6235de3f8c299d09e6b3d421499329bf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6235de3f8c299d09e6b3d421499329bf_JaffaCakes118
Size

188KB
MD5

6235de3f8c299d09e6b3d421499329bf
SHA1

3fd4f3e59f4384e96265952fd8fdfb261d12a514
SHA256

85f85f4beb31112e92b35270b3aa7a08022827594d9f80477f570aecd6826076
SHA512

6df1e843fee34724243fb0a2bcac88d31ce2930cdf6db32b6b18fa924b5aacbba8f7cac53a8be2b4f4bfe3c7361fdb6bb6daff73a79efc210670916a84372a5a
SSDEEP

3072:06xTN1CvHguW5GvsnOPUi5ocUFrFvJi3G1rdoJBKyJEzFhsg:06xTNsouW5DnOci5ofFrFUIraB0Fhsg

Score

1^/10

Malware Config

Signatures

Files

6235de3f8c299d09e6b3d421499329bf_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1d7c656692803d3ab8f8ebe9891cbed6

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

11:21:67:1b:9c:9c:88:b9:69:99:d2:12:24:77:66:a5:d4:04
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/12/2013, 17:49

Not After

01/03/2017, 12:33

Subject

CN=Biz Secure Labs Pvt. Ltd.,O=Biz Secure Labs Pvt. Ltd.,L=Pune,ST=Maharashfra,C=IN,1.2.840.113549.1.9.1=#0c1a737570706f727440696e646961616e746976697275732e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

15:8d:29:f6:92:03:d2:fe:1c:f5:6e:a2:9e:54:3e:30:a2:3f:c2:f5
Signer

Actual PE Digest

15:8d:29:f6:92:03:d2:fe:1c:f5:6e:a2:9e:54:3e:30:a2:3f:c2:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

sqlite3

sqlite3_get_autocommit
sqlite3_prepare_v2
sqlite3_busy_timeout
sqlite3_last_insert_rowid
sqlite3_get_table
sqlite3_exec
sqlite3_close
sqlite3_open
sqlite3_bind_parameter_index
sqlite3_bind_parameter_count
sqlite3_bind_parameter_name
sqlite3_bind_null
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_text
sqlite3_changes
sqlite3_reset
sqlite3_free_table
sqlite3_step
sqlite3_finalize
sqlite3_errmsg
sqlite3_column_type
sqlite3_column_decltype
sqlite3_column_name
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_column_double
sqlite3_column_int64
sqlite3_column_int
sqlite3_column_text
sqlite3_column_count
sqlite3_vmprintf
sqlite3_mprintf
sqlite3_free

netapi32

NetWkstaUserEnum

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses

advapi32

RegEnumKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
GetSidLengthRequired
InitializeSid
RegOpenKeyExA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegQueryInfoKeyA
RegEnumKeyExA
FreeSid
RegCreateKeyA
RegQueryValueExA
GetUserNameA
RegOpenKeyA
RegDeleteValueA
RegCloseKey
LookupAccountNameA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

shell32

StrStrA
SHGetSpecialFolderPathA
StrStrIA

shlwapi

PathRemoveFileSpecA
SHDeleteKeyA
PathFileExistsA

kernel32

IsBadReadPtr
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
ReadFile
IsBadCodePtr
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
UnhandledExceptionFilter
GetCurrentThread
TlsGetValue
SetLastError
InterlockedDecrement
InterlockedIncrement
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
SetConsoleCtrlHandler
Sleep
LCMapStringA
LCMapStringW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoW
SetFilePointer
GetSystemTime
TlsFree
TlsAlloc
GetCurrentThreadId
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
FatalAppExitA
ExitProcess
LeaveCriticalSection
CopyFileA
GetModuleFileNameA
GetVersionExA
SetFileAttributesA
lstrcmpiA
CloseHandle
GetFileSize
GetLastError
CreateFileA
GetSystemDirectoryA
DeleteFileA
MultiByteToWideChar
ExpandEnvironmentStringsA
GetLocalTime
HeapSize
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileTime
GetModuleHandleA
CreateDirectoryA
TerminateProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
FindClose
FindNextFileA
FindFirstFileA
GetCurrentProcess
GetProcAddress
WritePrivateProfileStringA
GetPrivateProfileStringA
MoveFileA
FreeLibrary
LoadLibraryA
HeapFree
HeapAlloc
GetProcessHeap
LocalAlloc
LocalFree
WideCharToMultiByte
HeapReAlloc
RaiseException
RtlUnwind
ResumeThread
CreateThread
TlsSetValue
ExitThread
GetTimeZoneInformation
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection

Exports

Exports

GetCount
LnkScn

Sections

.text
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d7c656692803d3ab8f8ebe9891cbed6

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

11:21:67:1b:9c:9c:88:b9:69:99:d2:12:24:77:66:a5:d4:04Certificate

Extended Key Usages

Key Usages

15:8d:29:f6:92:03:d2:fe:1c:f5:6e:a2:9e:54:3e:30:a2:3f:c2:f5Signer

Headers

File Characteristics

Imports

sqlite3

netapi32

psapi

advapi32

ole32

shell32

shlwapi

kernel32

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 132KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 20KB - Virtual size: 58KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

11:21:67:1b:9c:9c:88:b9:69:99:d2:12:24:77:66:a5:d4:04
Certificate

15:8d:29:f6:92:03:d2:fe:1c:f5:6e:a2:9e:54:3e:30:a2:3f:c2:f5
Signer

.text
Size: 136KB - Virtual size: 132KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 20KB - Virtual size: 58KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB