0a9545f9fc7a6d8596cf07a59f400fd3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0a9545f9fc7a6d8596cf07a59f400fd3_JaffaCakes118
Size

113KB
MD5

0a9545f9fc7a6d8596cf07a59f400fd3
SHA1

0559cf194ec7c750966cb277348ef4278bde9cea
SHA256

77421106548e69e9666c538ad628918cad7cfcf8f6aa7825f71a4fc39e522a7d
SHA512

bd1cbd31048e3a5dcfcd49a352081f2dca1db36157c3ba758211a59762d97e8195f3ba174f8038f02c226d8b63a54fdf676624f8c595a2b314c61bd0a9717b92
SSDEEP

1536:enaVBV4sS2z+BBtSz+dUhIa/b26DeAq2hO6uv2adyoxnCC171klvrEf2E1:Vz4s3mB844aAq2hO6uv6NC7k5Sd1

Score

1^/10

Malware Config

Signatures

Files

0a9545f9fc7a6d8596cf07a59f400fd3_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

6e97890d32631b043254bb0d7fd4d919

Code Sign

47:d5:d5:37:2b:cb:15:62:b4:c9:f4:c2:bd:f1:35:87
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/08/2013, 00:00

Not After

27/09/2014, 23:59

Subject

CN=DTOPTOOLZ Co.\,Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Management Support Team,O=DTOPTOOLZ Co.\,Ltd.,L=Mapo-gu,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fc:48:35:56:e2:d2:4e:42:8d:6a:4b:88:87:84:0c:db:9d:93:a5:5c
Signer

Actual PE Digest

fc:48:35:56:e2:d2:4e:42:8d:6a:4b:88:87:84:0c:db:9d:93:a5:5c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsBadReadPtr
GetSystemDirectoryW
VirtualFreeEx
IsBadCodePtr
IsBadWritePtr
GlobalFree
ProcessIdToSessionId
GetSystemInfo
SetEnvironmentVariableA
VirtualProtectEx
VirtualAllocEx
WriteProcessMemory
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DisableThreadLibraryCalls
GetModuleFileNameW
ExitProcess
CreateThread
GetLocalTime
ExitThread
TerminateThread
GetComputerNameA
DuplicateHandle
SetNamedPipeHandleState
GetTempPathW
FlushFileBuffers
WaitNamedPipeW
DeleteFileW
GetVersionExA
OutputDebugStringA
GetModuleHandleA
OpenMutexA
SetLastError
GetExitCodeProcess
GetFileAttributesA
FormatMessageW
GetCurrentThread
WaitForSingleObject
SetErrorMode
GetFileSize
GetFileTime
FindNextFileW
LoadLibraryA
FindClose
GetFileSizeEx
GetFileAttributesW
CreateDirectoryW
SetFilePointerEx
FreeLibrary
FindFirstFileW
ExpandEnvironmentStringsW
LocalFree
DeleteCriticalSection
CreatePipe
LocalAlloc
GetProcessId
EnterCriticalSection
ReadFile
TerminateProcess
LeaveCriticalSection
WideCharToMultiByte
CreateProcessW
InitializeCriticalSection
WriteFile
GetCurrentProcess
PeekNamedPipe
GetSystemTime
GetWindowsDirectoryW
CloseHandle
GetProcAddress
GetLastError
MultiByteToWideChar
CreateFileW
CopyFileW
Sleep
LoadLibraryW
OpenProcess
SetFileTime
GetTickCount
MoveFileExW
SystemTimeToFileTime
GetCurrentProcessId

user32

GetMessageA
GetSystemMetrics

advapi32

RegQueryValueExA
ImpersonateLoggedOnUser
RegCreateKeyExW
RegCreateKeyW
RegOverridePredefKey
CredEnumerateW
RegOpenKeyExA
RegEnumKeyExA
CredFree
ControlService
OpenSCManagerA
EnumServicesStatusW
StartServiceW
OpenServiceW
EnumServicesStatusA
DeleteService
CloseServiceHandle
AdjustTokenPrivileges
CheckTokenMembership
IsValidSecurityDescriptor
GetUserNameA
FreeSid
RevertToSelf
SetSecurityDescriptorOwner
AllocateAndInitializeSid
LookupAccountSidW
ImpersonateSelf
LookupPrivilegeValueA
LookupAccountSidA
EqualSid
AccessCheck
SetSecurityDescriptorGroup
OpenThreadToken
GetLengthSid
AddAccessAllowedAce
InitializeAcl
DuplicateTokenEx
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateProcessAsUserW
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegCloseKey
RegOpenKeyA
RegOpenKeyExW
RegDeleteValueA
RegCreateKeyA
RegOpenKeyW
RegQueryValueExW
RegSetValueExA

shell32

SHFileOperationW
ShellExecuteExW

ole32

CoInitializeEx
CoUninitialize

ntdll

ZwQuerySystemInformation

ws2_32

WSAGetLastError
htonl
connect
ioctlsocket
getpeername
setsockopt
htons
bind
accept
inet_ntoa
inet_addr
select
gethostbyname
socket
ntohs
getsockname
recv
shutdown
closesocket
send
WSAStartup
listen

psapi

GetModuleFileNameExW
EnumProcesses
GetModuleBaseNameA

crypt32

CryptUnprotectData

userenv

LoadUserProfileA
GetUserProfileDirectoryA
UnloadUserProfile

msvcrt

_snwprintf
strlen
strcpy
wcslen
memset
??1type_info@@UAE@XZ
strcat
memmove
_purecall
sprintf
wcsncpy
wcsncat
wcscat
realloc
wcscmp
isspace
strncpy
rand
strncmp
strstr
atoi
_snprintf
strcmp
toupper
isalnum
??_U@YAPAXI@Z
strchr
??_V@YAXPAX@Z
srand
_time64
wcschr
strncat
_wcsnicmp
isprint
_wtof
atol
wcstombs
_stricmp
_wcsicmp
_strnicmp
_initterm
_adjust_fdiv
malloc
free
memcpy
_CxxThrowException
?terminate@@YAXXZ
_except_handler3
wcsrchr
__CxxFrameHandler
wcscpy
_ftol

oleaut32

GetErrorInfo

Exports

Exports

DllRegisterServer
DllUnregisterServer
ServiceMain
SvchostPushServiceGlobals
WUServiceMain
_crt_debugger_hook

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e97890d32631b043254bb0d7fd4d919

Code Sign

47:d5:d5:37:2b:cb:15:62:b4:c9:f4:c2:bd:f1:35:87Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

fc:48:35:56:e2:d2:4e:42:8d:6a:4b:88:87:84:0c:db:9d:93:a5:5cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

ntdll

ws2_32

psapi

crypt32

userenv

msvcrt

oleaut32

Exports

Exports

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 27KB - Virtual size: 29KB

.rsrc Size: 1024B - Virtual size: 840B

.reloc Size: 5KB - Virtual size: 5KB

47:d5:d5:37:2b:cb:15:62:b4:c9:f4:c2:bd:f1:35:87
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

fc:48:35:56:e2:d2:4e:42:8d:6a:4b:88:87:84:0c:db:9d:93:a5:5c
Signer

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 27KB - Virtual size: 29KB

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 5KB - Virtual size: 5KB