0eff3578af2cdf42de7009c95f620ec2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0eff3578af2cdf42de7009c95f620ec2_JaffaCakes118
Size

97KB
MD5

0eff3578af2cdf42de7009c95f620ec2
SHA1

1db491507153f8eb1974d4fc7d60578d976c1894
SHA256

309bd75766e30a119c8f5da83a4980b519c4c1c8e9325a0fbbe8e2101d53182e
SHA512

e0d8f304241fdce90a4deded2e467a6160726215db555d9c80fd84df1a29f0a4ad057fb2f84a887756fd1805ed526a74f14d3152a415d307e9ca2a2c9a1ae13f
SSDEEP

1536:UVa6hUsIwaxEaO3kZYVvjyE9HP7fPIEd04HaA36NM/4BYA+:Ca6WdxErxrxbVUM/QYR

Score

1^/10

Malware Config

Signatures

Files

0eff3578af2cdf42de7009c95f620ec2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

47d2d5ebff30bfc41e5c01c0128b61ea

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:ad:ad:20:cc:bc:17:01:64:bd:ec:8f:bc:a0:69:24
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/05/2011, 00:00

Not After

22/05/2012, 23:59

Subject

CN=AhnLab\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=AhnLab\, Inc.,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e3:f1:c3:9c:5d:f9:57:1e:89:d3:8f:22:86:64:e8:4c:ed:06:95:33
Signer

Actual PE Digest

e3:f1:c3:9c:5d:f9:57:1e:89:d3:8f:22:86:64:e8:4c:ed:06:95:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHDeleteValueW
SHDeleteKeyW

wininet

FindCloseUrlCache
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW

kernel32

ProcessIdToSessionId
GetCurrentProcessId
lstrlenW
SearchPathW
WritePrivateProfileStringW
GetTickCount
GetLocalTime
GetPrivateProfileStringW
FreeLibrary
LoadLibraryW
OutputDebugStringW
WriteFile
SetFilePointer
GetFileSize
GetModuleFileNameW
WriteConsoleW
GetStdHandle
GetCurrentThreadId
InterlockedIncrement
CreateToolhelp32Snapshot
InterlockedDecrement
GetWindowsDirectoryW
lstrcpynW
GetVersionExW
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
GetSystemDirectoryW
SystemTimeToFileTime
VerifyVersionInfoW
VerSetConditionMask
Process32FirstW
Process32NextW
GetTempPathW
GlobalMemoryStatusEx
OpenProcess
SetProcessWorkingSetSize
GetModuleHandleW
GetProcAddress
GetVersion
GetCurrentProcess
ExpandEnvironmentStringsW
CreateFileW
GetFileTime
CloseHandle
SetLastError
FindFirstFileW
FindNextFileW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
GetSystemTimeAsFileTime
FindClose
DeleteFileW
GetLongPathNameW
GetLastError
GetSystemInfo
lstrlenA

user32

wsprintfW
CharNextW
CharUpperBuffW
GetSystemMetrics
PostMessageW

advapi32

GetTokenInformation
GetLengthSid
CopySid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegEnumKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
GetUserNameW
RegSetKeySecurity
RegGetKeySecurity
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAce
InitializeAcl
AllocateAndInitializeSid
IsValidSid
RegDeleteKeyW
RegDeleteValueW
OpenProcessToken

shell32

SHEmptyRecycleBinW
SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

msvcrt

wcsrchr
wcslen
wcsncmp
iswdigit
wcsncat
wcsncpy
_initterm
_adjust_fdiv
__dllonexit
_onexit
_wmakepath
_wsplitpath
_wcsupr
abs
_wcsnicmp
wcschr
wcsstr
_getdrives
wcscmp
_wtoi
memcpy
_purecall
??3@YAXPAX@Z
memset
??2@YAPAXI@Z
__CxxFrameHandler
_wcsicmp
free
malloc
_vsnwprintf

Exports

Exports

V3CnO_CleanDestroyInstance
V3CnO_CleanDoSmartCleanUp
V3CnO_CleanInitInstance
V3CnO_OptimizeAhnGetAvailPageFile
V3CnO_OptimizeAhnGetAvailPhys
V3CnO_OptimizeAhnGetAvailVirtual
V3CnO_OptimizeAhnGetMemoryLoad
V3CnO_OptimizeAhnGetTotalPageFile
V3CnO_OptimizeAhnGetTotalPhys
V3CnO_OptimizeAhnGetTotalVirtual
V3CnO_OptimizeAhnOptimizeMemory
V3CnO_OptimizeDestroyInstance
V3CnO_OptimizeDoSmartOptimize
V3CnO_OptimizeInitInstance

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47d2d5ebff30bfc41e5c01c0128b61ea

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

2b:ad:ad:20:cc:bc:17:01:64:bd:ec:8f:bc:a0:69:24Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

e3:f1:c3:9c:5d:f9:57:1e:89:d3:8f:22:86:64:e8:4c:ed:06:95:33Signer

Headers

File Characteristics

Imports

shlwapi

wininet

kernel32

user32

advapi32

shell32

ole32

msvcrt

Exports

Exports

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

2b:ad:ad:20:cc:bc:17:01:64:bd:ec:8f:bc:a0:69:24
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

e3:f1:c3:9c:5d:f9:57:1e:89:d3:8f:22:86:64:e8:4c:ed:06:95:33
Signer

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB