473638f9a1bc608275aa3cf6459b1061_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

473638f9a1bc608275aa3cf6459b1061_JaffaCakes118
Size

62KB
MD5

473638f9a1bc608275aa3cf6459b1061
SHA1

b597e3b5da7c6658548441e161dd225b132d5e56
SHA256

889fa7015f8e582a8fc36daf90324d2f0fc62e0a4acb23d272637db28ea1a418
SHA512

d0535af35f441911609854571d28c4515ad464455261a3bb95c74f4310d179cc3f96268dcbc508b75f4ab9be28e6dee72d5a5873be32d3addcfc6331e157f401
SSDEEP

1536:h5QSbmz/DJ7x/TOZVQkUJtjpcXnDhymxZF2qH:7QpvJV/TOZVQkUJ8nFy+F2q

Score

1^/10

Malware Config

Signatures

Files

473638f9a1bc608275aa3cf6459b1061_JaffaCakes118
.dll windows:5 windows x86 arch:x86

72c07c25cc0bbbfc6a77810d675eb140

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1a:35:73:39:c3:b7:4c:1f:e1:de:b8:98:1c:f0:27:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/08/2012, 00:00

Not After

08/08/2015, 23:59

Subject

CN=OPSWAT\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=OPSWAT\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:d1:6a:3d:b4:05:b2:de:bc:3e:59:bc:30:9d:37:70:b5:d4:a8:98
Signer

Actual PE Digest

58:d1:6a:3d:b4:05:b2:de:bc:3e:59:bc:30:9d:37:70:b5:d4:a8:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

ShowWindow

advapi32

ReadEventLogW

ole32

CLSIDFromString

oleaut32

VariantClear

coreutils

?OU_GUI_FindChildWindows@CGUIUtils@OESIS@@SIHPAUHWND__@@PAXAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$list@U_typeWndDescriptor@OESIS@@V?$allocator@U_typeWndDescriptor@OESIS@@@std@@@5@JJJJ@Z

