5d41c2f6d37dcd1f98d9815784b8d453_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5d41c2f6d37dcd1f98d9815784b8d453_JaffaCakes118
Size

4.3MB
MD5

5d41c2f6d37dcd1f98d9815784b8d453
SHA1

3f84c49d5422b20a470689b926920e46c8f1a43d
SHA256

9f3ff89df28093550bafa842b306107b32848ee42f14576fcf925eaac211ec34
SHA512

5cece858e1dca21c5f3edcbac2c400356a03e11d781ccc382e99741dceeae8b177a03f225bc143e6921e021fbb5a0bddf6254fe04cf7eca0c9d4a55521225e23
SSDEEP

49152:q/fTiECzT96Se3gKlwq9cFOqFzDZAERZjp364QdxR:r4Se3gKluOqFzDZAMpc

Score

1^/10

Malware Config

Signatures

Files

5d41c2f6d37dcd1f98d9815784b8d453_JaffaCakes118
.dll windows:5 windows x86 arch:x86

75d6b927c6f0940ba087723cc3dd32b1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:30:77:ea:24:d7:37:09:f3:dd:9d:c4:f0:29:54:94
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09/01/2019, 00:00

Not After

01/02/2020, 23:59

Subject

CN=Kings Information & Network Co.\, Ltd.,O=Kings Information & Network Co.\, Ltd.,L=Hanam-si,ST=Gyeonggi-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:96:1c:25:84:46:f8:27:46:dc:dc:77:a4:0a:b8:47
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/08/2018, 00:00

Not After

20/09/2020, 23:59

Subject

SERIALNUMBER=220-81-63160,CN=Kings Information & Network Co.\, Ltd.,O=Kings Information & Network Co.\, Ltd.,L=Hanam-si,ST=Gyeonggi-do,C=KR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130848616e616d2d7369,1.3.6.1.4.1.311.60.2.1.2=#130b4779656f6e6767692d646f,1.3.6.1.4.1.311.60.2.1.3=#13024b52

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b3:ac:62:30:92:30:59:da:9a:71:86:47:0f:3b:1d:bd:43:03:fe:ee:51:4f:d6:df:0c:c3:b8:00:55:3d:88:5d
Signer

Actual PE Digest

b3:ac:62:30:92:30:59:da:9a:71:86:47:0f:3b:1d:bd:43:03:fe:ee:51:4f:d6:df:0c:c3:b8:00:55:3d:88:5d

Digest Algorithm

sha256

PE Digest Matches

true

40:c0:a4:5f:f7:fc:f6:f5:d5:51:8b:8b:72:a6:8f:cf:03:d5:94:d2
Signer

Actual PE Digest

40:c0:a4:5f:f7:fc:f6:f5:d5:51:8b:8b:72:a6:8f:cf:03:d5:94:d2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\solution\Release\kdfinj.pdb

Imports

imm32

ImmGetConversionStatus
ImmGetContext
ImmReleaseContext
ImmSetConversionStatus
ImmGetDefaultIMEWnd

shlwapi

PathRemoveBackslashW
PathAddBackslashW
PathRemoveFileSpecW
PathIsRelativeW
PathFileExistsW
PathAppendW

wintrust

WinVerifyTrust

kernel32

LeaveCriticalSection
WriteFile
GetCurrentProcess
GetModuleFileNameW
GetLocalTime
CreateDirectoryW
GetVersionExA
Sleep
DeviceIoControl
OpenMutexA
GetSystemDefaultLangID
GetUserDefaultLangID
GetModuleFileNameA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
TerminateProcess
GetTickCount
GetFullPathNameW
CopyFileW
LoadResource
LockResource
SizeofResource
GetFileAttributesW
SetFileAttributesW
FindResourceA
GetWindowsDirectoryW
DeleteFileW
GetSystemWow64DirectoryW
CreateProcessW
MoveFileW
Process32FirstW
Process32NextW
CreateMutexA
GetSystemDirectoryA
LocalFree
GetModuleHandleW
CreateFileMappingA
MapViewOfFile
EnterCriticalSection
WideCharToMultiByte
SystemTimeToFileTime
GetHandleInformation
GetSystemInfo
FlushFileBuffers
SetFilePointerEx
ReadFile
GetConsoleMode
GetConsoleCP
GetFileType
GetStdHandle
HeapSize
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
LoadLibraryExA
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
RtlUnwind
RaiseException
GetCommandLineA
HeapAlloc
HeapFree
GetCPInfo
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InterlockedExchange
MultiByteToWideChar
DeleteCriticalSection
SetFilePointer
CreateFileW
OutputDebugStringW
IsDebuggerPresent
SetLastError
LoadLibraryA
CloseHandle
CreateFileA
GetModuleHandleA
GetLastError
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
FreeLibrary
ReleaseMutex
WaitForSingleObject
GetCurrentThreadId
GetCurrentProcessId
DeactivateActCtx
ActivateActCtx
CreateActCtxA
GetModuleHandleExA
ReleaseActCtx
GetProcessHeap
IsValidCodePage
GetACP
GetOEMCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
LoadLibraryExW
ReadConsoleW
SetStdHandle
WriteConsoleW
SetEndOfFile
UnmapViewOfFile
DecodePointer
EncodePointer
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

