7ce8a3e9f1056fd6c8d9d8a666853ef2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7ce8a3e9f1056fd6c8d9d8a666853ef2_JaffaCakes118
Size

1.1MB
MD5

7ce8a3e9f1056fd6c8d9d8a666853ef2
SHA1

8a20a783802471728d82dda9742919f8dbf4e832
SHA256

5b0703dde940b9d8e5d71e016ef118436eedca66e432bf7af42ef98cd0456715
SHA512

5caf2265dafa6353a19241b4198c741f9f058a7dc3b9d3438045ddb085638047051f46a60a76e050652136b11c04082ef3ddaf682a2a53fae2aaf36a2147cbfa
SSDEEP

24576:eAkyrZvx3A4PXf+zWIFi5f2skBveDlo2Ckoi:i8O4H+zWIFe2dZexo2Ckoi

Score

1^/10

Malware Config

Signatures

Files

7ce8a3e9f1056fd6c8d9d8a666853ef2_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

d718a400be17df8ebbc0bb06a31ca6ee

Code Sign

73:d7:bf:50:0e:0c:d8:b4:ae:5c:1b:3b:20:50:95:8a
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

03/11/2009, 00:00

Not After

02/01/2011, 23:59

Subject

CN=Nara Vision co.\,Ltd,O=Nara Vision co.\,Ltd,L=SEOUL,ST=GYEONGGI-DO,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:4e:24:b9:d8:09:cd:93:c6:df:52:c0:9b:0f:0e:8a:41:6c:7d:f1
Signer

Actual PE Digest

6e:4e:24:b9:d8:09:cd:93:c6:df:52:c0:9b:0f:0e:8a:41:6c:7d:f1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\ActiveX\Kebiportal1.0\Kebiportal1.0_ENG\Release\KebiFileUploadEn.pdb

Imports

ws2_32

closesocket
send
recv
connect
gethostbyname
htons
WSASetLastError
socket
WSAGetLastError
WSAStartup
WSACleanup
inet_addr

wininet

HttpOpenRequestA
InternetConnectA
FtpFindFirstFileA
HttpSendRequestExA
HttpEndRequestA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetCloseHandle
InternetFindNextFileA
HttpQueryInfoA
HttpAddRequestHeadersA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
FtpCreateDirectoryA
InternetQueryDataAvailable
InternetSetOptionExA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetGetLastResponseInfoA
DeleteUrlCacheEntry

shlwapi

StrFormatByteSizeA
PathSetDlgItemPathA
PathStripPathA
PathFileExistsA
PathRemoveBackslashA
PathFindFileNameA
StrFormatByteSize64A
PathRemoveFileSpecA
PathAddBackslashA
PathIsRootA
PathIsDirectoryA
PathFindExtensionA
UrlUnescapeA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecW

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

GetFileAttributesA
GetFileSizeEx
GetFileTime
GetProfileIntA
InterlockedExchange
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
GetModuleHandleW
InterlockedIncrement
IsDBCSLeadByte
GetUserDefaultLCID
FindNextFileA
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GlobalFlags
GetCPInfo
GetOEMCP
GetVersion
FindResourceExA
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetCommandLineA
GetTimeFormatA
GetDateFormatA
HeapAlloc
RtlUnwind
RaiseException
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
ExitThread
CreateThread
ExitProcess
HeapSize
SetStdHandle
GetFileType
GetACP
IsValidCodePage
GetTimeZoneInformation
LCMapStringA
LCMapStringW
HeapCreate
HeapDestroy
VirtualFree
GetStdHandle
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetDriveTypeA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
CreateFileA
GetShortPathNameA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
MoveFileA
SuspendThread
SetThreadPriority
GetPrivateProfileStringA
WritePrivateProfileStringA
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
FreeResource
GetCurrentThreadId
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GetModuleFileNameA
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFree
GlobalSize
GlobalAlloc
FormatMessageA
LocalFree
lstrlenW
GetVersionExA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetCurrentDirectoryA
GetModuleHandleA
SetLastError
DeleteFileA
CopyFileA
CreateDirectoryA
GetNumberFormatA
GetFileAttributesExA
lstrcmpA
lstrcpynA
FindClose
FindFirstFileA
GlobalUnlock
GlobalLock
FreeLibrary
GetProcAddress
LoadLibraryA
MulDiv
CloseHandle
SetEvent
lstrcatA
Sleep
GetTickCount
ResumeThread
CreateEventA
GetTempPathA
WaitForSingleObject
GetLastError
MultiByteToWideChar
GetCurrentDirectoryA
FindResourceA
LoadResource
LockResource
SizeofResource
GetWindowsDirectoryA
lstrcpyA
lstrlenA
WideCharToMultiByte

