33c65ad2edcbc3ec7869ada61d910332_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

33c65ad2edcbc3ec7869ada61d910332_JaffaCakes118
Size

464KB
MD5

33c65ad2edcbc3ec7869ada61d910332
SHA1

e51cc5c6f3b71ca963fd5e958a40b1559ce39108
SHA256

4f5c00b24d4524d4c8e74e66a77c4f727cb0b0253fe190460610dc800d85fe96
SHA512

b924046b161614feaa46126959cee070c40d360f2bb383c28407afcb8fe8e6ea0efe451d32f648a41c3414d824e4c86f3956b5d6e0a2c63ce6685405fc757bed
SSDEEP

6144:sI1d7jB0+PTJHKJkxe7T11Fc7meEoWlPqx2kFIbWZ5CbGKk9vP0YxmxNp4a43YfD:sGlFcm7jErG2xAZjaGYr

Score

1^/10

Malware Config

Signatures

Files

33c65ad2edcbc3ec7869ada61d910332_JaffaCakes118
.dll windows:6 windows x64 arch:x64

9f54c7a4ea6f22ea8d3f6e2c0946ec96

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2c:63:9a:e7:a9:4e:2f:34:ff:39:2d:6c:4b:e2:24:12
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

10/06/2019, 00:00

Not After

09/06/2021, 23:59

Subject

CN=LULU Software,O=LULU Software,L=Saint-Laurent,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:63:9a:e7:a9:4e:2f:34:ff:39:2d:6c:4b:e2:24:12
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

10/06/2019, 00:00

Not After

09/06/2021, 23:59

Subject

CN=LULU Software,O=LULU Software,L=Saint-Laurent,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

70:2c:a1:ab:79:3c:0d:3a:b5:11:e5:da:87:1a:12:32:72:48:bd:0d:06:d4:5d:30:36:44:07:7b:50:7d:85:74
Signer

Actual PE Digest

70:2c:a1:ab:79:3c:0d:3a:b5:11:e5:da:87:1a:12:32:72:48:bd:0d:06:d4:5d:30:36:44:07:7b:50:7d:85:74

Digest Algorithm

sha256

PE Digest Matches

true

be:6d:c3:6b:62:90:e3:b8:7c:8e:74:6f:fe:1c:7e:c2:16:37:c2:c0
Signer

Actual PE Digest

be:6d:c3:6b:62:90:e3:b8:7c:8e:74:6f:fe:1c:7e:c2:16:37:c2:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\LULU\TempBuilds\TemporaryBuilds\default-pool-agent-1\5\s\_bin\x64\Release\pdfview.pdb

