b44409f4c122ada7dde26034f29f1983_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b44409f4c122ada7dde26034f29f1983_JaffaCakes118
Size

383KB
MD5

b44409f4c122ada7dde26034f29f1983
SHA1

829d89620fdab4ce41bf7a357d1a083481f93dc0
SHA256

bdce7a58d57dd3db2aabefbe5416f36b6b9912d4c4c64759ea35af086ff157e6
SHA512

d93d290bb76199f7f8623cd611d9af643d9edeef73b74607c825d3b349de7e3bc367d22c724d5ae09b6ac8c5705fbec76ff8248282e7c74922b5ff926bbf2434
SSDEEP

6144:6BvGvMM7Oi7cuFQF6/MyT6QEzU56NgLgohbVyGTmMSZvAXDdU:6BvGvMGOGJCsT6QgaLBivAdU

Score

1^/10

Malware Config

Signatures

Files

b44409f4c122ada7dde26034f29f1983_JaffaCakes118
.dll windows:6 windows x86 arch:x86

151b3db2a6df1908a12322596486e615

Code Sign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:c5:9b:c2:3c:53:4b:f2:b5:14:f7:e7:c2:86:03:a6
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

28-12-2016 00:00

Not After

02-01-2019 12:00

Subject

CN=Dropbox\, Inc,O=Dropbox\, Inc,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2031 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:e2:6f:15:a8:88:a5:e5:23:47:32:0d:80:3c:8f:a9
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16-01-2015 00:00

Not After

19-01-2018 12:00

Subject

CN=Dropbox\, Inc,O=Dropbox\, Inc,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

91:6c:00:63:1d:cc:00:65:8a:df:3f:b5:46:2a:f9:df:d6:aa:9c:f0:fe:f5:28:3c:c1:0b:a1:41:cf:f6:73:4c
Signer

Actual PE Digest

91:6c:00:63:1d:cc:00:65:8a:df:3f:b5:46:2a:f9:df:d6:aa:9c:f0:fe:f5:28:3c:c1:0b:a1:41:cf:f6:73:4c

Digest Algorithm

sha256

PE Digest Matches

true

ce:50:31:57:ab:d7:d4:d4:a5:62:2d:91:45:eb:d1:89:ab:87:00:ef
Signer

Actual PE Digest

ce:50:31:57:ab:d7:d4:d4:a5:62:2d:91:45:eb:d1:89:ab:87:00:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\vagrant\src\client-win-deps\pywin32\build\lib.win32-2.7\win32comext\shell\shell.pdb

Imports

shell32

ShellExecuteExA
SHGetFileInfoA
ord28
SHGetPathFromIDListA
SHFreeNameMappings
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetDesktopFolder
SHChangeNotify
SHAddToRecentDocs
SHFileOperationA
DragQueryPoint
SHGetPathFromIDListW
DragQueryFileW
SHGetInstanceExplorer
ord191
DragQueryFileA

