23e62508400d0e179382b02b9d681023_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

23e62508400d0e179382b02b9d681023_JaffaCakes118
Size

7.5MB
MD5

23e62508400d0e179382b02b9d681023
SHA1

f70ed8c9be7e11086fb7e705c0396f9fb2dec9a7
SHA256

0fc70a4e54ed28d1a6256978b44140c822c1af37a90b3b18cf27ab30f63de9c8
SHA512

752abf59a88650f41c4ba5eb04247b4412c7312617b7e2b147339df76e7e675666757853292bb891b867ee783150b3bf0df68f71b19a983a4c3671b0ada2dccb
SSDEEP

12288:uH2VmmTulq1pPa0IEh5uhWtZntBtHzI6CGHPXGurQ+Xzf4Js1vWlVBD:uwnulqzCi5uhWtZnvtHU6Tv/rTBvWHBD

Score

1^/10

Malware Config

Signatures

Files

23e62508400d0e179382b02b9d681023_JaffaCakes118
.dll windows:6 windows x86 arch:x86

1e456c63a7695241b0faff1eec27f24b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:d1:d8:28:6b:82:39:33:99:c8:53:e4:4f:f8:aa:38:54
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

17/04/2015, 14:05

Not After

17/04/2016, 14:05

Subject

CN=WinZip Computing LLC,OU=IT,O=WinZip Computing LLC,L=Storrs Mansfield,ST=CT,C=US,1.2.840.113549.1.9.1=#0c0f68656c704077696e7a69702e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

76:73:ff:a3:7c:3f:0e:a1:b5:b0:e2:b2:72:d1:72:26:4e:69:ee:23
Signer

Actual PE Digest

76:73:ff:a3:7c:3f:0e:a1:b5:b0:e2:b2:72:d1:72:26:4e:69:ee:23

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WzWXFwmrk32.pdb

Imports

comdlg32

ChooseFontW

comctl32

ImageList_GetIcon
ImageList_Destroy
ImageList_Create
_TrackMouseEvent
ord412
ord413
ord410

kernel32

IsDebuggerPresent
SetLastError
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LCMapStringW
GetLocaleInfoW
WriteFile
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
OutputDebugStringW
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW
ReadFile
ReadConsoleW
ReleaseActCtx
GetProcessHeap
LocalFree
FormatMessageW
IsBadReadPtr
IsBadWritePtr
FreeResource
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
FindResourceW
lstrcmpiW
DecodePointer
FormatMessageA
RaiseException
ResetEvent
OpenEventA
SearchPathW
MapViewOfFile
UnmapViewOfFile
GetSystemDefaultUILanguage
FindResourceExW
GetVersionExW
CreateFileMappingW
GetLastError
InitializeCriticalSectionAndSpinCount
HeapSize
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
GetModuleHandleExW
ExitProcess
HeapAlloc
IsProcessorFeaturePresent
GetCurrentThreadId
GetCommandLineA
RtlUnwind
HeapFree
EncodePointer
SetThreadUILanguage
GetUserDefaultUILanguage
VerifyVersionInfoW
LoadLibraryExW
FreeLibrary
VerSetConditionMask
lstrcpyW
MulDiv
WaitForSingleObjectEx
DeactivateActCtx
ActivateActCtx
DeleteCriticalSection
CreateEventA
CloseHandle
SetEvent
OpenEventW
GetModuleFileNameW
CreateActCtxW

user32

SetPropW
DrawFocusRect
DefWindowProcW
RegisterClassExW
GetClassInfoExW
AnimateWindow
SetParent
LoadCursorW
SetScrollInfo
GetScrollInfo
GetClassLongW
SetClassLongW
GetComboBoxInfo
DrawTextExW
DestroyIcon
DrawIconEx
GetWindowDC
GetFocus
GetMonitorInfoW
MonitorFromRect
MonitorFromPoint
SystemParametersInfoW
GetDesktopWindow
PtInRect
IsRectEmpty
SetRectEmpty
IsIconic
GetPropW
MapDialogRect
InflateRect
FrameRect
FillRect
GetClientRect
CharNextW
UpdateWindow
KillTimer
TranslateMessage
DispatchMessageW
PeekMessageW
SendMessageW
PostMessageW
WaitMessage
DestroyWindow
EndPaint
BeginPaint
IsWindowEnabled
SetCapture
IsDlgButtonChecked
TrackMouseEvent
DialogBoxIndirectParamW
DialogBoxParamW
CreateDialogIndirectParamW
GetWindow
GetClassNameW
GetParent
SetWindowLongW
GetWindowLongW
GetSysColor
InvalidateRect
DrawTextW
EndDialog
CreateDialogParamW
SetWindowPos
IsWindow
CreateWindowExW
LoadStringW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SetTimer
GetKeyState
IsDialogMessageW
LoadImageW
EnumChildWindows
ScreenToClient
GetCursorPos
MessageBoxW
GetWindowRect
ReleaseDC
GetDC
GetSystemMetrics
EnableWindow
ReleaseCapture
SetFocus
GetDlgCtrlID
SendDlgItemMessageW
CheckRadioButton
GetDlgItem
IsWindowVisible
MoveWindow
ShowWindow
CheckDlgButton

advapi32

RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyW
RegQueryValueExW
RegSetValueExW
RegEnumValueW
RegOpenKeyExW

ole32

OleRun
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoInitialize

oleaut32

SysAllocStringByteLen
VarUI4FromStr
SysStringByteLen
SysFreeString
GetErrorInfo
SysAllocString

gdi32

GetDeviceCaps
DeleteObject
GetStockObject
SetBkMode
SetTextColor
GetObjectW
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreatePen
DeleteDC
Ellipse
GetBkColor
LineTo
SelectObject
SetBkColor
MoveToEx
TextOutW
CreateFontIndirectW
GetDIBits
SetDIBits
GetTextExtentPoint32W
SetDCBrushColor
CreateSolidBrush

msimg32

AlphaBlend

Exports

Exports

CreateWzWXFProvider
DllMain
GetInterfaceVersion

Sections

.text
Size: 309KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e456c63a7695241b0faff1eec27f24b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:37:e8Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:d1:d8:28:6b:82:39:33:99:c8:53:e4:4f:f8:aa:38:54Certificate

Extended Key Usages

Key Usages

76:73:ff:a3:7c:3f:0e:a1:b5:b0:e2:b2:72:d1:72:26:4e:69:ee:23Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comdlg32

comctl32

kernel32

user32

advapi32

ole32

oleaut32

gdi32

msimg32

Exports

Exports

Sections

.text Size: 309KB - Virtual size: 308KB

.rdata Size: 111KB - Virtual size: 111KB

.data Size: 12KB - Virtual size: 82KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 7.1MB - Virtual size: 7.1MB

.reloc Size: 25KB - Virtual size: 24KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:d1:d8:28:6b:82:39:33:99:c8:53:e4:4f:f8:aa:38:54
Certificate

76:73:ff:a3:7c:3f:0e:a1:b5:b0:e2:b2:72:d1:72:26:4e:69:ee:23
Signer

.text
Size: 309KB - Virtual size: 308KB

.rdata
Size: 111KB - Virtual size: 111KB

.data
Size: 12KB - Virtual size: 82KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 7.1MB - Virtual size: 7.1MB

.reloc
Size: 25KB - Virtual size: 24KB