9c119de501aeb4e9998b95ded3af62ca_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9c119de501aeb4e9998b95ded3af62ca_JaffaCakes118
Size

294KB
MD5

9c119de501aeb4e9998b95ded3af62ca
SHA1

7ea28f0b0e9a000e78cc838a9e088b82f727c07b
SHA256

3bf36ef6a43dfceca07ec228b7f40b81c8c7f5ad0a9820421010778a4b72b23a
SHA512

9f288650c994fb809478fe58e203fc428e8eed39e1f4ce1eba2404a2c1f6b77726343df1c0664b4d7b71d7d6d21077e913abe18f00c2f8172bae5f5cc025785e
SSDEEP

3072:+PzyUm4A0j4s4b4CBynsD8ZErzZU48tZFGtLaBWyINqEle8WDTYz4+fx6MDrDc/e:kq4A0bPCBynpWiYLarINo3YUGmz4dY2

Score

1^/10

Malware Config

Signatures

Files

9c119de501aeb4e9998b95ded3af62ca_JaffaCakes118
.dll windows:5 windows x86 arch:x86

5bd1bcdf0abc386a9629ac3816014570

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:71:ee:52:6a:cb:6f:9b:e2:01:f5:a8:e2:03:c4:1c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/04/2015, 00:00

Not After

12/07/2017, 23:59

Subject

CN=Elex do Brasil Participações Ltda,O=Elex do Brasil Participações Ltda,L=Sao Paulo,ST=Consolacao,C=BR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:71:ee:52:6a:cb:6f:9b:e2:01:f5:a8:e2:03:c4:1c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/04/2015, 00:00

Not After

12/07/2017, 23:59

Subject

CN=Elex do Brasil Participações Ltda,O=Elex do Brasil Participações Ltda,L=Sao Paulo,ST=Consolacao,C=BR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

36:ae:f0:7b:7e:16:19:64:d8:db:2b:dc:df:f3:89:d5:e9:f5:fe:82:80:82:91:3d:86:f0:a5:49:ce:0e:73:4f
Signer

Actual PE Digest

36:ae:f0:7b:7e:16:19:64:d8:db:2b:dc:df:f3:89:d5:e9:f5:fe:82:80:82:91:3d:86:f0:a5:49:ce:0e:73:4f

Digest Algorithm

sha256

PE Digest Matches

true

9d:c8:6b:f6:56:ea:59:80:d1:ab:ac:1c:20:69:38:0d:9b:51:53:54
Signer

Actual PE Digest

9d:c8:6b:f6:56:ea:59:80:d1:ab:ac:1c:20:69:38:0d:9b:51:53:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\build\isafe\branches\RFHost6.9RemoveSafeScan\bin\iSafeMon.pdb

Imports

kernel32

GetCurrentProcessId
OpenProcess
CloseHandle
GetModuleHandleW
GetEnvironmentVariableW
SetEnvironmentVariableW
LoadLibraryW
FreeLibrary
CreateEventW
GetModuleHandleExW
CreateThread
InterlockedExchange
SetEvent
GetExitCodeThread
FreeLibraryAndExitThread
lstrlenW
lstrcpynW
GetTickCount
GetVersion
LocalAlloc
LocalFree
GetCurrentProcess
InterlockedIncrement
FlushInstructionCache
VirtualFree
ExitThread
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetModuleHandleA
SetThreadPriority
TerminateThread
ReleaseSemaphore
ReleaseMutex
WaitForMultipleObjects
WriteFile
ReadFile
OutputDebugStringW
CreatePipe
lstrcpyA
lstrcatA
lstrlenA
CreateSemaphoreW
CreateFileMappingW
LoadLibraryA
VirtualQuery
ReadProcessMemory
GetModuleFileNameA
CreateFileW
VirtualProtect
VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
VirtualQueryEx
HeapAlloc
HeapFree
GetProcessHeap
CreateRemoteThread
GetCurrentThread
GetCurrentThreadId
WriteProcessMemory
VirtualAlloc
CreateMutexW
OpenMutexW
OpenEventW
OpenFileMappingW
GetThreadContext
lstrcpyW
GetWindowsDirectoryW
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LoadLibraryExW
LCMapStringW
GetProcAddress
WaitForSingleObject
GetCommandLineW
GetModuleFileNameW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
MultiByteToWideChar
GetVersionExW
DuplicateHandle
InitializeCriticalSectionAndSpinCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
EncodePointer
DecodePointer
GetCommandLineA
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
InterlockedDecrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
ExitProcess
GetStdHandle
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
FlushFileBuffers

user32

CharLowerW
wsprintfW
TranslateMessage
GetUserObjectInformationA
GetThreadDesktop
CloseDesktop
OpenInputDesktop
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW

advapi32

GetKernelObjectSecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetLengthSid

shlwapi

StrChrW
StrCmpIW
StrStrW

psapi

GetProcessImageFileNameW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5bd1bcdf0abc386a9629ac3816014570

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

06:71:ee:52:6a:cb:6f:9b:e2:01:f5:a8:e2:03:c4:1cCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

06:71:ee:52:6a:cb:6f:9b:e2:01:f5:a8:e2:03:c4:1cCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

36:ae:f0:7b:7e:16:19:64:d8:db:2b:dc:df:f3:89:d5:e9:f5:fe:82:80:82:91:3d:86:f0:a5:49:ce:0e:73:4fSigner

9d:c8:6b:f6:56:ea:59:80:d1:ab:ac:1c:20:69:38:0d:9b:51:53:54Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shlwapi

psapi

version

Sections

.text Size: 159KB - Virtual size: 159KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 37KB - Virtual size: 45KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 25KB - Virtual size: 25KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

06:71:ee:52:6a:cb:6f:9b:e2:01:f5:a8:e2:03:c4:1c
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

06:71:ee:52:6a:cb:6f:9b:e2:01:f5:a8:e2:03:c4:1c
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

36:ae:f0:7b:7e:16:19:64:d8:db:2b:dc:df:f3:89:d5:e9:f5:fe:82:80:82:91:3d:86:f0:a5:49:ce:0e:73:4f
Signer

9d:c8:6b:f6:56:ea:59:80:d1:ab:ac:1c:20:69:38:0d:9b:51:53:54
Signer

.text
Size: 159KB - Virtual size: 159KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 37KB - Virtual size: 45KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 25KB - Virtual size: 25KB