95a2fc3474a2d9ebbb34445c0436a73c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

95a2fc3474a2d9ebbb34445c0436a73c_JaffaCakes118
Size

85KB
MD5

95a2fc3474a2d9ebbb34445c0436a73c
SHA1

817657d2c6cf92dc73525de27a9e15f6db3435cb
SHA256

f22b01eb441699f871fd9afa248ffcba93d8ce24d52a7b538a3c190e17ad0a67
SHA512

392dcc51cf04cde2d50ca0ef20b1a75f3e47a45deb4a20fd333de894a7c17fd16500e24522863703143ee4f1d4e9224a286052eabde9afd3d3e545abe92b35af
SSDEEP

1536:7pg8AuPmrGRBn82dDtP4a75XlostmTPpfMNrnrSD/BcLfH/AFXN:68RRBnzdDtP4wsstkqbIeIT

Score

1^/10

Malware Config

Signatures

Files

95a2fc3474a2d9ebbb34445c0436a73c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c52c2645b0213663496448c57b973427

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:e2:99:00:6f:7a:e2:5e:06:2b:1a:7a:06:7f:c5:48
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

05/04/2006, 00:00

Not After

13/04/2009, 23:59

Subject

CN=CyberLink,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CyberLink,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d8:4f:b0:f4:db:7e:2b:77:91:31:6b:8d:51:b4:e2:20:b0:2c:aa:14
Signer

Actual PE Digest

d8:4f:b0:f4:db:7e:2b:77:91:31:6b:8d:51:b4:e2:20:b0:2c:aa:14

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_onexit
__dllonexit
_adjust_fdiv
malloc
_initterm
free
?terminate@@YAXXZ
_ftol
_except_handler3
sprintf
strstr
memmove
__CxxFrameHandler
_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z
_splitpath

kernel32

DisableThreadLibraryCalls
GetCurrentThread
GetThreadPriority
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
SetProcessAffinityMask
Sleep
VirtualFree
VirtualAlloc
GetProcAddress
LoadLibraryA
GetModuleFileNameA
FreeLibrary

user32

wsprintfA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Exports

Exports

??0CPL2XAPI@@QAE@ABV0@@Z
??0CPL2XAPI@@QAE@XZ
??0CPL2XDLL@@QAE@ABV0@@Z
??0CPL2XDLL@@QAE@XZ
??1CPL2XAPI@@UAE@XZ
??1CPL2XDLL@@UAE@XZ
??4CPL2XAPI@@QAEAAV0@ABV0@@Z
??_7CPL2XAPI@@6B@
??_7CPL2XDLL@@6B@
?DSPexp@CPL2XDLL@@QAENN@Z
?DSPlog@CPL2XDLL@@QAENN@Z
?DSPrnd2@CPL2XDLL@@QAENHHN@Z
?PL2X_Close@CPL2XDLL@@UAEJXZ
?PL2X_GetCurSettings@CPL2XDLL@@UAEJPAUtagPL2SETTINGS@@@Z
?PL2X_GetMode@CPL2XDLL@@UAEJKPAK@Z
?PL2X_Init@CPL2XDLL@@UAEJXZ
?PL2X_Open@CPL2XDLL@@UAEJPAUtagPL2SETTINGS@@@Z
?PL2X_Process@CPL2XDLL@@UAEJPAPAX0K@Z
?PL2X_Process_Kernel@CPL2XDLL@@QAEJPAPAX0K@Z
?PL2X_Reset@CPL2XDLL@@UAEJXZ
?PL2X_SetCurSettings@CPL2XDLL@@UAEJPAUtagPL2SETTINGS@@@Z
?PL2X_SetMode@CPL2XDLL@@UAEJKK@Z
?biquad@CPL2XDLL@@QAEXPANF0FPAUBIQUAD_CFS@@PAUBIQUAD_VARS@@F@Z
?dolby_sub@CPL2XDLL@@QAE?AUdolby_sip@@U2@@Z
?polezero@CPL2XDLL@@QAEXPANF0FPAUPOLEZERO_CFS@@PAUPOLEZERO_VARS@@F@Z
?prol_ii_init@CPL2XDLL@@QAEXPAUpro_logic_ii_pl@@@Z
?prol_ii_main@CPL2XDLL@@QAEXXZ
?prol_ii_side@CPL2XDLL@@QAEXXZ
?prologic_ii@CPL2XDLL@@QAE?AUdolby_sip@@U2@@Z
GetPL2XDLL
TEST

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c52c2645b0213663496448c57b973427

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

79:e2:99:00:6f:7a:e2:5e:06:2b:1a:7a:06:7f:c5:48Certificate

Extended Key Usages

Key Usages

d8:4f:b0:f4:db:7e:2b:77:91:31:6b:8d:51:b4:e2:20:b0:2c:aa:14Signer

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 41KB

.text1 Size: 4KB - Virtual size: 76B

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 7KB

.idata Size: 4KB - Virtual size: 1KB

.data1 Size: 4KB - Virtual size: 120B

.rsrc Size: 4KB - Virtual size: 984B

.reloc Size: 4KB - Virtual size: 2KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

79:e2:99:00:6f:7a:e2:5e:06:2b:1a:7a:06:7f:c5:48
Certificate

d8:4f:b0:f4:db:7e:2b:77:91:31:6b:8d:51:b4:e2:20:b0:2c:aa:14
Signer

.text
Size: 44KB - Virtual size: 41KB

.text1
Size: 4KB - Virtual size: 76B

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 7KB

.idata
Size: 4KB - Virtual size: 1KB

.data1
Size: 4KB - Virtual size: 120B

.rsrc
Size: 4KB - Virtual size: 984B

.reloc
Size: 4KB - Virtual size: 2KB