user32

InvalidateRgn
SetCapture
SetRect
EnumChildWindows
LockWindowUpdate
GetMenuItemInfoA
UnregisterClassA
GetSysColorBrush
GetDialogBaseUnits
CharNextA
CopyAcceleratorTableA
MessageBeep
DestroyIcon
GetTabbedTextExtentA
GetDCEx
CreateMenu
SetParent
ShowOwnedPopups
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
CharUpperA
GetMessageA
TranslateMessage
ValidateRect
CreateDialogIndirectParamA
GetNextDlgTabItem
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
CheckMenuItem
SendDlgItemMessageA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetForegroundWindow
CreateWindowExA
GetClassInfoExA
RegisterClassA
DeferWindowPos
GetScrollInfo
SetScrollInfo
DefWindowProcA
CallWindowProcA
GetWindowPlacement
EndPaint
BeginPaint
GetWindowDC
UnhookWindowsHookEx
IsChild
AdjustWindowRectEx
GetClassNameA
UnpackDDElParam
ReuseDDElParam
DestroyMenu
WinHelpA
SetWindowPos
SetFocus
GetWindowThreadProcessId
GetActiveWindow
IsWindowEnabled
EqualRect
GetDlgItem
GetDlgCtrlID
GetKeyState
PeekMessageA
SetActiveWindow
IsWindowVisible
InsertMenuItemA
CreatePopupMenu
GetClassInfoA
IntersectRect
SetRectEmpty
GetMenu
GetLastActivePopup
SetMenu
ShowWindow
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
RemoveMenu
UpdateWindow
GetFocus
FrameRect
SetScrollPos
BringWindowToTop
RegisterWindowMessageA
ScreenToClient
GetSubMenu
EnableMenuItem
LoadMenuA
LoadAcceleratorsA
TranslateAcceleratorA
GetNextDlgGroupItem
ReleaseCapture
ClientToScreen
SetWindowRgn
DrawFocusRect
DrawEdge
WindowFromPoint
GetCapture
GetWindowLongA
EndDialog
FindWindowA
GrayStringA
DrawTextExA
TabbedTextOutA
OffsetRect
IsRectEmpty
SystemParametersInfoA
CopyRect
RegisterClipboardFormatA
RedrawWindow
PtInRect
GetCursorPos
LoadCursorA
InflateRect
ReleaseDC
GetDC
GetParent
GetWindowRect
IsWindow
SetWindowLongA
SetCursor
DrawTextA
GetSysColor
MessageBoxA
KillTimer
SetTimer
PostThreadMessageA
FillRect
InvalidateRect
GetDesktopWindow
PostMessageA
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
LoadIconA
SendMessageA
EnableWindow
LoadBitmapA
wsprintfA
GetWindow

gdi32

GetTextExtentPoint32A
GetDIBColorTable
GetWindowOrgEx
GetViewportOrgEx
CreateRectRgn
TextOutA
PtVisible
RectVisible
ExtTextOutA
Escape
StretchBlt
SelectClipRgn
GetPixel
CombineRgn
RoundRect
SelectPalette
CreateFontIndirectA
CreateRectRgnIndirect
SetRectRgn
GetMapMode
LPtoDP
CreateMetaFileA
CloseMetaFile
SetBkMode
GetTextMetricsA
GetTextColor
GetRgnBox
GetTextAlign
EnumFontFamiliesExA
Rectangle
UnrealizeObject
GetStockObject
ExtSelectClipRgn
SelectObject
SetTextColor
CreatePen
CreatePalette
RealizePalette
DeleteDC
GetDeviceCaps
CreateDCA
CreateSolidBrush
PatBlt
DeleteObject
BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
DeleteMetaFile
GetObjectA
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
GetClipBox
SetMapMode
SetROP2
SetBkColor
RestoreDC
SaveDC
CopyMetaFileA
GetBkColor
GetCurrentObject
CreatePatternBrush

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegDeleteValueA
RegEnumKeyA
RegCreateKeyA
RegOpenKeyA
RegDeleteKeyA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueA
RegCloseKey
RegQueryValueA

shell32

ExtractIconA
SHGetSpecialFolderPathA
SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetDesktopFolder
ShellExecuteExA
SHCreateDirectoryExA
DragQueryFileA
DragFinish

comctl32

_TrackMouseEvent

oledlg

ord8

ole32

StringFromGUID2
CoDisconnectObject
CoCreateInstance
CoTaskMemFree
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CoUninitialize
CoInitializeEx
CreateOleAdviseHolder
CreateDataAdviseHolder
ReadFmtUserTypeStg
StringFromCLSID
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard
CLSIDFromProgID
CLSIDFromString
OleSaveToStream
CoRegisterClassObject
CoRevokeClassObject
CreateDataCache
ReadClassStm
CoRegisterMessageFilter
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleFlushClipboard
OleIsCurrentClipboard
OleLoadFromStream
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CreateStreamOnHGlobal

oleaut32

VariantClear
OleCreatePictureIndirect
SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantCopy
OleLoadPicture
OleCreatePropertyFrame
LoadTypeLi
RegisterTypeLi
VariantInit
VariantChangeType
LoadRegTypeLi
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocStringLen
SafeArrayDestroy

urlmon

URLDownloadToFileA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 600KB - Virtual size: 600KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d718a400be17df8ebbc0bb06a31ca6ee

Code Sign

73:d7:bf:50:0e:0c:d8:b4:ae:5c:1b:3b:20:50:95:8aCertificate

Extended Key Usages

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

6e:4e:24:b9:d8:09:cd:93:c6:df:52:c0:9b:0f:0e:8a:41:6c:7d:f1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wininet

shlwapi

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

urlmon

Exports

Exports

Sections

.text Size: 600KB - Virtual size: 600KB

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 16KB - Virtual size: 33KB

.rsrc Size: 332KB - Virtual size: 331KB

.reloc Size: 61KB - Virtual size: 61KB

73:d7:bf:50:0e:0c:d8:b4:ae:5c:1b:3b:20:50:95:8a
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

6e:4e:24:b9:d8:09:cd:93:c6:df:52:c0:9b:0f:0e:8a:41:6c:7d:f1
Signer

.text
Size: 600KB - Virtual size: 600KB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 16KB - Virtual size: 33KB

.rsrc
Size: 332KB - Virtual size: 331KB

.reloc
Size: 61KB - Virtual size: 61KB