9fdbb5aa059f83bee3cb0f25d8b0c7e0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9fdbb5aa059f83bee3cb0f25d8b0c7e0_JaffaCakes118
Size

997KB
MD5

9fdbb5aa059f83bee3cb0f25d8b0c7e0
SHA1

c3884cc437057e1e4c62c173680af5d536cb5f18
SHA256

87d3dd9bb2455c8c057fb2911d34279eddc3fc668bc7f210eeda7397cbc1aab0
SHA512

88aa58f9437726aa36ce8cb870bc2f280856be5b8ca3d40e302a08430c433a6d66400e2757a8cab1b4b9e410ab1b41c1087129c4d8682ac628f4493fd72f2856
SSDEEP

24576:3OnFXeKBstkrLUOQSh0mvDqyvGxAKHfJ4zmo1:3ORJUOxqD2Kx4io1

Score

1^/10

Malware Config

Signatures

Files

9fdbb5aa059f83bee3cb0f25d8b0c7e0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c54fd74ef6efd029dece02ae23426edb

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:e2:99:00:6f:7a:e2:5e:06:2b:1a:7a:06:7f:c5:48
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

05-04-2006 00:00

Not After

13-04-2009 23:59

Subject

CN=CyberLink,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CyberLink,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

31:b6:93:2c:dd:40:fa:0b:3d:6d:45:4d:12:25:88:b4:dd:ed:3f:a8
Signer

Actual PE Digest

31:b6:93:2c:dd:40:fa:0b:3d:6d:45:4d:12:25:88:b4:dd:ed:3f:a8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
GetProcessAffinityMask
CloseHandle
Sleep
GetModuleHandleA
GetCurrentThread
SetThreadAffinityMask
GetModuleFileNameA
GetTempPathA
FindFirstFileA
DeleteFileA
FindNextFileA
FindClose
LoadLibraryA
GetTempFileNameA
CopyFileA
FreeLibrary
SetThreadPriority
GetProcAddress
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetTickCount
OutputDebugStringA
GetFullPathNameA
RaiseException
GetStringTypeA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
SetFilePointer
InterlockedIncrement
HeapFree
HeapAlloc
RtlUnwind
GetCommandLineA
GetVersion
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TerminateProcess
HeapSize
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
InterlockedDecrement

user32

PostQuitMessage
DefWindowProcA
GetClassInfoA
LoadCursorA
RegisterClassExA
CreateWindowExA
ShowWindow
DestroyWindow
UnregisterClassA
wsprintfA

comdlg32

GetFileTitleA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

pthreadvc2

pthread_mutex_destroy
pthread_cond_destroy
pthread_mutex_lock
pthread_cond_wait
pthread_mutex_unlock
pthread_cond_broadcast
pthread_cond_signal
pthread_attr_init
pthread_attr_setdetachstate
pthread_create
pthread_join
pthread_attr_destroy

Exports

Exports

CreateCL264Decoder
CreateCNonrefdecInstance
CreateIFMTdec
CreateMSMTdec
DecodeIFMT
DecodeMSMT
DecodeNonref
IsDllUsing
ReleaseCNonrefdecInstance
ReleaseIFMTdec
ReleaseMSMTdec
ResetCNonrefdecInstance
SetDeocderInstanceIndex
SetThreadNum

Sections

.text
Size: 824KB - Virtual size: 821KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 4KB - Virtual size: 508B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c54fd74ef6efd029dece02ae23426edb

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

79:e2:99:00:6f:7a:e2:5e:06:2b:1a:7a:06:7f:c5:48Certificate

Extended Key Usages

Key Usages

31:b6:93:2c:dd:40:fa:0b:3d:6d:45:4d:12:25:88:b4:dd:ed:3f:a8Signer

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

pthreadvc2

Exports

Exports

Sections

.text Size: 824KB - Virtual size: 821KB

.text1 Size: 4KB - Virtual size: 508B

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 48KB - Virtual size: 2.3MB

.data1 Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 64KB - Virtual size: 63KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

79:e2:99:00:6f:7a:e2:5e:06:2b:1a:7a:06:7f:c5:48
Certificate

31:b6:93:2c:dd:40:fa:0b:3d:6d:45:4d:12:25:88:b4:dd:ed:3f:a8
Signer

.text
Size: 824KB - Virtual size: 821KB

.text1
Size: 4KB - Virtual size: 508B

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 48KB - Virtual size: 2.3MB

.data1
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 64KB - Virtual size: 63KB