2f1ec96815b2f5d7b685395c1e298782_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2f1ec96815b2f5d7b685395c1e298782_JaffaCakes118
Size

192KB
MD5

2f1ec96815b2f5d7b685395c1e298782
SHA1

2e1a62605753aca0b91c197c0c5ca23f22a01984
SHA256

659428969ab791dbea68e43d45990db2b3829f999afd69f9d112f82e1c13d154
SHA512

e3d7f9c5f769f70e4ca7a8f057d41313fb85994afc51fec9ce70813d9811c04ef85723a0bb04531ce5db32306f297a73ab8c8de03442f26177ccbc0db4922bfc
SSDEEP

3072:pwD3VbcclFsjktXmJPi6N6I46HLl89IPSAE3WlzOu5zMmQVbGnBD1qw:pW3VbcJPlzEmlS3LZaP

Score

1^/10

Malware Config

Signatures

Files

2f1ec96815b2f5d7b685395c1e298782_JaffaCakes118
.dll windows:5 windows x64 arch:x64

54e0b0e7a4676a40ce9cbe62ed1482b6

Code Sign

0d:33:90:d3:72:7c:6a:96:44:6c:f7:cb:86:be:b5:19
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2018, 00:00

Not After

09/01/2020, 12:00

Subject

CN=Corel Corporation,O=Corel Corporation,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ad:a8:10:50:b6:e2:76:bd:a7:8e:89:a4:15:80:88:f5:70:23:bc:a2
Signer

Actual PE Digest

ad:a8:10:50:b6:e2:76:bd:a7:8e:89:a4:15:80:88:f5:70:23:bc:a2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

systeminfo-vc140-mt

?parseEntry@CUninstallEntryParser@UninstallEntries@SoftwareInfo@SystemInfo@@QEAA_NUCRegKeyServiceInfo@234@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AEAV?$unique_ptr@UCUninstallEntry@UninstallEntries@SoftwareInfo@SystemInfo@@U?$default_delete@UCUninstallEntry@UninstallEntries@SoftwareInfo@SystemInfo@@@std@@@7@@Z
??BCUninstallEntriesInfo@UninstallEntries@SoftwareInfo@SystemInfo@@QEAA?AUCUninstallEntry@123@XZ
??0CUninstallEntriesInfo@UninstallEntries@SoftwareInfo@SystemInfo@@QEAA@XZ
??1CInfoBase@SystemInfo@@UEAA@XZ
?Is64BitProcess@Utils@SystemInfo@@YA_NXZ

kernel32

InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ExpandEnvironmentStringsW
CreateEventA
CloseHandle
WaitForSingleObjectEx
SetEvent
LockResource
LoadResource
GetLastError
CreateProcessW
FindResourceW
FindResourceExW
GetCurrentThreadId
WaitForMultipleObjects
Sleep
CreateEventW
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SizeofResource
InitializeSListHead
DisableThreadLibraryCalls
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
FormatMessageA
LocalFree
SystemTimeToFileTime
CreateWaitableTimerA
SetUnhandledExceptionFilter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
SetWaitableTimer
ResetEvent
GetCurrentProcessId
GetProcAddress
ReleaseSemaphore
WaitForMultipleObjectsEx
GetTickCount
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
OpenEventA
GetModuleHandleA

advapi32

RegQueryInfoKeyW
RegOpenKeyW
RegNotifyChangeKeyValue
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

shlwapi

SHRegDuplicateHKey

vcruntime140

__std_terminate
__CxxFrameHandler3
memcpy
memmove
_CxxThrowException
memset
_purecall
__std_exception_copy
__std_exception_destroy
__RTDynamicCast
memcmp
__vcrt_InitializeCriticalSectionEx
__C_specific_handler
__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_beginthreadex
strerror
_invalid_parameter_noinfo
_errno
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__stdio_common_vswprintf_s

api-ms-win-crt-string-l1-1-0

wcscpy_s
wmemcpy_s

api-ms-win-crt-time-l1-1-0

_gmtime64

Exports

Exports

getEngineVersion
registerSource

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54e0b0e7a4676a40ce9cbe62ed1482b6

Code Sign

0d:33:90:d3:72:7c:6a:96:44:6c:f7:cb:86:be:b5:19Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

ad:a8:10:50:b6:e2:76:bd:a7:8e:89:a4:15:80:88:f5:70:23:bc:a2Signer

Headers

DLL Characteristics

File Characteristics

Imports

systeminfo-vc140-mt

kernel32

advapi32

msvcp140

shlwapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 111KB - Virtual size: 111KB

.rdata Size: 58KB - Virtual size: 58KB

.data Size: 5KB - Virtual size: 7KB

.pdata Size: 9KB - Virtual size: 8KB

.gfids Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 976B

0d:33:90:d3:72:7c:6a:96:44:6c:f7:cb:86:be:b5:19
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

ad:a8:10:50:b6:e2:76:bd:a7:8e:89:a4:15:80:88:f5:70:23:bc:a2
Signer

.text
Size: 111KB - Virtual size: 111KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 5KB - Virtual size: 7KB

.pdata
Size: 9KB - Virtual size: 8KB

.gfids
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 976B