oesiscore

OESIS_InvokeMethod

msvcp90

??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

msvcr90

??0exception@std@@QAE@XZ

shlwapi

PathFileExistsW

Exports

Exports

??0CErrorInfoCollection@OESIS@@QAE@ABV01@@Z
??0CFileVersionInfo@OESIS@@QAE@ABV01@@Z
??0CRegKey@OESIS@@QAE@ABV01@@Z
??0typeInvocationArgs@OESIS@@QAE@ABV01@@Z
??0typeObject@OESIS@@QAE@ABV01@@Z
??0typeObject@OESIS@@QAE@XZ
??1CSoftwareVersion@OESIS@@QAE@XZ
??1CSoftwareVersionRange@OESIS@@QAE@XZ
??1typeInvocationArgs@OESIS@@UAE@XZ
??4CErrorInfoCollection@OESIS@@QAEAAV01@ABV01@@Z
??4CFileUtils@OESIS@@QAEAAV01@ABV01@@Z
??4CFileVersionInfo@OESIS@@QAEAAV01@ABV01@@Z
??4CFirefoxUtils@OESIS@@QAEAAV01@ABV01@@Z
??4CGUIUtils@OESIS@@QAEAAV01@ABV01@@Z
??4CGeneralUtils@OESIS@@QAEAAV01@ABV01@@Z
??4CLanguageUtils@OESIS@@QAEAAV01@ABV01@@Z
??4CProcessUtils@OESIS@@QAEAAV01@ABV01@@Z
??4CRegKey@OESIS@@QAEAAV01@ABV01@@Z
??4CResourceUtils@OESIS@@QAEAAV01@ABV01@@Z
??4CServiceUtils@OESIS@@QAEAAV01@ABV01@@Z
??4CSqliteUtils@OESIS@@QAEAAV01@ABV01@@Z
??4CStorageUtils@OESIS@@QAEAAV01@ABV01@@Z
??4CStringUtils@OESIS@@QAEAAV01@ABV01@@Z
??4CWindowsOSUtils@OESIS@@QAEAAV01@ABV01@@Z
??4CXmlUtils@OESIS@@QAEAAV01@ABV01@@Z
??4CriticalSectionManager@OESIS@@QAEAAV01@ABV01@@Z
??4typeInvocationArgs@OESIS@@QAEAAV01@ABV01@@Z
??4typeObject@OESIS@@QAEAAV01@ABV01@@Z
??_7CFileVersionInfo@OESIS@@6B@
??_7typeInvocationArgs@OESIS@@6B@
??_7typeObject@OESIS@@6B@
?GetCPByIndex@CFileVersionInfo@OESIS@@QBEGI@Z
?GetCurCP@CFileVersionInfo@OESIS@@QBEGXZ
?GetCurLID@CFileVersionInfo@OESIS@@QBEGXZ
?GetCurTrans@CFileVersionInfo@OESIS@@QBEKXZ
?GetCurTransIndex@CFileVersionInfo@OESIS@@QBEIXZ
?GetFileVersionBuild@CFileVersionInfo@OESIS@@QBEGXZ
?GetFileVersionMajor@CFileVersionInfo@OESIS@@QBEGXZ
?GetFileVersionMinor@CFileVersionInfo@OESIS@@QBEGXZ
?GetFileVersionQFE@CFileVersionInfo@OESIS@@QBEGXZ
?GetLIDByIndex@CFileVersionInfo@OESIS@@QBEGI@Z
?GetProductVersionBuild@CFileVersionInfo@OESIS@@QBEGXZ
?GetProductVersionMajor@CFileVersionInfo@OESIS@@QBEGXZ
?GetProductVersionMinor@CFileVersionInfo@OESIS@@QBEGXZ
?GetProductVersionQFE@CFileVersionInfo@OESIS@@QBEGXZ
?GetTransCount@CFileVersionInfo@OESIS@@QBEIXZ
?GetVSFFI@CFileVersionInfo@OESIS@@QBEABUtagVS_FIXEDFILEINFO@@XZ
?IsValid@CFileVersionInfo@OESIS@@QBEHXZ
?LoadStringFromDLL_Lua@CResourceUtils@OESIS@@SIHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@HAAV34@@Z
?RegUtil_FindSubKeysByFilter_64_Lua@CRegKey@OESIS@@SAHJABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABVtypeProperty@2@1AAV52@@Z
?RegUtil_FindSubKeysByFilter_Lua@CRegKey@OESIS@@SAHJABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABVtypeProperty@2@1AAV52@@Z
?RegUtil_ReadMultiStringFromRegistry@CRegKey@OESIS@@SAHJABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AAVtypeProperty@2@@Z
?RegUtil_ReadStringFromRegistry@CRegKey@OESIS@@SAHJABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AAV34@@Z
?RegUtil_ReadStringFromRegistry_64Bit@CRegKey@OESIS@@SAHJABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AAV34@@Z
?SetValueInt_Lua@CRegKey@OESIS@@SAHJABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0ABH@Z
?SetValueInt_Lua_64bit@CRegKey@OESIS@@SAHJABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0ABH@Z
?SetValueStr_Lua@CRegKey@OESIS@@SAHJABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@00@Z
?SetValueStr_Lua_64bit@CRegKey@OESIS@@SAHJABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@00@Z
?WindowLIDToOpswatLanguageType_Lua@CFileVersionInfo@OESIS@@SAHJAAJAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?getAttribute@CXpathUtils@OESIS@@SI?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PAVTiXmlNode@@ABV34@@Z
?getType@typeTime@OESIS@@UAE?AW4enumObjectType@typeObject@2@XZ
@Helper_PGP_Desktop_ExtractVolumeSector@96
@Helper_PGP_Desktop_GetXmlNodeValue@12
@Kaspersky_Pure_X_ReturnMountedDrives@8
@NeobyteSolutions_SafeBit_GetInstallDir@24
@SafeGuard_GetEncryptedVolumes@20
@Sophos_SafeGuard_ImplHDEnc_CheckEncryptionOrDecryptionInProgress@12
@Sophos_SafeGuard_ImplHDEnc_ExecuteExe@4
@Sophos_SafeGuard_ImplHDEnc_ReturnValues@8
BeCrypt_DISKProtect_ISoftwareProduct_GetProductVersion