oleaut32

VariantInit
SysFreeString
VariantClear

ole32

CoTaskMemFree
CoTaskMemAlloc
PropVariantClear

pythoncom27

??0PyComEnumProviderTypeObject@@QAE@PBDPAVPyComTypeObject@@HPAUPyMethodDef@@P6APAVPyIUnknown@@PAUIUnknown@@@Z0@Z
?Unwrap@PyGatewayBase@@UAGJPAPAU_object@@@Z
?InvokeViaPolicy@PyGatewayBase@@MAAJPBDPAPAU_object@@0ZZ
?InvokeEx@PyGatewayBase@@UAGJJKGPAUtagDISPPARAMS@@PAUtagVARIANT@@PAUtagEXCEPINFO@@PAUIServiceProvider@@@Z
?Invoke@PyGatewayBase@@UAGJJABU_GUID@@KGPAUtagDISPPARAMS@@PAUtagVARIANT@@PAUtagEXCEPINFO@@PAI@Z
?InterfaceSupportsErrorInfo@PyGatewayBase@@UAGJABU_GUID@@@Z
?GetTypeInfoCount@PyGatewayBase@@UAGJPAI@Z
?GetTypeInfo@PyGatewayBase@@UAGJIKPAPAUITypeInfo@@@Z
?GetNextDispID@PyGatewayBase@@UAGJKJPAJ@Z
?GetNameSpaceParent@PyGatewayBase@@UAGJPAPAUIUnknown@@@Z
?GetMemberProperties@PyGatewayBase@@UAGJJKPAK@Z
?GetMemberName@PyGatewayBase@@UAGJJPAPA_W@Z
?GetIDsOfNames@PyGatewayBase@@UAGJABU_GUID@@PAPA_WIKPAJ@Z
?GetDispID@PyGatewayBase@@UAGJPA_WKPAJ@Z
?DeleteMemberByName@PyGatewayBase@@UAGJPA_WK@Z
?DeleteMemberByDispID@PyGatewayBase@@UAGJJ@Z
?PyCom_RegisterExtensionSupport@@YAHPAU_object@@PBUPyCom_InterfaceSupportInfo@@H@Z
?ThisAsIID@PyGPersist@@MAEPAXU_GUID@@@Z
??0PyGPersist@@IAE@PAU_object@@@Z
?ThisAsIID@PyGOleWindow@@MAEPAXU_GUID@@@Z
??0PyGOleWindow@@IAE@PAU_object@@@Z
?ThisAsIID@PyGatewayBase@@UAEPAXU_GUID@@@Z
?QueryInterface@PyGatewayBase@@UAGJABU_GUID@@PAPAX@Z
?Release@PyGatewayBase@@UAGKXZ
?PyObject_AsPROPVARIANT@@YAHPAU_object@@PAUtagPROPVARIANT@@@Z
??0PyGatewayBase@@IAE@PAU_object@@@Z
??1PyGatewayBase@@MAE@XZ
?AddRef@PyGatewayBase@@UAGKXZ
??0PyComTypeObject@@QAE@PBDPAV0@HPAUPyMethodDef@@P6APAVPyIUnknown@@PAUIUnknown@@@Z@Z
??1PyComTypeObject@@QAE@XZ
?PyCom_BuildPyException@@YAPAU_object@@JPAUIUnknown@@ABU_GUID@@@Z
?GetI@PyIUnknown@@SAPAUIUnknown@@PAU_object@@@Z
??0PyIUnknown@@IAE@PAUIUnknown@@@Z
??1PyIUnknown@@MAE@XZ
?compare@PyIUnknown@@UAEHPAU_object@@@Z
?getattr@PyIBase@@UAEPAU_object@@PAD@Z
?iter@PyIBase@@UAEPAU_object@@XZ
?iternext@PyIBase@@UAEPAU_object@@XZ
?repr@PyIUnknown@@UAEPAU_object@@XZ
?setattr@PyIBase@@UAEHPADPAU_object@@@Z
?type@PyIUnknown@@2VPyComTypeObject@@A
PyCom_InterfaceFromPyObject
PyCom_PyObjectFromIUnknown
?PyCom_SetAndLogCOMErrorFromPyExceptionEx@@YAJPAU_object@@PBDABU_GUID@@@Z
?PyCom_InterfaceFromPyInstanceOrObject@@YAHPAU_object@@ABU_GUID@@PAPAXH@Z
PyCom_VariantFromPyObject
PyCom_PyObjectFromVariant
?PyCom_SetCOMErrorFromPyException@@YAJABU_GUID@@@Z
?PyCom_SetAndLogCOMErrorFromPyException@@YAJPBDABU_GUID@@@Z
?GetWindow@PyGOleWindow@@MAGJPAPAUHWND__@@@Z
?PyObject_FromPROPVARIANT@@YAPAU_object@@PAUtagPROPVARIANT@@@Z
?ContextSensitiveHelp@PyGOleWindow@@MAGJH@Z
??0PyComEnumTypeObject@@QAE@PBDPAVPyComTypeObject@@HPAUPyMethodDef@@P6APAVPyIUnknown@@PAUIUnknown@@@Z@Z
?is_object@PyIBase@@SAHPAU_object@@PAVPyComTypeObject@@@Z
?PyCom_SetCOMErrorFromSimple@@YAJJABU_GUID@@PBD@Z
?MakeOLECHARToObj@@YAPAU_object@@PB_W@Z
?GetI@PyIOleWindow@@SAPAUIOleWindow@@PAU_object@@@Z
?type@PyIOleWindow@@2VPyComTypeObject@@A
??1PyIOleWindow@@MAE@XZ
??0PyIOleWindow@@IAE@PAUIUnknown@@@Z
?PyObject_FromOLEMENUGROUPWIDTHS@@YAPAU_object@@PBUtagOleMenuGroupWidths@@@Z
?PyObject_AsOLEMENUGROUPWIDTHS@@YAHPAU_object@@PAUtagOleMenuGroupWidths@@@Z
?type@PyIPersist@@2VPyComTypeObject@@A
?GetClassID@PyGPersist@@MAGJPAU_GUID@@@Z
??1PyIPersist@@MAE@XZ
??0PyIPersist@@IAE@PAUIUnknown@@@Z
?GetI@PyIPersist@@SAPAUIPersist@@PAU_object@@@Z

python27

PySys_WriteStderr
PyExc_RuntimeError
PyMapping_GetItemString
PyMapping_Check
PySequence_Size
_Py_TrueStruct
PyEval_CallObjectWithKeywords
PyErr_Print
Py_InitModule4
_Py_BuildValue_SizeT
_PyArg_ParseTupleAndKeywords_SizeT
_PyArg_ParseTuple_SizeT
PyModule_GetDict
PyDict_SetItemString
PyDict_New
PyList_Append
PyString_AsString
PyString_FromStringAndSize
PyCallable_Check
PyLong_AsLong
PyExc_NotImplementedError
PySequence_Tuple
PyDict_GetItemString
PyLong_AsUnsignedLong
PyInt_FromLong
PyBool_FromLong
PyLong_FromUnsignedLong
PyTuple_New
PyErr_SetString
PyErr_Format
PyArg_ParseTuple
PyArg_ParseTupleAndKeywords
Py_BuildValue
PyEval_SaveThread
PyEval_RestoreThread
_Py_NoneStruct
PyExc_MemoryError
PyExc_TypeError
PyInt_AsLong
PyGILState_Ensure
PyGILState_Release
PyList_New
PyErr_Occurred
PyExc_ValueError
_Py_ZeroStruct
PyLong_FromLong
PyString_FromString
PyErr_NoMemory
PyErr_Clear
PyObject_Size
PySequence_Check
PySequence_GetItem
PyLong_FromUnsignedLongLong
PyLong_AsUnsignedLongLong
PyLong_AsUnsignedLongMask
PyObject_IsTrue
PyLong_FromLongLong
PyArg_Parse

