837ef4122ba9c8b298c725b53a2377ca_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

837ef4122ba9c8b298c725b53a2377ca_JaffaCakes118
Size

176KB
MD5

837ef4122ba9c8b298c725b53a2377ca
SHA1

b0c2ad95f3a4b40ad19f589811132ce5a2a4737c
SHA256

106bfae73d0f6b658ab1689af0034f043e077da3c9622de50b8f5cadb12ce72c
SHA512

1872853ab2584ab37c030c8828afe07380234bf7a7cf0576b267ec91f2fd7446c682c57dffa21054e4122a12b2f88d18b742e22995b63be86af12d514a8005d7
SSDEEP

3072:NjJU529ggyM3gcsyVvk/cJDOtBD0YStzniFN+rHXcivpa:Byv0BjkOxYStKN+rHsivY

Score

1^/10

Malware Config

Signatures

Files

837ef4122ba9c8b298c725b53a2377ca_JaffaCakes118
.dll windows:5 windows x86 arch:x86

b48431691ead7ee714d0c5b64e5a9920

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/03/2015, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Ekaterina Afanasova,OU=Individual Developer,O=No Organization Affiliation,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:bc:4b:1e:9b:f9:97:2f:a9:60:35:d3:6e:c6:6d:81:16:ed:30:0d
Signer

Actual PE Digest

6a:bc:4b:1e:9b:f9:97:2f:a9:60:35:d3:6e:c6:6d:81:16:ed:30:0d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
GetLastError
lstrlenA
CloseHandle
LocalFree
GetProcessHeap
SetEndOfFile
CreateFileW
WriteConsoleW
SetStdHandle
InterlockedIncrement
InterlockedExchange
GetStringTypeW
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
HeapFree
RaiseException
RtlUnwind
HeapAlloc
GetCPInfo
GetCurrentThreadId
GetCommandLineA
LCMapStringW
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetProcAddress
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
ExitProcess
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
GetStartupInfoW
FlushFileBuffers
GetACP
GetOEMCP
IsValidCodePage
ReadFile
SetFilePointer
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
SysFreeString
SysAllocString
GetErrorInfo

Exports

Exports

SendReqFromFile
encodeForRequest
getChromeExtensions
getFirefoxExtensions

Sections

.text
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b48431691ead7ee714d0c5b64e5a9920

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8eCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

6a:bc:4b:1e:9b:f9:97:2f:a9:60:35:d3:6e:c6:6d:81:16:ed:30:0dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 149KB - Virtual size: 149KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 11KB - Virtual size: 11KB

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

6a:bc:4b:1e:9b:f9:97:2f:a9:60:35:d3:6e:c6:6d:81:16:ed:30:0d
Signer

.text
Size: 149KB - Virtual size: 149KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 11KB - Virtual size: 11KB