4f34e241f2b7f4f716d753adfeafc34a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4f34e241f2b7f4f716d753adfeafc34a_JaffaCakes118
Size

611KB
MD5

4f34e241f2b7f4f716d753adfeafc34a
SHA1

bb390bb40e9b6c6055bc32d6ee667ce66ef8c118
SHA256

30531f98c4465334f95032426c1a9f6ac6bf6b5dfa34ac1f1169c2b3733efa56
SHA512

b413e5b2b9a53af95a8464dc5ba610fb82d5efb80b78db23aee4bc38783fdcac1c8439983a4bb62c356474d7e544375f2dff7181294dbaf82d8b29be9613e8d6
SSDEEP

12288:/jEE1QYOuW7rPElRH6lsJ9SOkKB+C9L/lkPgoUQTFbTS+b:/jZBGERH6U9wKLNlagoNTFHS+b

Score

1^/10

Malware Config

Signatures

Files

4f34e241f2b7f4f716d753adfeafc34a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3573e76407c4249ac88d913b27a34832

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04-03-2014 00:00

Not After

03-03-2024 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:f9:22:0d:a4:b2:20:ac:47:b4:37:de:40:37:39:87
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12-09-2018 00:00

Not After

11-09-2021 23:59

Subject

SERIALNUMBER=913301087595237397,CN=Hangzhou Bianfeng Networking Technology Co.\, Ltd.,O=Hangzhou Bianfeng Networking Technology Co.\, Ltd.,L=杭州,ST=浙江,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130847616f78696e7175,1.3.6.1.4.1.311.60.2.1.2=#13085a68656a69616e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e5:86:30:9b:32:44:83:1d:82:a0:10:73:56:9b:cc:4f:52:d9:a0:f0
Signer

Actual PE Digest

e5:86:30:9b:32:44:83:1d:82:a0:10:73:56:9b:cc:4f:52:d9:a0:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\BF-GIT\AsdeLobby\Publish\Panels\HintPanel.pdb

Imports

kernel32

RtlUnwind
ExitProcess
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
TerminateProcess
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetOEMCP
GetEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
GetLocaleInfoW
SetEnvironmentVariableA
GetCPInfo
CreateFileA
WriteConsoleA
AllocConsole
FreeConsole
QueryPerformanceFrequency
IsDBCSLeadByte
FindNextFileA
OutputDebugStringA
FindFirstFileA
FindClose
GetCurrentProcess
GetFileSize
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GlobalFlags
InterlockedDecrement
InterlockedIncrement
lstrcatA
WritePrivateProfileStringA
SetLastError
GlobalFree
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
CloseHandle
GlobalAddAtomA
FindResourceA
LoadResource
LockResource
SizeofResource
GetCurrentThread
GetCurrentThreadId
GlobalLock
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
FreeEnvironmentStringsW
GetTickCount

user32

SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetWindowPos
SetWindowLongA
GetDlgItem
LoadCursorA
GetSystemMetrics
GetSysColorBrush
UnregisterClassA
GetSysColor
EndPaint
BeginPaint
ReleaseDC
GetDC
ScreenToClient
GrayStringA
DrawTextExA
TabbedTextOutA
UnhookWindowsHookEx
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowTextA
SetWindowTextA
GetClassNameA
wsprintfA
GetMenuItemID
AdjustWindowRectEx
GetMenuItemCount
GetSubMenu
SetMenuItemBitmaps
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
SetFocus
ShowWindow
InvalidateRect
SetWindowRgn
DefWindowProcA
DrawTextA
SetRect
RegisterClassExA
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MessageBoxA
CallWindowProcA
RegisterClassA
GetParent
GetWindowLongA
GetClassInfoA
GetDesktopWindow
TrackMouseEvent
SetCapture
WindowFromPoint
GetWindowThreadProcessId
PostThreadMessageA
ReleaseCapture
SendMessageA
PostQuitMessage
PostMessageA
SetCursor
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetMenu
GetClientRect
UpdateWindow
SetForegroundWindow
DestroyMenu
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessagePos
GetMessageTime
LoadIconA
MapWindowPoints

gdi32

SetMapMode
GetClipBox
GetObjectA
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
CreateCompatibleDC
GetStockObject
GetTextMetricsA
SetBkMode
RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap
CreateFontIndirectA
SetTextColor
SetBkColor
SelectObject
DeleteObject
SetBitmapBits
GetBitmapBits
GetGlyphOutlineA
SetDIBitsToDevice
CreateDIBSection
CreateRoundRectRgn

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA

comctl32

ord17

shlwapi

PathFindExtensionA

oleaut32

VariantInit
VariantChangeType
VariantClear

oleacc

CreateStdAccessibleObject
LresultFromObject

winmm

timeKillEvent
timeSetEvent

Exports

Exports

PanelInterfaceCreate
PanelModelExit
PanelModelInit

Sections

.text
Size: 444KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3573e76407c4249ac88d913b27a34832

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

0d:f9:22:0d:a4:b2:20:ac:47:b4:37:de:40:37:39:87Certificate

Extended Key Usages

Key Usages

e5:86:30:9b:32:44:83:1d:82:a0:10:73:56:9b:cc:4f:52:d9:a0:f0Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

shlwapi

oleaut32

oleacc

winmm

Exports

Exports

Sections

.text Size: 444KB - Virtual size: 440KB

.rdata Size: 96KB - Virtual size: 94KB

.data Size: 12KB - Virtual size: 28KB

.rsrc Size: 16KB - Virtual size: 14KB

.reloc Size: 32KB - Virtual size: 30KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

0d:f9:22:0d:a4:b2:20:ac:47:b4:37:de:40:37:39:87
Certificate

e5:86:30:9b:32:44:83:1d:82:a0:10:73:56:9b:cc:4f:52:d9:a0:f0
Signer

.text
Size: 444KB - Virtual size: 440KB

.rdata
Size: 96KB - Virtual size: 94KB

.data
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 16KB - Virtual size: 14KB

.reloc
Size: 32KB - Virtual size: 30KB