61f7e7e1f2cca4ad4cb835eaee5823b4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

61f7e7e1f2cca4ad4cb835eaee5823b4_JaffaCakes118
Size

699KB
MD5

61f7e7e1f2cca4ad4cb835eaee5823b4
SHA1

0009e7d7b6602c050d025463837621fbb3fdb784
SHA256

39df894ea2d1684b2a8b01264f954d739328df34b447036ff44e855fb89e0e45
SHA512

91ddb758a3278c4c1b5ffecc67b24bbc59bd6cbafef8e5f78523e443141e31eb11463fd73461e3ee93592f5f935953f50998967867afd5c6feb51524c8c894c1
SSDEEP

12288:rLgND9oSg6Q1bq3WOy4jyyoPBv58Lc7jvG665Rent4XeLg8xkuVzz5oc1drwA:rDPY3WOy4eyoZv58Lc7jvz65RenqeLg8

Score

1^/10

Malware Config

Signatures

Files

61f7e7e1f2cca4ad4cb835eaee5823b4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0a8cd77c677fa3b432260196eef09e14

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:e2:99:00:6f:7a:e2:5e:06:2b:1a:7a:06:7f:c5:48
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

05/04/2006, 00:00

Not After

13/04/2009, 23:59

Subject

CN=CyberLink,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CyberLink,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

80:08:a0:6f:6b:2f:64:4c:44:ad:36:83:8d:54:57:0e:e3:84:43:98
Signer

Actual PE Digest

80:08:a0:6f:6b:2f:64:4c:44:ad:36:83:8d:54:57:0e:e3:84:43:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
GetProcAddress
GetCurrentProcess
GetProcessAffinityMask
CloseHandle
Sleep
GetModuleHandleA
GetCurrentThread
GetModuleFileNameA
GetTempPathA
FindFirstFileA
DeleteFileA
FindNextFileA
FindClose
lstrlenA
LoadLibraryA
GetTempFileNameA
CopyFileA
FreeLibrary
SetThreadPriority
InterlockedIncrement
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
IsBadReadPtr
IsBadWritePtr
GetStringTypeW
GetStringTypeA
InterlockedDecrement
GetFullPathNameA
RaiseException
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
IsBadCodePtr
SetUnhandledExceptionFilter
HeapFree
HeapAlloc
RtlUnwind
GetCommandLineA
GetVersion
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TerminateProcess
HeapSize
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetFilePointer

user32

DefWindowProcA
GetClassInfoA
LoadCursorA
RegisterClassExA
CreateWindowExA
ShowWindow
DestroyWindow
UnregisterClassA
wsprintfA
PostQuitMessage

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

pthreadvc2

pthread_cond_destroy
pthread_mutex_lock
pthread_cond_wait
pthread_mutex_unlock
pthread_cond_broadcast
pthread_cond_signal
pthread_attr_init
pthread_attr_setdetachstate
pthread_join
pthread_attr_destroy
pthread_mutex_destroy
pthread_create

Exports

Exports

CreateCL264Decoder
CreateCNonrefdecInstance
CreateIFMTdec
CreateMSMTdec
DecodeIFMT
DecodeMSMT
DecodeNonref
IsDllUsing
ReleaseCNonrefdecInstance
ReleaseIFMTdec
ReleaseMSMTdec
ResetCNonrefdecInstance
SetDeocderInstanceIndex
SetThreadNum

Sections

.text
Size: 548KB - Virtual size: 545KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 4KB - Virtual size: 508B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a8cd77c677fa3b432260196eef09e14

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

79:e2:99:00:6f:7a:e2:5e:06:2b:1a:7a:06:7f:c5:48Certificate

Extended Key Usages

Key Usages

80:08:a0:6f:6b:2f:64:4c:44:ad:36:83:8d:54:57:0e:e3:84:43:98Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

pthreadvc2

Exports

Exports

Sections

.text Size: 548KB - Virtual size: 545KB

.text1 Size: 4KB - Virtual size: 508B

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 48KB - Virtual size: 2.3MB

.data1 Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 52KB - Virtual size: 49KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

79:e2:99:00:6f:7a:e2:5e:06:2b:1a:7a:06:7f:c5:48
Certificate

80:08:a0:6f:6b:2f:64:4c:44:ad:36:83:8d:54:57:0e:e3:84:43:98
Signer

.text
Size: 548KB - Virtual size: 545KB

.text1
Size: 4KB - Virtual size: 508B

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 48KB - Virtual size: 2.3MB

.data1
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 52KB - Virtual size: 49KB