011fc6d1f247d66d9ae16d95fc4b657f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

011fc6d1f247d66d9ae16d95fc4b657f_JaffaCakes118
Size

446KB
MD5

011fc6d1f247d66d9ae16d95fc4b657f
SHA1

bacf15075aa8d3319a6823b0cdcd412a241e51b7
SHA256

15a0f9f0633b06a7014632f04ab332dc29efa12d28ad4eb07cbff71ec09742ea
SHA512

d9ce17f333a86741eafb27c95795fcaac8fa38ceec292e836e015703ed5a432f64e397d5e9088fdb688231f253a853d9c62d77d336780d159d340a7c71ca3993
SSDEEP

6144:53FRWcasFI0FUgE3K+C7t9AFq8yL9z7AMcIIGJJDPm4Gf+8YtB74H2y0SD:jSsF2FhCJ9b8U9/SGJJDPAAtBkWyPD

Score

1^/10

Malware Config

Signatures

Files

011fc6d1f247d66d9ae16d95fc4b657f_JaffaCakes118
.dll windows:6 windows x86 arch:x86

6cd56e141455c142cb5bb6dccfd4792a

Code Sign

3d:56:ba:23:44:98:c1:5c:23:83:f5:f9:9e:6d:e0:73
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

01/06/2015, 00:00

Not After

31/05/2016, 23:59

Subject

CN=MOSCOW COMPANY,O=MOSCOW COMPANY,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:0a:52:d2:3f:02:4d:a2:de:9d:90:0b:76:a1:7f:0d:6b:d1:b3:4c
Signer

Actual PE Digest

71:0a:52:d2:3f:02:4d:a2:de:9d:90:0b:76:a1:7f:0d:6b:d1:b3:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

nssutil3

NSS_Get_SEC_SkipTemplate
SECITEM_Hash
SECITEM_HashCompare
NSS_Get_SEC_IA5StringTemplate_Util
SECOID_KnownCertExtenOID
PORT_UCS4_UTF8Conversion
NSS_Get_SEC_BMPStringTemplate_Util
NSS_Get_SEC_UTF8StringTemplate_Util
NSS_Get_SEC_UniversalStringTemplate
NSS_Get_SEC_PrintableStringTemplate
NSS_Get_SEC_T61StringTemplate
NSS_Get_SEC_SetOfAnyTemplate_Util
SEC_QuickDERDecodeItem_Util
SEC_ASN1DecodeItem_Util
DER_EncodeTimeChoice_Util
DER_DecodeTimeChoice_Util
DER_GeneralizedDayToAscii_Util
DER_UTCDayToAscii_Util
NSSUTIL_MkNSSString
NSSUTIL_ArgParseCipherFlags
NSSUTIL_MkModuleSpec
NSSUTIL_ArgParseModuleSpecEx
NSSUTIL_MkSlotString
NSSUTIL_ArgParseSlotInfo
NSSUTIL_DoubleEscapeSize
NSSUTIL_Escape
NSSUTIL_EscapeSize
NSSUTIL_ArgReadLong
NSSUTIL_ArgHasFlag
NSSUTIL_ArgIsBlank
NSSUTIL_ArgDecodeNumber
NSSUTIL_ArgGetLabel
NSSUTIL_ArgSkipParameter
NSSUTIL_ArgGetParamValue
NSSUTIL_ArgStrip
NSSUTIL_ArgFetchValue
PORT_LoadLibraryFromOrigin
NSS_Get_SEC_ObjectIDTemplate_Util
NSS_Get_SEC_BitStringTemplate_Util
NSS_Get_SECOID_AlgorithmIDTemplate_Util
NSS_Get_SEC_PointerToGeneralizedTimeTemplate
NSS_Get_SEC_SequenceOfAnyTemplate
NSS_Get_SEC_PointerToEnumeratedTemplate
NSS_Get_SEC_PointerToAnyTemplate_Util
NSS_Get_SEC_OctetStringTemplate_Util
NSS_Get_SEC_NullTemplate_Util
NSS_Get_SEC_EnumeratedTemplate
NSS_Get_SEC_IntegerTemplate_Util
NSS_Get_SEC_GeneralizedTimeTemplate_Util
NSS_Get_SEC_AnyTemplate_Util
NSSRWLock_UnlockWrite_Util
NSSRWLock_UnlockRead_Util
NSSRWLock_LockWrite_Util
NSSRWLock_LockRead_Util
NSSRWLock_Destroy_Util
NSSRWLock_New_Util
SEC_ASN1EncodeUnsignedInteger_Util
SEC_ASN1EncodeInteger_Util
SEC_ASN1EncodeItem_Util
PORT_Alloc_Util
DER_GetInteger_Util
SECOID_FindOIDTagDescription_Util
SECOID_CompareAlgorithmID_Util
SECOID_DestroyAlgorithmID_Util
SECOID_GetAlgorithmTag_Util
SECOID_CopyAlgorithmID_Util
SECOID_SetAlgorithmID_Util
SECOID_FindOIDByTag_Util
SECOID_FindOIDTag_Util
SECOID_FindOID_Util
SECITEM_ZfreeItem_Util
SECITEM_FreeItem_Util
SECITEM_ArenaDupItem_Util
SECITEM_DupItem_Util
SECITEM_CopyItem_Util
SECITEM_ItemsAreEqual_Util
SECITEM_CompareItem_Util
SECITEM_AllocItem_Util
PORT_UCS2_UTF8Conversion_Util
PORT_ArenaStrdup_Util
PORT_ArenaUnmark_Util
PORT_ArenaRelease_Util
PORT_ArenaMark_Util
PORT_ArenaGrow_Util
PORT_FreeArena_Util
PORT_ArenaZAlloc_Util
PORT_ArenaAlloc_Util
PORT_NewArena_Util
PORT_GetError_Util
PORT_ZFree_Util
NSSUTIL_DoubleEscape
NSS_InitializePRErrorTable
SECOID_Init
PORT_SetError_Util
PORT_Strdup_Util
PORT_Free_Util
PORT_ZAlloc_Util
PORT_Realloc_Util
PORT_ISO88591_UTF8Conversion

