b766904a1f73f37f9c886122965a8fea_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b766904a1f73f37f9c886122965a8fea_JaffaCakes118
Size

371KB
MD5

b766904a1f73f37f9c886122965a8fea
SHA1

c54d9bfa8d323d60cf357ba6bf508e2b717be000
SHA256

e82c97c709fb68d1edfd613236f8da7b6ac3307ee96bdfdad8402ae979f515ee
SHA512

56a8e95b6d915feeaa56174078675dc36b94d3cda51941220bc6560ca32db71fd8c0de363ec7f3b4d0a051e7c4ed37749ea2e5eb0e457aef2dc746f30684a99b
SSDEEP

6144:T4FWj0coca2PSySoe2DdyFu2CrXHVIXHA7VxVg1oMBJW5oTdYeFxYrWZ9gu4Nb2i:Tmzca2RU2cFrCD1I3A7ra1RBJzSeFx0R

Score

1^/10

Malware Config

Signatures

Files

b766904a1f73f37f9c886122965a8fea_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7397e75e1545369b0b9da2f586a1a038

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

53:f0:7c:ba:47:55:8d:64:93:39:d9:f4
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27/01/2017, 11:00

Not After

31/03/2020, 12:33

Subject

CN=Biz Secure Labs Pvt. Ltd.,O=Biz Secure Labs Pvt. Ltd.,L=Pune,ST=Maharashtra,C=IN,1.2.840.113549.1.9.1=#0c1a737570706f727440696e646961616e746976697275732e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

85:48:db:25:34:92:b1:1e:d3:5f:2c:49:f7:30:72:46:22:57:91:cc
Signer

Actual PE Digest

85:48:db:25:34:92:b1:1e:d3:5f:2c:49:f7:30:72:46:22:57:91:cc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

StrStrIA
PathFileExistsA
PathFindExtensionA
PathFindFileNameA
PathRemoveExtensionA
PathFileExistsW
PathMatchSpecA
PathAppendA
SHSetValueA
PathRemoveFileSpecA

netapi32

NetShareEnum
NetApiBufferFree

kernel32

MultiByteToWideChar
Process32FirstW
ReadFile
SetFilePointer
DeleteFileA
MoveFileExA
CopyFileA
GetSystemDirectoryA
CreateThread
WinExec
GetPrivateProfileStringA
GetWindowsDirectoryA
GetLongPathNameA
CreateMutexA
GetDriveTypeA
GetFileAttributesA
SetFileAttributesA
RemoveDirectoryA
IsBadReadPtr
MapViewOfFile
CreateFileMappingA
GetFileSize
UnmapViewOfFile
WriteFile
GetPrivateProfileIntA
Sleep
Process32NextW
HeapAlloc
GetProcessHeap
LocalAlloc
GetVersionExA
SystemTimeToFileTime
GetSystemTime
FindFirstFileA
FindClose
FindNextFileA
MoveFileA
RemoveDirectoryW
DeleteFileW
GetDriveTypeW
GetLogicalDriveStringsW
WideCharToMultiByte
MoveFileExW
GetShortPathNameW
CreateFileW
FindNextFileW
FindFirstFileW
SetWaitableTimer
CreateWaitableTimerA
LocalFileTimeToFileTime
GetExitCodeProcess
GetVersion
TerminateProcess
CreateFileA
GetFileTime
RaiseException
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleFileNameA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentProcess
CreateProcessA
GetLastError
WritePrivateProfileStringA
WaitForSingleObject
CloseHandle
GetLocalTime
GetStringTypeA
GetStringTypeW
GetCPInfo
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchange
HeapFree
IsBadCodePtr
SetUnhandledExceptionFilter
RtlUnwind
InterlockedDecrement
InterlockedIncrement
HeapReAlloc
GetCommandLineA
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
VirtualAlloc
IsBadWritePtr
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
FlushFileBuffers

user32

wsprintfA

advapi32

CreateProcessAsUserA
RegCreateKeyA
ChangeServiceConfig2A
StartServiceA
ChangeServiceConfigA
ControlService
RegCreateKeyExW
RegCreateKeyExA
RegSetValueExA
RegFlushKey
GetSidLengthRequired
InitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
FreeSid
GetTokenInformation
LookupAccountSidA
RegEnumValueA
RegDeleteValueA
RegOpenKeyW
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityInfo
RegOpenKeyA
RegQueryInfoKeyA
RegEnumKeyExA
RegCloseKey
GetUserNameA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
DuplicateTokenEx
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

SHGetSpecialFolderPathA

Exports

Exports

CheckForWorm
CheckForWormWithProcessDetails
IsWorm
ucblock_StopServices

Sections

.text
Size: 284KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7397e75e1545369b0b9da2f586a1a038

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

53:f0:7c:ba:47:55:8d:64:93:39:d9:f4Certificate

Extended Key Usages

Key Usages

85:48:db:25:34:92:b1:1e:d3:5f:2c:49:f7:30:72:46:22:57:91:ccSigner

Headers

File Characteristics

Imports

version

shlwapi

netapi32

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 284KB - Virtual size: 282KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 44KB - Virtual size: 54KB

.rsrc Size: 4KB - Virtual size: 928B

.reloc Size: 16KB - Virtual size: 14KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

53:f0:7c:ba:47:55:8d:64:93:39:d9:f4
Certificate

85:48:db:25:34:92:b1:1e:d3:5f:2c:49:f7:30:72:46:22:57:91:cc
Signer

.text
Size: 284KB - Virtual size: 282KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 44KB - Virtual size: 54KB

.rsrc
Size: 4KB - Virtual size: 928B

.reloc
Size: 16KB - Virtual size: 14KB