17a15fe8eaea83e824e8f5f5835b3686_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17a15fe8eaea83e824e8f5f5835b3686_JaffaCakes118
Size

233KB
MD5

17a15fe8eaea83e824e8f5f5835b3686
SHA1

82171726887bff9671d030b5135cb4cfd0afaff3
SHA256

5ff886baa80d9e9cd1ea12027bc5df9e7577526adbc35937f694654b1525d792
SHA512

7fc1d4ef8a40c7a6fa7672f642d61c0a3a8039ea3fbb9b74dce19018c4392d8f89be54cb0cbb7567f1759fade7e42ca7b3b25bae07ae2b9e0344108997db7c28
SSDEEP

3072:iFlX1F9fzMLi5Em/2RVthzlwgjPMMNXGEazQGZU6GOkzu+jPExh9n8P5DtqUfkB:GpY/DdSgjSzQGZU6GOkzu+7Mu4UfkB

Score

1^/10

Malware Config

Signatures

Files

17a15fe8eaea83e824e8f5f5835b3686_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

d5a11d1af35218002413bf173746b02a

Code Sign

1e:66:44:82:57:2d:9f:42:8f:57:1e:30:73:ad:fa:1f
Certificate

Issuer

CN=Asert,OU=Asert,O=Asert,L=Origert,C=ER,1.2.840.113549.1.9.1=#0c0e61646d696e4041736572742e6572

Not Before

02/04/2012, 00:00

Not After

01/04/2013, 23:59

Subject

CN=Asert,OU=Asert,O=Asert,L=Origert,C=ER,1.2.840.113549.1.9.1=#0c0e61646d696e4041736572742e6572

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

xpcom

NS_CStringToUTF16
NS_CStringCloneData
NS_CStringContainerInit2
NS_CStringGetMutableData
NS_GetServiceManager
NS_UTF16ToCString
NS_Free
NS_Realloc
NS_Alloc
NS_StringGetMutableData
NS_GetComponentManager
NS_StringContainerInit2
NS_CStringGetData
NS_CStringContainerFinish
NS_CStringContainerInit
NS_CStringSetData
NS_StringSetDataRange
NS_CStringSetDataRange
NS_StringContainerInit
NS_StringSetData
NS_StringGetData
NS_StringCopy
NS_CStringCopy
NS_StringContainerFinish

kernel32

GetLocaleInfoA
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetLocaleInfoW
LoadLibraryA
lstrcmpA
lstrlenA
VirtualQuery
FindResourceExW
FindResourceW
LoadResource
GlobalAlloc
WideCharToMultiByte
SizeofResource
lstrcmpW
lstrlenW
GlobalFree
LockResource
GetModuleFileNameA
SetFilePointer
SetEndOfFile
GlobalLock
WriteFile
LoadLibraryW
GetFileAttributesW
ReadFile
GetModuleFileNameW
CreateFileW
MultiByteToWideChar
GlobalUnlock
GetLastError
GetProcAddress
InterlockedExchangeAdd
lstrcmpiW
lstrcatW
FindNextFileW
GetFileTime
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
lstrcpyW
lstrcpyA
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
FreeLibrary
SetConsoleCtrlHandler
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
VirtualAlloc
FatalAppExitA
SetStdHandle
InterlockedExchange
GetACP
SetHandleCount
GetThreadLocale
GetVersionExA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
DuplicateHandle
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
LCMapStringA
LCMapStringW
Sleep
ExitProcess
GetStdHandle
GetSystemTimeAsFileTime

user32

CloseClipboard
SetTimer
GetTopWindow
KillTimer
GetParent
wsprintfA
wsprintfW
GetClassNameW
GetWindow
UnregisterClassA

nspr4

PR_sscanf

Exports

Exports

DllRegisterServer
DllUnregisterServer
NSGetModule
NSModule

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5a11d1af35218002413bf173746b02a

Code Sign

1e:66:44:82:57:2d:9f:42:8f:57:1e:30:73:ad:fa:1fCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

xpcom

kernel32

user32

nspr4

Exports

Exports

Sections

.text Size: 176KB - Virtual size: 175KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 8KB - Virtual size: 20KB

.reloc Size: 12KB - Virtual size: 10KB

1e:66:44:82:57:2d:9f:42:8f:57:1e:30:73:ad:fa:1f
Certificate

.text
Size: 176KB - Virtual size: 175KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 8KB - Virtual size: 20KB

.reloc
Size: 12KB - Virtual size: 10KB