Imports

pdfcore

PDAnnotRelease
PDPageGetReadContent
PDEShadingElementGetShading
PDEShadingFreeFormGouraudGetNumVertices
PDEShadingLatticeFormGouraudGetVertexCoord
PDEShadingRadialGetExtendEnd
PDEShadingAxialGetExtendStart
PDEShadingFreeFormGouraudGetVertexColor
PDEShadingAxialGetExtendEnd
PDEShadingPatchMeshGetNumPatches
PDEFunctionExec
PDEShadingLatticeFormGouraudGetNumVertices
PDEShadingPatchMeshGetPatchCoords
PDEShadingRadialGetDomain
PDEShadingLatticeFormGouraudGetVerticesPerRow
PDEShadingAxialGetDomain
PDEShadingRadialGetStartRadius
PDEFunctionRelease
PDEShadingRadialGetFunction
PDEShadingLatticeFormGouraudGetVertexColor
PDEShadingGetColorSpace
PDEShadingFreeFormGouraudGetVertexCoord
PDAnnotGetAppearanceState
PDEShadingAxialGetFunction
PDEShadingGetType
PDEShadingRadialGetExtendStart
PDEShadingRadialGetStartPoint
PDEShadingGetBackground
PDEShadingRadialGetEndRadius
PDEShadingAxialGetStartPoint
PDEShadingRadialGetEndPoint
PDEShadingAcquire
PDEShadingAxialGetEndPoint
PDESoftMaskGetSubtype
PDESoftMaskGetGroup
PDEGStateGetSoftMaskMatrix
PDEGStateGetAlphaIsShape
PDESoftMaskGetBackdropColor
PDESoftMaskGetTransfer
PDETextItemGetGState
PDETextItemGetCharProc
PDETextItemGetMatrix
PDEFontGetFontBBox
PDETextStateGetRenderMode
PDEXObjectElementGetXObject
PDEContentAcquire
PDAnnotIsMarkupAnnot
PDPageGetAnnot
PDEXObjectGetType
PDAnnotGetFlags
PDEElementGetClip
PDPageGetCropBox
PDPageGetMediaBox
PDPageGetNumAnnots
PDPageGetRotate
PDPageGetUserUnitSize
PDEElementAcquire
PDAnnotGetRect
PDMarkupAnnotGetInReplyTo
PDAnnotGetBlendMode
PDOCConfigIsAnnotVisible
PDAnnotGetAppearance
PDEPatternShadingGetShading
PDEPatternTilingGetBBox
PDEPatternTilingGetYStep
PDEPatternTilingGetXStep
PDEPatternTilingGetContent
PDEPatternShadingGetMatrix
PDEPatternTilingGetMatrix
PDEPatternGetType
PDEPatternTilingGetPaintType
PDEShadingRelease
PDEShadingGetBBox
PDEImageXObjectGetOCMD
PDEImageXObjectGetMask
PDECreateColorSpace
PDECreateImageXObject
PDEImageXObjectSetSMask
PDEXObjectAcquire
PDEImageXObjectGetSMask
PDEXObjectGetPDObject
PDEColorSpaceTransformImageDataToRGB
PDEInlineImageGetColorSpace
PDEInlineImageGetAttrs
PDEImageStreamNextLine
PDEColorSpaceGetNumComponents
PDEColorSpaceTransformToRGB
PDEColorSpaceGetComponentRange
PDEInlineImageGetDecodeArray
PDEColorSpacePackColor
PDEImageXObjectGetMatteArray
PDEInlineImageOpenStream
PDEImageXObjectGetColorKey
PDEXObjectRelease
PDEImageXObjectGetAttrs
PDEImageXObjectGetColorSpace
PDEImageXObjectOpenStream
PDEInlineImageGetIntent
PDEImageXObjectGetDecodeArray
PDEColorSpaceAcquire
PDEImageStreamClose
PDEImageXObjectGetIntent
PDEFormXObjectGetXGroup
PDEFormXObjectGetMatrix
PDEFormXObjectGetOCMD
PDOCMDIsVisible
PDEFormXObjectGetBBox
PDEXGroupGetFlags
PDOCMDRelease
PDEFormXObjectGetContent
PDEXGroupRelease
PDEColorRelease
PDETextItemRelease
PDEClipGetBBox
PDEClipGetNumElements
PDEGStateGetFlags
PDEFontRelease
PDEColorSpaceDoesProduceOutput
PDEElementGetBBox
PDEColorGetPattern
PDEGStateGetMiterLimit
PDETextItemGetCharAdvance
PDEPathGetPaintOp
PDETextItemGetNumChars
PDETextStateGetTextRise
PDEGStateGetIntent
PDEGStateGetStrokeAlpha
PDETextStateGetFont
PDEColorGetColorSpace
PDETextStateGetFontSize
PDEGStateAcquire
PDEGStateGetDash
PDEFontGetFontMatrix
PDEColorSpaceGetFamily
PDEGStateGetFillAlpha
PDEFontGetWritingMode
PDETextGetNumItems
PDETextStateRelease
PDETextStateGetHorzScaling
PDEGStateGetLineCap
PDEGStateGetFillColor
PDEPatternRelease
PDEGStateGetBlendMode
PDEGStateGetLineJoin
PDETextItemGetCharOutline
PDEGStateGetStrokeColor
PDETextItemGetCharVertMetric
PDEColorSpaceRelease
PDETextItemGetTextMatrix
PDETextItemGetTextState
PDEColorToRGB
PDEGStateGetLineWidth
PDESoftMaskAcquire
PDESoftMaskRelease
PDETextGetItem
PDEPathEnum
PDEGStateGetSoftMask
PDEFontGetSubtype
PDEClipGetElement
PDEClipRelease
PDEElementRelease
PDEContentGetElement
PDEElementGetType
PDEContainerGetContent
PDOCConfigAcquire
PDEContentRelease
PDEElementGetMatrix
PDEGStateRelease
PDOCConfigIsElementVisible
PDEContentGetNumElements
PDEElementGetGState
PDOCConfigRelease
PDEShadingPatchMeshGetPatchColors

