7f1cb5e298dcb488d02d3d678f93417f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7f1cb5e298dcb488d02d3d678f93417f_JaffaCakes118
Size

115KB
MD5

7f1cb5e298dcb488d02d3d678f93417f
SHA1

6531cc345feb3470f6a82a72d1c3337aa48ec548
SHA256

5ef02d9a90698480d5327b48eb595ad4192bc2e274d9185be4a3cf9df0bbfd71
SHA512

86a1d4f1d4004b0524c5e44878f045ca3868181f36e4ea9ee8d8dfed1738d9fcb1cc9bb4b090a91e30fd202e04dee6a02bd90e093e549ce29eae230549a9a0df
SSDEEP

3072:aBswiA6m7MdiJRhvzcBo4lTBfImL6rAeKOfTKdf:On6modijN8lTBZhOfT8

Score

1^/10

Malware Config

Signatures

Files

7f1cb5e298dcb488d02d3d678f93417f_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a85a42d25515a1eff314f80628f7dfaf

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:66:9b:73:b2:5f:87:63:b3:33:78:e5
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

13/07/2016, 09:16

Not After

21/07/2019, 08:09

Subject

CN=深圳市为爱普信息技术有限公司,OU=IT Dept.,O=深圳市为爱普信息技术有限公司,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dd:67:4c:c9:6a:ea:3b:2f:9b:e3:74:62:b7:6d:b1:c3:7d:db:b4:77
Signer

Actual PE Digest

dd:67:4c:c9:6a:ea:3b:2f:9b:e3:74:62:b7:6d:b1:c3:7d:db:b4:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\idm_2010\Release\idm_813.pdb

Imports

kernel32

CreateEventA
GetExitCodeThread
WaitForMultipleObjects
CloseHandle
CreateThread
DeleteFileW
GetEnvironmentVariableW
SetEnvironmentVariableW
SetEvent
MultiByteToWideChar
GetLocalTime
GetTempPathA
WaitForSingleObject
DeleteFileA
CopyFileW
Sleep
LoadLibraryW
FreeLibrary
GetCurrentThreadId
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
EncodePointer
DecodePointer
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter

advapi32

RegCloseKey
RegCreateKeyExW
CryptGenRandom
CryptAcquireContextA
CryptReleaseContext
RegSetValueExW

shell32

SHGetSpecialFolderPathW

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

ws2_32

connect
WSAStartup
select
htons
setsockopt
recv
socket
send
gethostbyname
closesocket

libcurl

curl_easy_setopt
curl_easy_perform
curl_easy_cleanup
curl_slist_free_all
curl_easy_init
curl_slist_append

shlwapi

PathFileExistsW

libeay32

ord129
ord943
ord2131
ord2111
ord671
ord95
ord281
ord486
ord1973
ord673
ord52
ord283
ord669
ord150
ord1954
ord670
ord98
ord66
ord484
ord401
ord4445
ord53
ord1882
ord400
ord78
ord196
ord1804
ord197
ord641
ord333
ord1177
ord3686
ord668
ord279
ord1508
ord1175
ord419
ord161
ord8
ord541
ord633
ord421
ord1253
ord674
ord664

ssleay32

ord25
ord94
ord86
ord78
ord108
ord12
ord127
ord96
ord75
ord130
ord125
ord58
ord170
ord28
ord8
ord48
ord83

libplist2

plist_dict_set_item
plist_array_get_size
plist_get_string_val
plist_from_bin
plist_new_data
plist_from_xml
plist_get_real_val
plist_new_real
plist_dict_remove_item
plist_dict_get_item
plist_array_get_item
plist_new_string
plist_copy
plist_get_data_val
plist_new_dict
plist_to_xml
plist_new_key
plist_to_bin
plist_get_bool_val
plist_new_bool
plist_new_array
plist_get_uint_val
plist_array_append_item
plist_new_uint
plist_free
plist_get_node_type
plist_get_key_val

msvcr100

_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
_encoded_null
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
_CxxThrowException
memset
memcpy
_malloc_crt
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
fseek
ftell
fwrite
vsprintf_s
__CxxFrameHandler3
_snwprintf
__iob_func
perror
_wcsdup
memchr
strstr
realloc
_time64
wcsrchr
_errno
_fseeki64
rewind
strerror
_ftelli64
??2@YAPAXI@Z
??3@YAXPAX@Z
clock
memmove
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
fclose
_strdup
fread
strtok
_snprintf
_wfopen
malloc
free
strncmp

Exports

Exports

cancel_proxy_813
init_dll_813
jb83
set_proxy_813

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a85a42d25515a1eff314f80628f7dfaf

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

6b:66:9b:73:b2:5f:87:63:b3:33:78:e5Certificate

Extended Key Usages

Key Usages

dd:67:4c:c9:6a:ea:3b:2f:9b:e3:74:62:b7:6d:b1:c3:7d:db:b4:77Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

msvcp100

ws2_32

libcurl

shlwapi

libeay32

ssleay32

libplist2

msvcr100

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 7KB - Virtual size: 6KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

6b:66:9b:73:b2:5f:87:63:b3:33:78:e5
Certificate

dd:67:4c:c9:6a:ea:3b:2f:9b:e3:74:62:b7:6d:b1:c3:7d:db:b4:77
Signer

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 7KB - Virtual size: 6KB