7510dd49f7f43346f06026f297ef7466_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

7510dd49f7f43346f06026f297ef7466_JaffaCakes118
Size

946KB
MD5

7510dd49f7f43346f06026f297ef7466
SHA1

4dab99489e25c06adf25d6dbf8b3104721501513
SHA256

239c3487925ba09c2ce28e8014d860d2d20898603a0bddddf86b9101d9c29924
SHA512

058ea7e4f9c75011253aa26a1a2ab2800aa9b3fa8413200d9409fdf427965d7ad000339a2f38490e0d10cd9db46c0b2c83f5b0b6e12274ea223a557e85acea2e
SSDEEP

12288:QQqHL7nPbyjR0AJzjEjCzRXmIicuYJbCrh8DExaTcsfcymiHo:QQqHnbEXzjE4R2IlQh8QgTeiHo

Score

1^/10

Malware Config

Signatures

Files

7510dd49f7f43346f06026f297ef7466_JaffaCakes118
.dll regsvr32 windows:5 windows x64 arch:x64

6096b41056f964d7d51d57d03acf929c

Code Sign

a1:bb:85:69:95:0c:0b:20:80:a1:1a:0e:2f:61:8b:33
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07-03-2013 00:00

Not After

06-03-2016 23:59

Subject

CN=Kimahri Software inc.,O=Kimahri Software inc.,POSTALCODE=H3A 1E7,STREET=666 Sherbrooke Rue w,L=Montreal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09-07-1999 18:31

Not After

09-07-2019 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dc:11:78:5d:1c:e7:95:36:33:56:1f:df:62:43:47:82:6a:85:ab:4c
Signer

Actual PE Digest

dc:11:78:5d:1c:e7:95:36:33:56:1f:df:62:43:47:82:6a:85:ab:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

oleacc

AccessibleObjectFromWindow

urlmon

CoInternetGetSession
URLDownloadToCacheFileA

wininet

HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetReadFile
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetCrackUrlA

ws2_32

inet_ntoa
WSAStartup
WSACleanup
gethostbyname

kernel32

SetLastError
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetLastError
GetFileSize
GetFileSizeEx
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
CloseHandle
GetSystemTimeAsFileTime
ExpandEnvironmentStringsA
CreateDirectoryA
CreateFileA
LocalFree
GetModuleHandleA
CreateThread
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
MultiByteToWideChar
SetEvent
ReleaseMutex
WaitForSingleObject
WaitForMultipleObjects
Sleep
FindClose
lstrcpyA
CreateMutexA
OpenMutexA
CreateEventA
FindFirstFileA
FindNextFileA
FindFirstChangeNotificationA
LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersion
OpenProcess
InitializeCriticalSection
EncodePointer
DecodePointer
DisableThreadLibraryCalls
LoadResource
SizeofResource
lstrcmpiA
GetCurrentProcessId
RaiseException
GetModuleHandleW
FindResourceA
IsDBCSLeadByte
VirtualProtect
GetOEMCP
GetACP
IsValidCodePage
HeapSize
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetCommandLineA
VirtualQuery
GetSystemInfo
IsProcessorFeaturePresent
IsDebuggerPresent
AreFileApisANSI
HeapReAlloc
GetLocalTime
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
GetStringTypeW
VirtualFree
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetProcessHeap
HeapFree
HeapAlloc
lstrlenA
GetConsoleCP
GetConsoleMode
GetCurrentProcess
FlushInstructionCache
OutputDebugStringA
DebugBreak
GetModuleFileNameA
GetCurrentThreadId
GetFileType
SetFilePointerEx
MoveFileExW
GetTimeZoneInformation
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
OutputDebugStringW
LoadLibraryExW
LoadLibraryW
SetStdHandle
WriteConsoleW
ReadConsoleW
CreateFileW
LoadLibraryExA

user32

CallWindowProcA
CharNextA
GetClassInfoExA
CreateWindowExA
UnregisterClassA
BringWindowToTop
DefWindowProcA
LoadStringA
GetKeyboardState
AllowSetForegroundWindow
RegisterClassExA
keybd_event
GetWindowTextA
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetDesktopWindow
LoadCursorA
PostMessageA
CharLowerA
GetWindowThreadProcessId
SendMessageA
AttachThreadInput
SetWindowPos
GetForegroundWindow
SetForegroundWindow
GetWindowRect
GetParent
FindWindowA
FindWindowExA
UnhookWindowsHookEx
DestroyIcon
MessageBoxA
SendMessageTimeoutA
CharNextW
SetTimer
KillTimer
RegisterWindowMessageA
IsWindow
IsWindowVisible
CreatePopupMenu
GetMenuItemCount
InsertMenuA
DeleteMenu
TrackPopupMenuEx
GetMenuItemInfoA
GetClassNameA
SystemParametersInfoA

advapi32

LookupPrivilegeValueA
RegOpenKeyExA
RegQueryValueExA
OpenProcessToken
RegEnumValueA
RegSetValueExA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
AdjustTokenPrivileges
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
RegCloseKey

shell32

SHFileOperationA
ShellExecuteA
ShellExecuteExA
SHGetFolderPathA

ole32

CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoGetClassObject
CoInitializeEx
CoUninitialize
CoCreateGuid
CLSIDFromProgID
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VariantCopy
VariantChangeType
SysAllocStringLen
DispCallFunc
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
VariantClear
VariantInit
SysStringLen
SysFreeString
SysAllocString

shlwapi

UrlEscapeA

gdiplus

GdiplusShutdown

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 638KB - Virtual size: 637KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6096b41056f964d7d51d57d03acf929c

Code Sign

a1:bb:85:69:95:0c:0b:20:80:a1:1a:0e:2f:61:8b:33Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

dc:11:78:5d:1c:e7:95:36:33:56:1f:df:62:43:47:82:6a:85:ab:4cSigner

Headers

DLL Characteristics

File Characteristics

Imports

version

oleacc

urlmon

wininet

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

Exports

Exports

Sections

.text Size: 638KB - Virtual size: 637KB

.rdata Size: 246KB - Virtual size: 245KB

.data Size: 16KB - Virtual size: 28KB

.pdata Size: 20KB - Virtual size: 19KB

.tls Size: 512B - Virtual size: 17B

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 8KB - Virtual size: 7KB

a1:bb:85:69:95:0c:0b:20:80:a1:1a:0e:2f:61:8b:33
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

dc:11:78:5d:1c:e7:95:36:33:56:1f:df:62:43:47:82:6a:85:ab:4c
Signer

.text
Size: 638KB - Virtual size: 637KB

.rdata
Size: 246KB - Virtual size: 245KB

.data
Size: 16KB - Virtual size: 28KB

.pdata
Size: 20KB - Virtual size: 19KB

.tls
Size: 512B - Virtual size: 17B

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 8KB - Virtual size: 7KB