pdfgraphics

GXRenderTargetSetStrokeAdjustment
GXBitmapCopyFromBitmap
GXCreateGradientRadial
GXCreateGradientTriMesh
GXCreateGradientLinear
GXCreateBrushGradient
GXRenderTargetFillRect
GXGeometryWiden
GXRenderTargetBeginPaint
GXCreateRenderTargetBitmap
GXRenderTargetTranslateCTM
GXRenderTargetClear
GXRenderTargetEndPaint
GXRenderTargetSetOpacityMask
GXRenderTargetFillMask
GXRenderTargetDrawBitmap
GXCreateBrushBitmap
GXPaletteGetNumColors
GXBitmapGetPalette
GXPaletteGetColor
GXCreateBitmap
GXBitmapLock
GXBitmapSetPalette
GXCreatePalette
GXBitmapUnlock
GXRenderTargetBeginLayer
GXRenderTargetEndLayer
GXRenderTargetGetCTM
GXGeometryEndFigure
GXGeometryLineTo
GXGeometrySetFillRule
GXRenderTargetClipGeometry
GXRenderTargetStrokeGeometry
GXRenderTargetFillGeometry
GXRenderTargetSetShapeMask
GXGeometryRectangle
GXRenderTargetClipRect
GXCreateGeometry
GXGeometryBeginFigure
GXGeometryEndFigureClose
GXRenderTargetPushState
GXGeometryConicCurveTo
GXRenderTargetSetCTM
GXRenderTargetSetBlendMode
GXRenderTargetGetSize
GXCreateBrushSolidARGB
GXRenderTargetConcatCTM
GXRenderTargetPopState
GXBitmapGetPixelFormat
GXObjectAcquire
GXBitmapGetSize
GXObjectRelease
GXGeometryCubicCurveTo

kernel32

QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
LoadLibraryExW
GetModuleHandleA
GetModuleFileNameW
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
GetCurrentThread
EncodePointer
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
Sleep
WaitForSingleObjectEx
SetEvent
CloseHandle
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
InitializeCriticalSectionAndSpinCount
SetLastError
QueryPerformanceCounter
WideCharToMultiByte
GetLastError
GetCurrentThreadId
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateTimerQueue
LoadLibraryW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
HeapAlloc
HeapFree
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
SetFilePointerEx
CreateFileW
WriteConsoleW
DecodePointer
UnregisterWaitEx

Exports

Exports

PDFBitmapToXObjectImage
PDFCreateRenderContext
PDFDrawAnnot
PDFDrawContent
PDFDrawFormXObject
PDFDrawPage
PDFGStateCreateFillBrush
PDFGStateCreateStrokeBrush
PDFInlineImageToBitmap
PDFPathToGeometry
PDFPathToPaintGeometry
PDFRenderContextFree
PDFRenderContextPurgeCaches
PDFTextToGeometry
PDFXObjectImageToBitmap

Sections

.text
Size: 298KB - Virtual size: 297KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f54c7a4ea6f22ea8d3f6e2c0946ec96

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

2c:63:9a:e7:a9:4e:2f:34:ff:39:2d:6c:4b:e2:24:12Certificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

2c:63:9a:e7:a9:4e:2f:34:ff:39:2d:6c:4b:e2:24:12Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

70:2c:a1:ab:79:3c:0d:3a:b5:11:e5:da:87:1a:12:32:72:48:bd:0d:06:d4:5d:30:36:44:07:7b:50:7d:85:74Signer

be:6d:c3:6b:62:90:e3:b8:7c:8e:74:6f:fe:1c:7e:c2:16:37:c2:c0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

pdfcore

pdfgraphics

kernel32

Exports

Exports

Sections

.text Size: 298KB - Virtual size: 297KB

.rdata Size: 120KB - Virtual size: 119KB

.data Size: 11KB - Virtual size: 16KB

.pdata Size: 17KB - Virtual size: 16KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

2c:63:9a:e7:a9:4e:2f:34:ff:39:2d:6c:4b:e2:24:12
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

2c:63:9a:e7:a9:4e:2f:34:ff:39:2d:6c:4b:e2:24:12
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

70:2c:a1:ab:79:3c:0d:3a:b5:11:e5:da:87:1a:12:32:72:48:bd:0d:06:d4:5d:30:36:44:07:7b:50:7d:85:74
Signer

be:6d:c3:6b:62:90:e3:b8:7c:8e:74:6f:fe:1c:7e:c2:16:37:c2:c0
Signer

.text
Size: 298KB - Virtual size: 297KB

.rdata
Size: 120KB - Virtual size: 119KB

.data
Size: 11KB - Virtual size: 16KB

.pdata
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB