acc3a16c4499648282f4b295b39d05ca_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

acc3a16c4499648282f4b295b39d05ca_JaffaCakes118
Size

217KB
MD5

acc3a16c4499648282f4b295b39d05ca
SHA1

6c6f4517fc7b24e6c82e788b1dec09d82007e1ee
SHA256

04d0b3aa54d7202a855a84bdbf3754a105dc37bfe854554a4b88e790c7810bf1
SHA512

5c313054181a42b335e753109acb89d0812dc7d39a750c44a1e8da5238fdeba8aff7c587414ac53b7cc6860dd1cba8929c7d683d1c954b1120aeb84b2d7aba3a
SSDEEP

3072:jaIC4AXKisG4evQd91lmEaih/GrZaQwdu2eblroxZWgEJckEXp2p:jaM2KtGHQd91LhurZrwdJebFd+4p

Score

1^/10

Malware Config

Signatures

Files

acc3a16c4499648282f4b295b39d05ca_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

2a9d3a9b2a66d1b7e5eea10086cb7dcb

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

32:2a:78:ca:b1:00:b4:b6:d9:a0:cc:66:c1:6b:80:2d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09/06/2015, 00:00

Not After

07/09/2018, 23:59

Subject

CN=Beijing Rising Information Technology Corporation Limited,O=Beijing Rising Information Technology Corporation Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:80:02:ca:f3:61:6b:ee:ee:4c:04:5b:d6:99:78:d7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

31/12/2015, 00:00

Not After

07/09/2018, 23:59

Subject

CN=Beijing Rising Information Technology Corporation Limited,O=Beijing Rising Information Technology Corporation Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:6b:82:10:9f:b4:76:cb:fa:8c:70:7c:59:5e:15:05:dc:3e:44:c4:1b:f3:8a:d6:f0:0c:ef:fa:52:3e:74:d2
Signer

Actual PE Digest

41:6b:82:10:9f:b4:76:cb:fa:8c:70:7c:59:5e:15:05:dc:3e:44:c4:1b:f3:8a:d6:f0:0c:ef:fa:52:3e:74:d2

Digest Algorithm

sha256

PE Digest Matches

true

47:c9:8a:7d:48:41:e6:2b:0c:42:bc:93:2e:14:ca:a3:53:2e:af:ec
Signer

Actual PE Digest

47:c9:8a:7d:48:41:e6:2b:0c:42:bc:93:2e:14:ca:a3:53:2e:af:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\DistributedAutoLink\Temp\CompileOutputDir\getbrowserurl.pdb

Imports

kernel32

lstrcpynA
GetModuleFileNameA
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
InterlockedIncrement
GlobalAlloc
GlobalFree
GetModuleHandleA
SetLastError
CreateDirectoryA
GetLocalTime
FindFirstFileA
FindClose
FileTimeToSystemTime
SystemTimeToFileTime
SetFileTime
SetFilePointer
SetEndOfFile
FlushFileBuffers
MoveFileA
LocalAlloc
HeapAlloc
GetProcessHeap
HeapFree
GetTickCount
Sleep
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringA
GetFileAttributesA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetTempPathA
GetModuleHandleW
GetCurrentDirectoryA
InitializeCriticalSection
CreateThread
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OpenProcess
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32First
Process32Next
CopyFileA
GetSystemTime
GetProcessTimes
HeapDestroy
HeapReAlloc
LocalFree
SetEnvironmentVariableA
CompareStringW
CreateFileW
WriteConsoleW
SetStdHandle
LoadLibraryW
InterlockedExchange
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
lstrlenA
GetLastError
WideCharToMultiByte
lstrlenW
lstrcmpiA
InterlockedDecrement
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
DeviceIoControl
CloseHandle
WriteFile
DeleteFileA
SetFileAttributesA
ReadFile
GetFileSize
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
GetStartupInfoW
GetFileType
SetHandleCount
GetStringTypeW
LCMapStringW
HeapSize
RaiseException
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
GetCurrentProcess
CreateFileA
RtlUnwind
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapCreate
GetModuleFileNameW
GetStdHandle
ExitProcess
IsProcessorFeaturePresent
TlsFree
TlsSetValue

user32

IsWindow
SendMessageA
wsprintfA
GetClientRect
RegisterWindowMessageA
GetClassNameA
GetWindowTextA
CharUpperA
GetDC
GetForegroundWindow
EnumChildWindows
FindWindowA
SendMessageTimeoutA
GetWindowThreadProcessId
EnumWindows

gdi32

GetObjectA
DeleteObject
GetDIBits
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ole32

CoInitialize
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx

oleaut32

VariantTimeToSystemTime
SafeArrayDestroy
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
VarBstrCat
SysAllocStringLen
SystemTimeToVariantTime
SysStringLen
VariantClear
VariantInit
SysFreeString
SysAllocString

shlwapi

PathRemoveFileSpecA
StrStrIA
PathSkipRootA
PathFileExistsA

rpcrt4

UuidCreate

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList

iphlpapi

GetAdaptersInfo

wininet

InternetOpenA
InternetCrackUrlA
HttpAddRequestHeadersA
InternetSetOptionA
HttpQueryInfoA
InternetCloseHandle
InternetReadFile
InternetConnectA
InternetAttemptConnect
HttpSendRequestA
HttpOpenRequestA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

gdiplus

GdipFree
GdipAlloc
GdipDisposeImage
GdipCloneImage
GdipSaveImageToFile
GdipCreateBitmapFromFileICM
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize

oleacc

GetRoleTextA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a9d3a9b2a66d1b7e5eea10086cb7dcb

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

32:2a:78:ca:b1:00:b4:b6:d9:a0:cc:66:c1:6b:80:2dCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

48:80:02:ca:f3:61:6b:ee:ee:4c:04:5b:d6:99:78:d7Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

41:6b:82:10:9f:b4:76:cb:fa:8c:70:7c:59:5e:15:05:dc:3e:44:c4:1b:f3:8a:d6:f0:0c:ef:fa:52:3e:74:d2Signer

47:c9:8a:7d:48:41:e6:2b:0c:42:bc:93:2e:14:ca:a3:53:2e:af:ecSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

rpcrt4

setupapi

iphlpapi

wininet

version

gdiplus

oleacc

Exports

Exports

Sections

.text Size: 150KB - Virtual size: 149KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 7KB - Virtual size: 16KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 12KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

32:2a:78:ca:b1:00:b4:b6:d9:a0:cc:66:c1:6b:80:2d
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

48:80:02:ca:f3:61:6b:ee:ee:4c:04:5b:d6:99:78:d7
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

41:6b:82:10:9f:b4:76:cb:fa:8c:70:7c:59:5e:15:05:dc:3e:44:c4:1b:f3:8a:d6:f0:0c:ef:fa:52:3e:74:d2
Signer

47:c9:8a:7d:48:41:e6:2b:0c:42:bc:93:2e:14:ca:a3:53:2e:af:ec
Signer

.text
Size: 150KB - Virtual size: 149KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 7KB - Virtual size: 16KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 12KB