
GetConsoleMode
GetConsoleCP
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
GetCommandLineA
ExitThread
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
HeapFree
HeapAlloc
GetProcessHeap
FindResourceA
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
GetFileAttributesExW
CompareFileTime
FileTimeToSystemTime
GetVersion
GetSystemInfo
GetVersionExW
GetTempFileNameW
GlobalFree
ReleaseSemaphore
ResumeThread
InitializeCriticalSectionAndSpinCount
CreateSemaphoreW
GetSystemDefaultLCID
FormatMessageA
ExpandEnvironmentStringsA
SleepEx
SetErrorMode
lstrlenA
Process32FirstW
CreateToolhelp32Snapshot
CloseHandle
OpenProcess
GetUserDefaultUILanguage
GetLocaleInfoW
FreeLibrary
WideCharToMultiByte
DeleteCriticalSection
lstrcmpiW
EnterCriticalSection
GetProcAddress
GetThreadLocale
GetLastError
SetThreadLocale
RaiseException
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleW
InterlockedDecrement
GetEnvironmentStrings
InterlockedIncrement
LoadLibraryW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
Sleep
GetFullPathNameA
CreateThread

psapi

EnumProcesses
GetProcessImageFileNameW

ws2_32

WSACleanup
WSAStartup
closesocket
WSAGetLastError
socket
gethostname
ioctlsocket
getaddrinfo
freeaddrinfo
select
__WSAFDIsSet
WSASetLastError
connect
setsockopt
getpeername
getsockopt
htons
bind
ntohs
getsockname
send
recv

msimg32

AlphaBlend

shlwapi

PathMatchSpecW

user32

IsWindow
DestroyWindow
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
DrawFocusRect
ReleaseCapture
TrackPopupMenu
GetCursorPos
PostMessageW
PostQuitMessage
KillTimer
SetTimer
UnregisterClassA
BeginPaint
DestroyMenu
NotifyWinEvent
FindWindowW
GetParent
GetAncestor
SetFocus
CreateDialogParamW
LoadImageW
GetSystemMetrics
CallNextHookEx
UnhookWindowsHookEx
SystemParametersInfoW
SetWindowsHookExW
DrawTextW
ScreenToClient
SetMenuItemInfoW
IsWindowVisible
SetForegroundWindow
SetCursor
ClientToScreen
GetWindowRect
SendDlgItemMessageW
EnableMenuItem
GetSystemMenu
EnableWindow
SetDlgItemTextW
MessageBoxW
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
GetDesktopWindow
CharNextW
FillRect
InvalidateRect
GetAsyncKeyState
EndPaint
GetCursor
GetForegroundWindow
ReleaseDC
GetDC
GetSysColorBrush
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
GetWindowThreadProcessId
SetWindowPos
MoveWindow
GetClientRect
SetWindowTextW
SendMessageW
LoadIconW
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
GetDlgItem
ShowWindow
EnumWindows
EnumChildWindows
GetWindowTextW
GetWindowTextLengthW

gdi32

CreateSolidBrush
SetViewportOrgEx
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetTextExtentPoint32W
SelectObject
CreateDIBSection
SetBkMode
SetTextColor
CreateFontIndirectW
GetObjectW
DeleteObject
DeleteDC
GetDeviceCaps
GetStockObject
GdiFlush

advapi32

RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
OpenProcessToken
GetTokenInformation
RegDeleteValueA
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumKeyExW
DuplicateTokenEx
GetUserNameW
RegEnumKeyW

shell32

Shell_NotifyIconW
SHGetFolderPathW
ShellExecuteW

ole32

CoUninitialize
CLSIDFromProgID
CoInitialize
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
CoTaskMemRealloc
CoCreateInstance
CoInitializeEx
CoCreateGuid

oleaut32

VariantClear
LoadRegTypeLi
VariantChangeType
SysAllocStringLen
VariantInit
SysFreeString
RegisterTypeLi
VarUI4FromStr
UnRegisterTypeLi
LoadTypeLi
SysStringLen
SysAllocString

comctl32

InitCommonControlsEx

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

urlmon

URLDownloadToFileW

wininet

InternetQueryOptionW
InternetGetConnectedStateExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
OCPRD504CanLeaveOfferPage
OCPRD504CleanupProduct
OCPRD504Detach
OCPRD504FindGuidAndRunDialog
OCPRD504FindGuidAndRunDialogA
OCPRD504GetAsyncOfferStatus
OCPRD504GetBannerInfo
OCPRD504GetBannerInfoW
OCPRD504GetMsg
OCPRD504GetNoCandy
OCPRD504GetOfferState
OCPRD504GetOfferType
OCPRD504Init2A
OCPRD504Init2W
OCPRD504InnoAdjust
OCPRD504InnoRestore
OCPRD504InstallShieldAdjust
OCPRD504LoadOpenCandyDLL
OCPRD504LogDevModeMessage
OCPRD504LogDevModeMessageW
OCPRD504NSISAdjust
OCPRD504PreInit
OCPRD504PrepareDownload
OCPRD504RunDialog
OCPRD504SetClientAdvancedOptions
OCPRD504SetClientAdvancedOptionsW
OCPRD504SetCmdLineValues
OCPRD504SetCmdLineValuesW
OCPRD504SetCustomBrushColor
OCPRD504SetCustomBrushColorW
OCPRD504SetNoCandy
OCPRD504SetOCOfferEnabled
OCPRD504SetOfferData
OCPRD504SetOfferLocation
OCPRD504SetUseDefaultColorBkGrnd
OCPRD504Shutdown
OCPRD504SignalProductFailed
OCPRD504SignalProductInstalled
OCPRD504StartDLMgr2Download
OCPRD504StartDLMgr2DownloadRunasAdmin
_OCPRD504DLMgr2Check@16
_OCPRD504Display@16
_OCPRD504DownloadMgr2RecycleOffer@12
_OCPRD504MgrCheck@16
_OCPRD504MgrExec@16
_OCPRD504RestartDll@16
_OCPRD504RestartDllAsAdmin@16
_OCPRD504RunOpenCandyDLL@16

Sections

.text
Size: 510KB - Virtual size: 509KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8e09359344a84481cece4093ba2528b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

6f:fc:26:3a:35:11:34:19:4c:f1:6e:1e:6d:0e:08:06Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

44:30:7e:08:33:cb:56:c9:0b:c9:96:7e:c3:36:c5:ef:2b:85:f8:25Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

psapi

ws2_32

msimg32

shlwapi

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

version

urlmon

wininet

Exports

Exports

Sections

.text Size: 510KB - Virtual size: 509KB

.rdata Size: 160KB - Virtual size: 160KB

.data Size: 9KB - Virtual size: 19KB

.rsrc Size: 38KB - Virtual size: 38KB

.reloc Size: 31KB - Virtual size: 30KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

6f:fc:26:3a:35:11:34:19:4c:f1:6e:1e:6d:0e:08:06
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

44:30:7e:08:33:cb:56:c9:0b:c9:96:7e:c3:36:c5:ef:2b:85:f8:25
Signer

.text
Size: 510KB - Virtual size: 509KB

.rdata
Size: 160KB - Virtual size: 160KB

.data
Size: 9KB - Virtual size: 19KB

.rsrc
Size: 38KB - Virtual size: 38KB

.reloc
Size: 31KB - Virtual size: 30KB