plc4

PL_strlen
PL_strncasecmp
PL_strcat
PL_strstr
PL_strnstr
PL_strcasecmp

plds4

PL_HashTableAdd
PL_NewHashTable
PL_HashTableRemove
PL_HashTableLookup
PL_CompareValues
PL_HashTableEnumerateEntries
PL_InitArenaPool
PL_FinishArenaPool
PL_ArenaAllocate
PL_ArenaRelease
PL_HashString
PL_CompareStrings
PL_HashTableDestroy

nspr4

PR_NewLock
PR_htons
PR_ErrorToString
PR_Send
PR_Shutdown
PR_Listen
PR_Bind
PR_Accept
PR_ConnectContinue
PR_DestroyRWLock
PR_Realloc
PR_Malloc
PR_NewLogModule
PR_GetThreadPrivate
PR_SetThreadPrivate
PR_NewThreadPrivateIndex
PR_Free
PR_Calloc
PR_sprintf_append
PR_GetError
PR_SetErrorText
PR_FindSymbol
PR_UnloadLibrary
PR_LoadLibrary
PR_IntervalNow
PR_GetEnv
PR_Poll
PR_ExitMonitor
PR_EnterMonitor
PR_DestroyMonitor
PR_NewMonitor
PR_EnumerateHostEnt
PR_GetHostByName
PR_snprintf
PR_Recv
PR_Connect
PR_NewTCPSocket
PR_Close
PR_SecondsToInterval
PR_Now
PR_NotifyAllCondVar
PR_NotifyCondVar
PR_WaitCondVar
PR_NewCondVar
PR_Unlock
PR_Lock
PR_DestroyLock
PR_smprintf_free
PR_smprintf
PR_CallOnce

kernel32

GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetProcessHeap
GetFileType
GetStdHandle
HeapFree
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
AreFileApisANSI
GetProcAddress
GetModuleHandleExW
ExitProcess
WideCharToMultiByte
DeleteCriticalSection
DecodePointer
EncodePointer
MultiByteToWideChar
SetLastError
GetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetCurrentThreadId
GetCommandLineA
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
IsDebuggerPresent
CompareStringW
LCMapStringW
WriteFile
GetModuleFileNameW
SetEnvironmentVariableA
HeapAlloc
RtlUnwind
LoadLibraryExW
GetFileAttributesExW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapReAlloc
OutputDebugStringW
HeapSize
SetFilePointerEx
CloseHandle
SetStdHandle
WriteConsoleW
CreateFileW

Exports

Exports

NSS_InitReadWrite
NSS_NoDB_Init
NSS_VersionCheck
PK11_CreateContextBySymKey
PK11_CreatePBEV2AlgorithmID
PK11_DestroyContext
PK11_DigestBegin
PK11_DigestFinal
PK11_DigestOp
PK11_ExtractKeyValue
PK11_FreeSlot
PK11_FreeSymKey
PK11_GetInternalKeySlot
PK11_GetInternalSlot
PK11_GetKeyData
PK11_GetTokenName
PK11_ImportSymKey
PK11_InitPin
PK11_KeyGen
PK11_NeedUserInit
PK11_PBEKeyGen
PK11_SetPasswordFunc
PORT_Strdup
SECMOD_DestroyModule
SECMOD_GetDefaultModuleListLock
SECMOD_GetReadLock
SECMOD_LoadUserModule
SECMOD_OpenUserDB
SECMOD_ReleaseReadLock
SECOID_DestroyAlgorithmID
mktemp

Sections

.text
Size: 343KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6cd56e141455c142cb5bb6dccfd4792a

Code Sign

3d:56:ba:23:44:98:c1:5c:23:83:f5:f9:9e:6d:e0:73Certificate

Extended Key Usages

Key Usages

71:0a:52:d2:3f:02:4d:a2:de:9d:90:0b:76:a1:7f:0d:6b:d1:b3:4cSigner

Headers

DLL Characteristics

File Characteristics

Imports

nssutil3

plc4

plds4

nspr4

kernel32

Exports

Exports

Sections

.text Size: 343KB - Virtual size: 343KB

.rdata Size: 77KB - Virtual size: 77KB

.data Size: 5KB - Virtual size: 15KB

.rsrc Size: 1024B - Virtual size: 784B

.reloc Size: 12KB - Virtual size: 11KB

3d:56:ba:23:44:98:c1:5c:23:83:f5:f9:9e:6d:e0:73
Certificate

71:0a:52:d2:3f:02:4d:a2:de:9d:90:0b:76:a1:7f:0d:6b:d1:b3:4c
Signer

.text
Size: 343KB - Virtual size: 343KB

.rdata
Size: 77KB - Virtual size: 77KB

.data
Size: 5KB - Virtual size: 15KB

.rsrc
Size: 1024B - Virtual size: 784B

.reloc
Size: 12KB - Virtual size: 11KB