CMG_Windows_Shield_ISoftwareProduct_GetProductVersion
CheckPoint_Endpoint_Security_E80_41_GetEncryptedLocations
CheckPoint_Endpoint_Security_E80_41_GetEncryptionState
Generic_HdEnc_Get_Product_Type
Generic_HdEnc_Get_Supported_Algos
GuardianEdgeTechnologies_EncryptionPlusHardDisk_GetProductVersion
IHdEnc_GetModuleVersion
InfoSecCorp_SpyProof_IHdEnc_GetEncryptedDevices
InfoSecCorp_SpyProof_IHdEnc_GetEncryptedVolumes
InfoSecCorp_SpyProof_ISoftwareProduct_GetProductVersion
Kaspersky_IHDEnc_GetProductVersion
Kaspersky_Pure_X_GetEncryptedLocations
Kaspersky_Pure_X_Get_Encryption_Methods
Lenovo_SafeGuard_IHdEnc_GetEncryptedVolumes
Lenovo_SafeGuard_ISotwareProduct_GetProductVersion
McAfee_McAfeeEndpointEncryption_5_X_GetEncryptionState
McAfee_McAfeeEndpointEncryption_5_X_GetInstallDir
McAfee_McAfeeEndpointEncryption_GetInstallDir
McAfee_McAfeeEndpointEncryption_GetProductVersion
Microsoft_BitLocker_6_X_GetEncryptedLocations
Microsoft_BitLocker_GetAlg
Microsoft_BitLocker_GetEncryptedLocations
Microsoft_BitLocker_GetProductType
Microsoft_BitLocker_GetProductVersion
Microsoft_BitLocker_Get_Encryption_State
Microsoft_BitLocker_IsDecryptionInProgress
Microsoft_BitLocker_IsEncryptionInProgress
NeobyteSolutions_SafeBit_IHDEnc_GetEncryptedLocations
NeobyteSolutions_SafeBit_ISoftwareProduct_GetProductVersion
PGP_Desktop_GetEncryptedLocations
PGP_Desktop_GetEncryptionAlgorithm
PGP_Desktop_GetEncryptionState
PGP_Desktop_ISotwareProduct_GetProductVersion
PGP_Desktop_IsDecryptionInProgress
PGP_Desktop_IsEncryptionInProgress
Pointsec_PointsecForPC_IHdEnc_GetAlg
Pointsec_PointsecForPc_IHdEnc_DecryptionInProgress
Pointsec_PointsecForPc_IHdEnc_GetEncryptedState
Pointsec_PointsecForPc_IHdEnc_GetEncryptedVolumes
Pointsec_PointsecForPc_IHdEnc_GetFinishedEncryptingVols
Pointsec_PointsecForPc_IHdEnc_IsEncryptionInProgress
Pointsec_PointsecForPc_ISoftwareProduct_GetInstallDir
Pointsec_PointsecForPc_ISotwareProduct_GetProductVersion
Pointsec_PointsecForPc_PointsecPC_GetProductVersion
SecurStar_DriveCrypt_ISotwareProduct_GetProductVersion
SkyRecon_StormShieldAgent_ISoftwareProduct_GetProductVersion
Softwin_BitDefenderTotalSecurity_GetEncryptedVolumes
Softwin_BitDefenderTotalSecurity_GetProductVersion
Sophos_SafeGuard_ISoftwareProduct_GetInstallDir
Sophos_SafeGuard_ISoftwareProduct_GetProductVersion
Sophos_SafeGuard_ImplHDEnc_GetEncryptedAlgorithm
Sophos_SafeGuard_ImplHDEnc_GetEncryptedLocations
Sophos_SafeGuard_ImplHDEnc_GetEncryptionState
Sophos_SafeGuard_ImplHDEnc_IsEncryptionOrDecryptionInProgress
Symantec_EndpointProtection_8_X_ImplHDEnc_GetEncryptedLocations
Symantec_EndpointProtection_8_X_ImplHDEnc_GetEncryptionState
Symantec_EndpointProtection_8_X_ImplHDEnc_IsEncryptionInProgress
TrueCrypt_TrueCrypt_IHdEnc_GetEncryptedVolumes
TrueCrypt_TrueCrypt_IHdEnc_GetEncryptionState
TrueCrypt_TrueCrypt_ISoftwareProduct_GetProductVersion
TrustPort_Total_Protection_ProductType
Utimaco_SafeGuardEasy_IHdEnc_GetEncryptedVolumes
Utimaco_SafeGuardEasy_ISotwareProduct_GetProductVersion
Utimaco_SafeGuard_IHdEnc_GetEncryptedVolumes
Utimaco_SafeGuard_ISotwareProduct_GetProductVersion
WinEncrypt_CryptArchiverLite_3_X_GetEncryptedLocations
WinEncrypt_CryptArchiverLite_3_X_GetEncryptedState

Sections

.text
Size: 40KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

72c07c25cc0bbbfc6a77810d675eb140

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1a:35:73:39:c3:b7:4c:1f:e1:de:b8:98:1c:f0:27:8dCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

58:d1:6a:3d:b4:05:b2:de:bc:3e:59:bc:30:9d:37:70:b5:d4:a8:98Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

coreutils

oesiscore

msvcp90

msvcr90

shlwapi

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 160KB

.rsrc Size: 14KB - Virtual size: 16KB

.reloc Size: 512B - Virtual size: 512B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1a:35:73:39:c3:b7:4c:1f:e1:de:b8:98:1c:f0:27:8d
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

58:d1:6a:3d:b4:05:b2:de:bc:3e:59:bc:30:9d:37:70:b5:d4:a8:98
Signer

.text
Size: 40KB - Virtual size: 160KB

.rsrc
Size: 14KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 512B