16ea91cb1bb0a7b5cb5217df12a63363_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16ea91cb1bb0a7b5cb5217df12a63363_JaffaCakes118
Size

1.2MB
MD5

16ea91cb1bb0a7b5cb5217df12a63363
SHA1

3e5b84e5debacde765369537b3b61f8f71072e3d
SHA256

f589af5cc9b24b6525884fc0fc0064378918228652038d2c68f813d1ffecf8e4
SHA512

f3c38a4193db76d515b8cf75adbca674f1ebe1d7152b523dc44173cd316f62b9145b11826027cf7e16fdfd6a030229a45033a847a2ba04a00425231ed6e5ba43
SSDEEP

24576:bhnWPQbsj9NuwKiRwFvJFTHgRWlznlGga52yWdV8fv:9NITSgoGgI2ygV83

Score

1^/10

Malware Config

Signatures

Files

16ea91cb1bb0a7b5cb5217df12a63363_JaffaCakes118
.dll windows:5 windows x86 arch:x86

0c0db57d33a88e86432a59b3b6af7ef9

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:51:34:34:4f:55:84:2d:5c:ce:13:3a:8c:62:90:64
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

23/06/2010, 00:00

Not After

14/07/2012, 23:59

Subject

CN=Discordia Limited,OU=SECURE APPLICATION DEVELOPMENT,O=Discordia Limited,L=Limassol,ST=Limassol,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Work\SearchSuite\G3.0\SearchSuite\G3.0\Kipod\RBin\DataMngr.pdb

Imports

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

kernel32

CreateEventW
CreateSemaphoreA
ReleaseSemaphore
OpenMutexW
PulseEvent
GetCurrentProcessId
WaitForMultipleObjects
GetProcessHeap
HeapFree
LocalFree
HeapAlloc
LoadLibraryA
DuplicateHandle
GetCurrentProcess
lstrlenW
CopyFileW
DeleteFileW
FreeLibrary
VirtualQuery
SetLastError
GetModuleHandleA
VirtualAlloc
InterlockedCompareExchange
ResumeThread
FlushInstructionCache
GetThreadContext
SetThreadContext
SuspendThread
GetModuleFileNameW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersionExW
AreFileApisANSI
SetFilePointer
SetEndOfFile
FlushFileBuffers
UnlockFile
LockFile
GetFileAttributesA
DeleteFileA
GetFileAttributesW
LoadLibraryW
QueryPerformanceCounter
GetTickCount
GetSystemTime
LockFileEx
GetTempPathA
GetTempPathW
FormatMessageA
FormatMessageW
GetFullPathNameA
GetFullPathNameW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
CreateFileA
CompareStringA
WriteConsoleW
GetConsoleOutputCP
GetProcAddress
GetCurrentThread
TlsAlloc
GetCurrentThreadId
TlsSetValue
TlsGetValue
IsBadWritePtr
OpenEventW
WriteFile
ReadFile
GetLastError
GetFileSize
CreateFileW
GetModuleHandleW
RemoveVectoredExceptionHandler
InterlockedExchange
VirtualProtect
IsBadReadPtr
AddVectoredExceptionHandler
SetEvent
CreateEventA
CloseHandle
WaitForSingleObject
GetSystemTimeAsFileTime
CompareStringW
SetEnvironmentVariableA
Sleep
WriteConsoleA
SetStdHandle
InterlockedIncrement
InterlockedDecrement
HeapDestroy
HeapReAlloc
HeapSize
ReleaseMutex
TlsFree
CreateMutexA
ResetEvent
SystemTimeToFileTime
SetWaitableTimer
CreateWaitableTimerA
GetUserDefaultLCID
GetStringTypeExA
LCMapStringA
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RaiseException
RtlUnwind
GetCPInfo
GetStringTypeW
ExitThread
CreateThread
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapCreate
VirtualFree
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeZoneInformation
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetConsoleCP
GetConsoleMode

user32

GetWindowThreadProcessId
FindWindowExW
LoadStringA

advapi32

RegQueryValueExW
LookupAccountNameW
ConvertSidToStringSidW
IsValidSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCloseKey

dbghelp

ImageNtHeader

Sections

.text
Size: 999KB - Virtual size: 999KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c0db57d33a88e86432a59b3b6af7ef9

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

36:51:34:34:4f:55:84:2d:5c:ce:13:3a:8c:62:90:64Certificate

Extended Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wtsapi32

kernel32

user32

advapi32

dbghelp

Sections

.text Size: 999KB - Virtual size: 999KB

.rdata Size: 135KB - Virtual size: 135KB

.data Size: 17KB - Virtual size: 27KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 45KB - Virtual size: 44KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

36:51:34:34:4f:55:84:2d:5c:ce:13:3a:8c:62:90:64
Certificate

.text
Size: 999KB - Virtual size: 999KB

.rdata
Size: 135KB - Virtual size: 135KB

.data
Size: 17KB - Virtual size: 27KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 45KB - Virtual size: 44KB