user32

SetWindowLongA
SetWindowLongW
IsWindowUnicode
GetWindowTextW
DefWindowProcA
RegisterClassA
LoadIconA
LoadCursorA
IsWindow
SetTimer
KillTimer
SetWindowsHookExA
ToAsciiEx
GetActiveWindow
ToAscii
GetKeyboardState
GetClassNameA
GetKeyState
MapVirtualKeyA
GetAsyncKeyState
GetWindowLongA
GetFocus
GetKeyboardLayout
SendMessageA
CallNextHookEx
GetWindowThreadProcessId
GetClassNameW
GetForegroundWindow
MessageBoxW
PostMessageA
FindWindowA
GetParent
CallWindowProcA
ToUnicodeEx
wsprintfA
SendMessageTimeoutA
SetWindowPos
UnhookWindowsHookEx
CreateWindowExA

gdi32

GetStockObject

advapi32

RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
GetCurrentHwProfileA
CheckTokenMembership
CreateWellKnownSid
DuplicateToken
GetTokenInformation
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
GetSecurityDescriptorSacl
DeleteService
ControlService
StartServiceA
ChangeServiceConfigA
OpenServiceA
CreateServiceA
OpenSCManagerA
CloseServiceHandle

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
ShellExecuteA
SHGetFolderPathW
SHGetFolderPathA
ShellExecuteExW

Exports

Exports

kdfAutoStart
kdfAutoStartClean
kdfAutoStartCleanB
kdfAutoStartCleanD
kdfAutoStartCleanN
kdfAutoStartCleanTID
kdfAutoStartV
kdfAutoStart_PIDTID
kdfAutoStart_h
kdfCkeckKeylogger
kdfExProtect
kdfGetVersion
kdfMultiSetFocus
kdfSelfCheckIntegrity
kdfSetFlashE2E_INJ
kdfSetFocusIn
kdfSetFocusOut
kdfSetImageDir
kdfSetSoftCertInit
kdfSoftCertGetPwValue
kdfSoftCertGetlenght
kdfWebBrowserContextMenu
kdfWebBrowserHandleAdd
kdfWebBrowserHandleRemove

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75d6b927c6f0940ba087723cc3dd32b1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

0f:30:77:ea:24:d7:37:09:f3:dd:9d:c4:f0:29:54:94Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

69:96:1c:25:84:46:f8:27:46:dc:dc:77:a4:0a:b8:47Certificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

b3:ac:62:30:92:30:59:da:9a:71:86:47:0f:3b:1d:bd:43:03:fe:ee:51:4f:d6:df:0c:c3:b8:00:55:3d:88:5dSigner

40:c0:a4:5f:f7:fc:f6:f5:d5:51:8b:8b:72:a6:8f:cf:03:d5:94:d2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

imm32

shlwapi

wintrust

kernel32

user32

gdi32

advapi32

shell32

Exports

Exports

Sections

.text Size: 212KB - Virtual size: 211KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 11KB - Virtual size: 28KB

.rsrc Size: 4.0MB - Virtual size: 4.0MB

.reloc Size: 50KB - Virtual size: 50KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

0f:30:77:ea:24:d7:37:09:f3:dd:9d:c4:f0:29:54:94
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

69:96:1c:25:84:46:f8:27:46:dc:dc:77:a4:0a:b8:47
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

b3:ac:62:30:92:30:59:da:9a:71:86:47:0f:3b:1d:bd:43:03:fe:ee:51:4f:d6:df:0c:c3:b8:00:55:3d:88:5d
Signer

40:c0:a4:5f:f7:fc:f6:f5:d5:51:8b:8b:72:a6:8f:cf:03:d5:94:d2
Signer

.text
Size: 212KB - Virtual size: 211KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 11KB - Virtual size: 28KB

.rsrc
Size: 4.0MB - Virtual size: 4.0MB

.reloc
Size: 50KB - Virtual size: 50KB