pywintypes27

?PyWinExc_COMError@@3PAU_object@@A
?PyWinGlobals_Ensure@@YAHXZ
?PyWinObject_FreeResourceId@@YAXPAD@Z
?PyWinObject_AsResourceIdA@@YAHPAU_object@@PAPADH@Z
?PyWinObject_FromULARGE_INTEGER@@YAPAU_object@@AAT_ULARGE_INTEGER@@@Z
?PyWinCoreString_FromString@@YAPAU_object@@PBDH@Z
?PyWin_SetAPIError@@YAPAU_object@@PADJ@Z
?PyObject_FromWIN32_FIND_DATAA@@YAPAU_object@@PAU_WIN32_FIND_DATAA@@@Z
?PyWinObject_FromTCHAR@@YAPAU_object@@PBDH@Z
?PyWinObject_AsFILETIME@@YAHPAU_object@@PAU_FILETIME@@@Z
?PyWinObject_FromFILETIME@@YAPAU_object@@ABU_FILETIME@@@Z
?PyWinObject_FromOLECHAR@@YAPAU_object@@PB_WH@Z
?PyWinObject_FromHANDLE@@YAPAU_object@@PAX@Z
?PyWinObject_AsTaskAllocatedWCHAR@@YAHPAU_object@@PAPA_WHPAK@Z
?PyWinObject_AsRECT@@YAHPAU_object@@PAUtagRECT@@@Z
?PyWinObject_FromHKEY@@YAPAU_object@@PAUHKEY__@@@Z
?PyWinObject_AsULARGE_INTEGER@@YAHPAU_object@@PAT_ULARGE_INTEGER@@@Z
?PyWinObject_AsHKEY@@YAHPAU_object@@PAPAUHKEY__@@@Z
?PyWinObject_AsBstr@@YAHPAU_object@@PAPA_WHPAK@Z
?PyWinObject_AsPARAM@@YAHPAU_object@@PAI@Z
?PyWinLong_FromHANDLE@@YAPAU_object@@PAX@Z
?PyWinLong_FromVoidPtr@@YAPAU_object@@PBX@Z
?PyWinLong_AsVoidPtr@@YAHPAU_object@@PAPAX@Z
?PyWinObject_FreeString@@YAXPAD@Z
?PyWinObject_AsString@@YAHPAU_object@@PAPADHPAK@Z
?PyWinObject_FromIID@@YAPAU_object@@ABU_GUID@@@Z
?PyWinSequence_Tuple@@YAPAU_object@@PAU1@PAK@Z
?PyWinObject_AsIID@@YAHPAU_object@@PAU_GUID@@@Z
?PyWinObject_AsHANDLE@@YAHPAU_object@@PAPAX@Z
?PyWinObject_FromOLECHAR@@YAPAU_object@@PB_W@Z
?PyWinObject_FreeWCHAR@@YAXPA_W@Z
?PyWinObject_AsWCHAR@@YAHPAU_object@@PAPA_WHPAK@Z
?PyWinObject_AsReadBuffer@@YAHPAU_object@@PAPAXPAKH@Z

msvcr120

__clean_type_info_names_internal
??3@YAXPAX@Z
wcsncpy
free
malloc
__CxxFrameHandler3
memset
strncpy
_except_handler3
memcpy
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
??2@YAPAXI@Z
?terminate@@YAXXZ
_except_handler4_common

kernel32

LocalFree
GetModuleHandleA
GetProcAddress
LoadLibraryA
IsBadReadPtr
EncodePointer
DecodePointer
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
IsDebuggerPresent
IsProcessorFeaturePresent

Exports

Exports

initshell

Sections

.text
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

151b3db2a6df1908a12322596486e615

Code Sign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

08:c5:9b:c2:3c:53:4b:f2:b5:14:f7:e7:c2:86:03:a6Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

05:e2:6f:15:a8:88:a5:e5:23:47:32:0d:80:3c:8f:a9Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

91:6c:00:63:1d:cc:00:65:8a:df:3f:b5:46:2a:f9:df:d6:aa:9c:f0:fe:f5:28:3c:c1:0b:a1:41:cf:f6:73:4cSigner

ce:50:31:57:ab:d7:d4:d4:a5:62:2d:91:45:eb:d1:89:ab:87:00:efSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

oleaut32

ole32

pythoncom27

python27

pywintypes27

msvcr120

kernel32

Exports

Exports

Sections

.text Size: 198KB - Virtual size: 198KB

.rdata Size: 123KB - Virtual size: 122KB

.data Size: 13KB - Virtual size: 26KB

.reloc Size: 34KB - Virtual size: 33KB

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

08:c5:9b:c2:3c:53:4b:f2:b5:14:f7:e7:c2:86:03:a6
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

05:e2:6f:15:a8:88:a5:e5:23:47:32:0d:80:3c:8f:a9
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

91:6c:00:63:1d:cc:00:65:8a:df:3f:b5:46:2a:f9:df:d6:aa:9c:f0:fe:f5:28:3c:c1:0b:a1:41:cf:f6:73:4c
Signer

ce:50:31:57:ab:d7:d4:d4:a5:62:2d:91:45:eb:d1:89:ab:87:00:ef
Signer

.text
Size: 198KB - Virtual size: 198KB

.rdata
Size: 123KB - Virtual size: 122KB

.data
Size: 13KB - Virtual size: 26KB

.reloc
Size: 34KB - Virtual size: 33KB