179bbb7a38b687dc1b18991a25b26a3d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

179bbb7a38b687dc1b18991a25b26a3d_JaffaCakes118
Size

7.7MB
MD5

179bbb7a38b687dc1b18991a25b26a3d
SHA1

8a0b4e461e33a68b1baf13b6eb3d726901e77470
SHA256

db4a628f6def087c8c2fa2486881e0cd73b99f33839db5e7de9a545030ab9c35
SHA512

0455170ee4399538b42a52059213d6fd10462007bd4e2bc3d034b6ab177aeb7e7e0fb8172083ab28ab5954761bd16b5fa4a624ee140b438e2e54db0b1f1a8271
SSDEEP

98304:Eq7CdqdcsAKd9dvS4ITTr+JW95WvLq+9pRTyAl:NX5S4IDYjLR+k

Score

1^/10

Malware Config

Signatures

Files

179bbb7a38b687dc1b18991a25b26a3d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

510c51e63f96152f1c09e8c0a857695d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f3:46:a0:a8:7b:ef:37:56:95:54:5a:37:d6:61:91:e6:34:90:fc:c1
Signer

Actual PE Digest

f3:46:a0:a8:7b:ef:37:56:95:54:5a:37:d6:61:91:e6:34:90:fc:c1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
CreateThread
ResumeThread
SuspendThread
ReleaseMutex
WaitForSingleObject
Sleep
GetModuleFileNameA
GetCommandLineA
MapViewOfFile
CreateFileMappingA
GetCurrentProcessId
LoadLibraryA
GetModuleHandleA
GetProcAddress
GetModuleHandleW
MultiByteToWideChar
GetModuleFileNameW
VirtualAlloc
GetVersionExA
VirtualFree
GetCurrentProcess
UnmapViewOfFile
GetFileSize
GetLastError
CreateFileA
GetSystemDirectoryA
IsBadReadPtr
GetExitCodeThread
OpenThread
DeleteTimerQueueTimer
InterlockedExchange
WideCharToMultiByte
CreateTimerQueueTimer
InterlockedExchangeAdd
Module32Next
Module32First
CreateToolhelp32Snapshot
Process32Next
OpenProcess
Process32First
Thread32Next
Thread32First
GetSystemInfo
CreateMutexW
OpenMutexW
CreateFileMappingW
OpenFileMappingW
ReadFile
GetEnvironmentVariableA
GetVolumeInformationA
SystemTimeToFileTime
SetLastError
GetComputerNameW
lstrcmpW
InterlockedDecrement
OutputDebugStringA
CloseHandle
TerminateThread
CreateMutexA
CreateEventA
SetEvent
GetTickCount
EnterCriticalSection
LocalFree
lstrlenA
FreeLibrary
GetWindowsDirectoryA
GetTempPathA
FindFirstFileA
FindClose
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThreadId
InitializeCriticalSection
ExitProcess
IsBadWritePtr
SetThreadPriority
SearchPathA
SetFilePointer
GetDiskFreeSpaceExA
GlobalMemoryStatusEx
GetProcessTimes
WriteFile
QueryDosDeviceA
GetLogicalDriveStringsA
DeviceIoControl

ws2_32

select
connect
ioctlsocket
__WSAFDIsSet
socket
closesocket
shutdown
recv
send
getsockname
sendto
htons
WSAGetLastError
ntohs
ntohl
setsockopt
WSAStartup
gethostname
gethostbyname
inet_ntoa
inet_addr
WSACleanup
htonl

winmm

timeGetTime

shlwapi

PathAddBackslashA
PathAppendA
PathIsRelativeA
PathRemoveFileSpecA
PathCombineA

psapi

GetProcessMemoryInfo

shell32

SHGetSpecialFolderPathA

msvcp60

?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ifstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

msvcrt

_wcsicmp
wcslen
wcsrchr
localtime
fclose
fread
fopen
sprintf
ftell
fseek
rand
_snwprintf
islower
isdigit
isxdigit
strpbrk
strspn
isspace
strtol
mktime
malloc
free
_mbsnbicmp
wcsncpy
wcscmp
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_CxxThrowException
strncat
strstr
fgets
strncmp
strlen
memcmp
memcpy
memset
_mbsstr
_mbsrchr
_assert
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_mbschr
wcsstr
_strnicmp
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
_snprintf
strrchr
strtok
atol
_except_handler3
time
strncpy
_vsnprintf
_mbslwr
_mbsnbcat
_mbsnbcpy
memmove
_purecall
__CxxFrameHandler
??2@YAPAXI@Z
_stricmp
_memicmp
_strlwr
strchr
strtod
atof
toupper
mbstowcs
setlocale
wcstombs
tolower
_pctype
_isctype
__mb_cur_max
fprintf
vfprintf
srand

user32

TranslateMessage
DispatchMessageA
IsWindow
SendMessageA
PeekMessageA
CreateWindowExA
SetTimer
KillTimer
EnumDisplayDevicesA
DestroyWindow

advapi32

AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
CloseEventLog
ReadEventLogW
GetOldestEventLogRecord
OpenEventLogW
LookupPrivilegeValueA

ole32

CoInitializeEx
CoCreateGuid
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitializeSecurity

oleaut32

SetErrorInfo
GetErrorInfo
CreateErrorInfo
VariantChangeType
SysFreeString
SysAllocString
VariantClear
VariantInit

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

netapi32

Netbios

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces

Exports

Exports

CreateObj
DllEntry
DllEntry1
DllEntry2
DllEntry3
DllEntry4
DllEntry5
DllEntry6
DllEntry7
DllEntry8

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tvm0
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

510c51e63f96152f1c09e8c0a857695d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

f3:46:a0:a8:7b:ef:37:56:95:54:5a:37:d6:61:91:e6:34:90:fc:c1Signer

Headers

File Characteristics

Imports

kernel32

ws2_32

winmm

shlwapi

psapi

shell32

msvcp60

msvcrt

user32

advapi32

ole32

oleaut32

version

netapi32

setupapi

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 88KB - Virtual size: 107KB

.rsrc Size: 4KB - Virtual size: 968B

.tvm0 Size: 6.3MB - Virtual size: 6.3MB

.reloc Size: 40KB - Virtual size: 40KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

f3:46:a0:a8:7b:ef:37:56:95:54:5a:37:d6:61:91:e6:34:90:fc:c1
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 88KB - Virtual size: 107KB

.rsrc
Size: 4KB - Virtual size: 968B

.tvm0
Size: 6.3MB - Virtual size: 6.3MB

.reloc
Size: 40KB - Virtual size: 40KB