44ffe73b3e827b85f1c5d727eeb37551_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44ffe73b3e827b85f1c5d727eeb37551_JaffaCakes118
Size

5.1MB
MD5

44ffe73b3e827b85f1c5d727eeb37551
SHA1

f684f8abe884b312de0230d92651a9368bfb9c3d
SHA256

ff86cd159b54a04862b916a845bd55a304b1bb0ab2894a4f1bc77020f7ced149
SHA512

a0c47276e0ea6fb74402c2ab2e67c929e52d087fcf95fb1ec39e2f292458cd837be2bafda3efebe4755ef7937be59be63521799270cef6d8fc82fb677246f4e0
SSDEEP

98304:ZVQINUZjR4HXo0a8K9DxhTe5O4rEdrqNdN7RsM:2RR4HY0aDrqNdwM

Score

1^/10

Malware Config

Signatures

Files

44ffe73b3e827b85f1c5d727eeb37551_JaffaCakes118
.dll windows:5 windows x86 arch:x86

854b30c2068ed9c05251fc6e651560b9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:25:d4:d8:3c:91:8a:f2:10:ad:5e:ab:be:9f:d6:6d
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/07/2018, 00:00

Not After

31/12/2019, 12:00

Subject

CN=Lavasoft Software Canada,O=Lavasoft Software Canada,L=St-Laurent,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:f0:38:ea:42:4c:7b:74:e5:f0:6d:99:5d:c3:0a:69:32:52:cb:e1:c6:3b:57:0a:92:cf:3d:58:07:53:5d:ac
Signer

Actual PE Digest

72:f0:38:ea:42:4c:7b:74:e5:f0:6d:99:5d:c3:0a:69:32:52:cb:e1:c6:3b:57:0a:92:cf:3d:58:07:53:5d:ac

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\pveliz\poc\sciter.src.4.2.6.9\sdk\bin\32\sciter.dll.pdb

Imports

kernel32

GetLogicalDriveStringsW
ExitThread
FreeLibraryAndExitThread
MultiByteToWideChar
GetVolumeInformationW
SetFileAttributesW
UnregisterWaitEx
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
ReadDirectoryChangesW
GetCurrentDirectoryW
GetShortPathNameW
GetLongPathNameW
SetConsoleCursorPosition
GetNumberOfConsoleInputEvents
FillConsoleOutputAttribute
WriteConsoleInputW
CreateFileA
ReadConsoleInputW
FillConsoleOutputCharacterW
SetConsoleCursorInfo
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
LoadLibraryExW
GetProcAddress
GlobalUnlock
GlobalLock
GlobalSize
Sleep
MulDiv
QueryPerformanceFrequency
GlobalFree
GlobalAlloc
GetLastError
FormatMessageW
LocalAlloc
lstrlenW
LocalSize
LocalFree
TlsSetValue
GetLocaleInfoW
TlsAlloc
TlsGetValue
HeapFree
GetCommandLineW
HeapAlloc
GetProcessHeap
GetModuleFileNameA
LoadLibraryExA
GetEnvironmentVariableW
FreeLibrary
GetCPInfo
WideCharToMultiByte
RaiseException
DecodePointer
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetTempPathA
GetTempFileNameA
GetFileAttributesW
CompareStringW
GetModuleFileNameW
CompareStringA
GetUserDefaultLCID
GetNumberFormatW
GetCurrencyFormatW
GetTimeFormatW
VerSetConditionMask
GetComputerNameW
VerifyVersionInfoW
GetDateFormatW
OutputDebugStringW
FindFirstFileW
FindNextFileW
FindClose
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
SetFilePointer
SetEndOfFile
CreateFileW
UnmapViewOfFile
FlushViewOfFile
CloseHandle
GetFileSize
CreateFileMappingW
MapViewOfFile
AllocConsole
EncodePointer
InterlockedFlushSList
SetLastError
RtlUnwind
TlsFree
ExitProcess
GetModuleHandleExW
GetCurrentThread
GetACP
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetStdHandle
GetFileType
SetConsoleCtrlHandler
GetStringTypeW
WriteFile
GetConsoleCP
GetConsoleMode
DeleteFileW
ReadFile
SetFilePointerEx
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteConsoleW
ReadConsoleW
GetFileAttributesExW
CreateThread
lstrcmpW
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
CreateEventW
ResetEvent
DuplicateHandle
SetEvent
WaitForMultipleObjects
ReleaseSemaphore
VirtualAlloc
VirtualFree
LoadLibraryW
GetTickCount
GetThreadPriority
SetThreadPriority
GetVersionExW
ResumeThread
CreateSemaphoreA
CreateEventA
SetErrorMode
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
CancelIo
SetHandleInformation
RegisterWaitForSingleObject
UnregisterWait
SetNamedPipeHandleState
CreateNamedPipeA
CreateNamedPipeW
PeekNamedPipe
QueueUserWorkItem
GetNamedPipeHandleStateA
SwitchToThread
WaitNamedPipeW
ConnectNamedPipe
CreateDirectoryW
DeviceIoControl
RemoveDirectoryW
SetFileTime
CreateHardLinkW
GetFileInformationByHandle
MoveFileExW
CopyFileW
GetModuleHandleA
LoadLibraryA
FormatMessageA
DebugBreak
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetConsoleCursorInfo

