4c67cc07be0687a1ce6a56eac0a3e308_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4c67cc07be0687a1ce6a56eac0a3e308_JaffaCakes118
Size

2.1MB
MD5

4c67cc07be0687a1ce6a56eac0a3e308
SHA1

3e9430ab64761df119ecb12a753573b259b79c0e
SHA256

93df1990bc1b30a949a3abccb31ae301391beec104fdf3167cbca6fed0eec568
SHA512

c9dbb732ce3d5454c28b31f01879885840819f544a1b20aceffdedc4a01c865dc6b18c23b242ca9231983f6c5b2adc96a8d109279f4bbe9d23c39a3feaa69150
SSDEEP

49152:ri2bCF0MEN1HDsPz1nPbvj5UeLN3rz6rRCZLJ0AA8Z9i2:ri2Xoj2ehf06M8Z

Score

1^/10

Malware Config

Signatures

Files

4c67cc07be0687a1ce6a56eac0a3e308_JaffaCakes118
.dll windows:6 windows x86 arch:x86

4df5e58effb84001bf00fe62e35b2b6e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

40:db:08:89:dc:1a:e4:dc:b8:a7:53:d6:02:20:ca:b8
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

06/06/2012, 00:00

Not After

05/08/2014, 23:59

Subject

CN=Ymir Entertainment Co.\, Ltd,O=Ymir Entertainment Co.\, Ltd,L=GyangNam-Gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

76:53:70:be:67:60:84:44:73:1d:c2:91:de:fb:4b:fd:09:4d:5e:6a
Signer

Actual PE Digest

76:53:70:be:67:60:84:44:73:1d:c2:91:de:fb:4b:fd:09:4d:5e:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalUnlock
GetCurrentThreadId
Sleep
GetModuleHandleA
HeapFree
HeapAlloc
GetProcessHeap
VirtualQuery
LoadLibraryW
FreeLibrary
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwind
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
EncodePointer
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetCurrentThread
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
ReadConsoleW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
SetStdHandle
HeapSize
HeapReAlloc
WriteConsoleW
DecodePointer
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
TryEnterCriticalSection
AreFileApisANSI
SetEndOfFile
GetFileInformationByHandle
GetFileAttributesExW
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
GlobalAlloc
GlobalSize
GetLastError
GlobalLock
CloseHandle
CreateFileW
WriteFile
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LocalFree
GetProcAddress
GetModuleHandleW
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
InitializeCriticalSectionAndSpinCount
SetLastError
FormatMessageA
QueryPerformanceCounter
CreateTimerQueue
GetCPInfo
UnregisterWaitEx

user32

SetTimer
EnumDisplayMonitors
PeekMessageW
TranslateAcceleratorW
TranslateMessage
LoadIconW
LoadCursorW
SetCursor
GetClassLongW
PostQuitMessage
UpdateWindow
ShowCursor
BeginPaint
EndPaint
GetWindowThreadProcessId
GetWindowTextLengthW
ShowWindowAsync
PostMessageW
GetWindow
GetWindowRect
DestroyWindow
IsWindowVisible
SetWindowPos
SetActiveWindow
HideCaret
CreateWindowExW
ScreenToClient
SendMessageW
SetWindowTextW
WindowFromPoint
SetCaretPos
ShowWindow
GetMessageW
DefWindowProcW
GetKeyState
UnregisterClassW
RegisterClassExW
SetClassLongW
KillTimer
IsWindow
GetMonitorInfoW
ClientToScreen
CreateCaret
AttachThreadInput
GetForegroundWindow
MoveWindow
DestroyCaret
SetParent
SetCapture
GetClientRect
IsZoomed
ShowCaret
GetParent
ReleaseCapture
SetForegroundWindow
InvalidateRect
GetAncestor
GetCursorPos
GetWindowTextW
GetSystemMetrics
GetFocus
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
CreateIconFromResourceEx
GetIconInfo
DestroyIcon
DrawIconEx
LoadImageW
GetDC
FillRect
FrameRect
ReleaseDC
MessageBoxW
IsWindowEnabled
EnableWindow
SystemParametersInfoW
DispatchMessageW
SetFocus

gdi32

CreatePen
LineTo
SetBkMode
DeleteDC
GetTextMetricsW
CreateRoundRectRgn
GdiFlush
FrameRgn
SetPixel
GetTextExtentExPointW
CreateCompatibleDC
CreateDIBSection
MoveToEx
BitBlt
GetDIBits
CreateFontIndirectW
RemoveFontResourceExW
GetDeviceCaps
SetDIBitsToDevice
CreateCompatibleBitmap
GetObjectW
GetTextExtentPoint32W
TextOutW
SetTextColor
DeleteObject
SelectObject
RoundRect
CreateSolidBrush

shell32

DragFinish
DragQueryPoint
DragQueryFileW
ShellExecuteW
SHGetFileInfoW

Sections

.text
Size: 921KB - Virtual size: 920KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 908KB - Virtual size: 907KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4df5e58effb84001bf00fe62e35b2b6e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

40:db:08:89:dc:1a:e4:dc:b8:a7:53:d6:02:20:ca:b8Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

76:53:70:be:67:60:84:44:73:1d:c2:91:de:fb:4b:fd:09:4d:5e:6aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Sections

.text Size: 921KB - Virtual size: 920KB

.rdata Size: 169KB - Virtual size: 168KB

.data Size: 100KB - Virtual size: 105KB

.vmp0 Size: 908KB - Virtual size: 907KB

.reloc Size: 50KB - Virtual size: 50KB

.rsrc Size: 512B - Virtual size: 469B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

40:db:08:89:dc:1a:e4:dc:b8:a7:53:d6:02:20:ca:b8
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

76:53:70:be:67:60:84:44:73:1d:c2:91:de:fb:4b:fd:09:4d:5e:6a
Signer

.text
Size: 921KB - Virtual size: 920KB

.rdata
Size: 169KB - Virtual size: 168KB

.data
Size: 100KB - Virtual size: 105KB

.vmp0
Size: 908KB - Virtual size: 907KB

.reloc
Size: 50KB - Virtual size: 50KB

.rsrc
Size: 512B - Virtual size: 469B