user32

GetWindowRect
SetWindowPos
AnimateWindow
IsWindowVisible
GetWindowPlacement
UpdateLayeredWindow
SetCursor
MapWindowPoints
UpdateWindow
SetFocus
GetFocus
EndPaint
SetWindowLongW
SetForegroundWindow
GetForegroundWindow
DestroyIcon
KillTimer
GetParent
IsWindow
SendMessageW
InvalidateRect
GetClientRect
GetSystemMetrics
AdjustWindowRectEx
CreateWindowExW
MessageBoxW
ShowWindow
DestroyWindow
GetWindow
EnableWindow
SetActiveWindow
LoadIconW
LoadCursorW
RegisterClassExW
PostQuitMessage
DefWindowProcW
GetCursorPos
GetDesktopWindow
MoveWindow
IsWindowEnabled
RegisterClassW
RedrawWindow
WindowFromPoint
PostMessageW
GetWindowThreadProcessId
GetWindowTextW
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
IsWindowUnicode
GetWindowLongW
GetClassLongW
SetWindowsHookExW
EnumThreadWindows
EndDeferWindowPos
SetCapture
TranslateMessage
GetUpdateRect
IsRectEmpty
GetMessageTime
UnhookWindowsHookEx
GetSysColor
GetDoubleClickTime
CallMsgFilterW
IsChild
PeekMessageW
ClientToScreen
GetMonitorInfoW
SetTimer
DispatchMessageW
GetCapture
GetAsyncKeyState
BeginDeferWindowPos
SetClassLongW
GetActiveWindow
GetScrollInfo
NotifyWinEvent
SetWindowTextW
CallNextHookEx
ScreenToClient
MonitorFromWindow
GetDC
MonitorFromPoint
GetMessageExtraInfo
GetKeyState
DeferWindowPos
GetMessageW
SetScrollInfo
EnumDisplayDevicesW
EnumDisplayMonitors
DestroyCaret
FindWindowW
GetKeyboardLayout
CreateCaret
SetCaretPos
RegisterClipboardFormatW
OpenClipboard
EmptyClipboard
CloseClipboard
CountClipboardFormats
EnumClipboardFormats
SetClipboardData
IsClipboardFormatAvailable
GetClipboardData
GetClipboardSequenceNumber
LoadStringW
MessageBeep
DestroyCursor
LoadCursorFromFileA
CreateIconIndirect
GetIconInfo
DrawIconEx
MessageBoxA
GetQueueStatus
PostThreadMessageW
MsgWaitForMultipleObjects
SetWinEventHook
DispatchMessageA
MapVirtualKeyW
GetMessageA
SystemParametersInfoW
BeginPaint

urlmon

FindMimeFromData

oleacc

AccessibleObjectFromWindow
LresultFromObject

uxtheme

IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
GetThemePartSize
SetWindowTheme
CloseThemeData
OpenThemeData

imm32

ImmNotifyIME
ImmAssociateContextEx
ImmGetContext
ImmReleaseContext
ImmGetCompositionStringW
ImmSetCandidateWindow
ImmIsIME

comctl32

ImageList_Destroy
ImageList_DrawEx
ImageList_GetIconSize

winmm

PlaySoundW
timeKillEvent
timeBeginPeriod
timeEndPeriod
timeGetTime
timeSetEvent

usp10

ScriptItemize
ScriptFreeCache
ScriptBreak
ScriptShape
ScriptApplyDigitSubstitution
ScriptPlace

ws2_32

WSAGetLastError
setsockopt
getsockopt
closesocket
GetAddrInfoW
FreeAddrInfoW
htons
ioctlsocket
WSARecv
socket
WSASocketW
listen
shutdown
WSASetLastError
WSAStartup
WSARecvFrom
select
bind
WSAIoctl
WSASend

wininet

HttpOpenRequestA
InternetConnectA
HttpQueryInfoA
InternetQueryOptionW
InternetErrorDlg
HttpSendRequestA
InternetSetOptionW
HttpQueryInfoW
InternetReadFile
InternetOpenA
InternetCloseHandle

gdi32

CreateDIBSection
CreateCompatibleDC
SetLayout
SaveDC
SetViewportOrgEx
RestoreDC
BitBlt
GetStockObject
GetDeviceCaps
EndPage
StartDocW
SelectObject
DeleteDC
DeleteObject
GetClipBox
SetMapMode
CreateDCW
GetFontUnicodeRanges
EnumFontFamiliesExW
CreateFontW
GetObjectA
GetGlyphIndicesW
CreateBitmap
GetDIBits
GetObjectW
AddFontMemResourceEx
StartPage
EndDoc

winspool.drv

ord203

comdlg32

GetSaveFileNameW
GetOpenFileNameW
PrintDlgW
CommDlgExtendedError

advapi32

RegCloseKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
RegQueryValueExW
RegOpenKeyExW
GetUserNameW

shell32

SHGetFileInfoW
ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetPathFromIDListW
CommandLineToArgvW
ord727
DragQueryFileW
ord74
SHBrowseForFolderW

ole32

CoTaskMemAlloc
CoUninitialize
CoFreeUnusedLibraries
CoInitialize
CoCreateGuid
OleInitialize
CoTaskMemFree
OleUninitialize
CoCreateInstance
CreateStreamOnHGlobal
RegisterDragDrop
RevokeDragDrop
DoDragDrop
ReleaseStgMedium

oleaut32

SysFreeString
SafeArrayDestroy
SafeArrayCreateVector
SysAllocStringLen
SafeArrayPutElement

gdiplus

GdipCreateFontFromLogfontA
GdipGetLineSpacing
GdipCreateFontFromDC
GdipDeleteFont
GdiplusStartup
GdipCreateBitmapFromGraphics
GdipDrawImageI
GdipCreateHBITMAPFromBitmap
GdipDrawDriverString
GdiplusShutdown
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipAlloc
GdipFree
GdipCreateBitmapFromScan0
GdipCloneImage
GdipDisposeImage
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFillRectangleI
GdipCreatePath
GdipDeletePath
GdipAddPathArcI
GdipAddPathLineI
GdipFillPath
GdipGetClipBoundsI
GdipCreateLineBrush
GdipMultiplyLineTransform
GdipCreateMatrix2
GdipSetLinePresetBlend
GdipSetLineWrapMode
GdipAddPathEllipse
GdipCreatePathGradientFromPath
GdipSetPathGradientPresetBlend
GdipSetPathGradientWrapMode
GdipSetPathGradientCenterPoint
GdipSetPathGradientTransform
GdipCreatePen1
GdipDeletePen
GdipDrawPath
GdipFillRectanglesI
GdipDrawLine
GdipSetClipRectI
GdipTranslateWorldTransform
GdipGetSmoothingMode
GdipSaveGraphics
GdipRestoreGraphics
GdipBeginContainer2
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetPathWorldBounds
GdipClonePath
GdipSetClipRect
GdipAddPathRectangleI
GdipGraphicsClear
GdipGetImageWidth
GdipDeleteGraphics
GdipSetSmoothingMode
GdipEndContainer
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDrawImageRectRect
GdipTransformPoints
GdipMultiplyWorldTransform
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipScaleMatrix
GdipShearMatrix
GdipCreateTexture
GdipFillEllipse
GdipDrawEllipse
GdipFillPie
GdipDrawPie
GdipDrawArc
GdipFillRectangle
GdipDrawRectangle
GdipResetPath
GdipIsVisiblePathPoint
GdipStartPathFigure
GdipAddPathLine
GdipClosePathFigure
GdipSetPathFillMode
GdipAddPathArc
GdipAddPathBezier
GdipSetPageUnit
GdipSetCompositingQuality
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipCreateFromHWND
GdipCreateFromHDC
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipGetFontHeightGivenDPI
GdipMeasureString
GdipDeleteFontFamily
GdipGetFamily
GdipGetCellAscent
GdipGetFontSize
GdipGetEmHeight
GdipGetCellDescent
GdipDrawString
GdipAddPathString
GdipGetFontStyle
GdipCreatePen2
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenLineJoin
GdipSetPenMiterLimit
GdipSetPenDashStyle
GdipSetPenDashArray
GdipSetPenDashOffset

Exports

Exports

SciterAPI

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 936KB - Virtual size: 935KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 143KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

854b30c2068ed9c05251fc6e651560b9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

08:25:d4:d8:3c:91:8a:f2:10:ad:5e:ab:be:9f:d6:6dCertificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

72:f0:38:ea:42:4c:7b:74:e5:f0:6d:99:5d:c3:0a:69:32:52:cb:e1:c6:3b:57:0a:92:cf:3d:58:07:53:5d:acSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

urlmon

oleacc

uxtheme

imm32

comctl32

winmm

usp10

ws2_32

wininet

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

gdiplus

Exports

Exports

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 936KB - Virtual size: 935KB

.data Size: 143KB - Virtual size: 168KB

.gfids Size: 512B - Virtual size: 292B

.tls Size: 512B - Virtual size: 13B

.rsrc Size: 269KB - Virtual size: 268KB

.reloc Size: 256KB - Virtual size: 256KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

08:25:d4:d8:3c:91:8a:f2:10:ad:5e:ab:be:9f:d6:6d
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

72:f0:38:ea:42:4c:7b:74:e5:f0:6d:99:5d:c3:0a:69:32:52:cb:e1:c6:3b:57:0a:92:cf:3d:58:07:53:5d:ac
Signer

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 936KB - Virtual size: 935KB

.data
Size: 143KB - Virtual size: 168KB

.gfids
Size: 512B - Virtual size: 292B

.tls
Size: 512B - Virtual size: 13B

.rsrc
Size: 269KB - Virtual size: 268KB

.reloc
Size: 256KB - Virtual size: 256KB