215990a1ed5cacdb66f575874fd3efb6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

215990a1ed5cacdb66f575874fd3efb6_JaffaCakes118
Size

232KB
MD5

215990a1ed5cacdb66f575874fd3efb6
SHA1

2304113487d4d8f386872e86007ffa6c389eba27
SHA256

4aa23c701009dc8a413f5fae7daf68243c93b09e577a11dbada26065413bddad
SHA512

f649368261ed0b2f0a62fa90d51870248f278f2cb1eebae29267b939bbbea3f08bfe2a6b5ee29783d80f5ebd9680e85650a2f3df91eaadde125ad888e2b03bc7
SSDEEP

3072:DoH9Ef/7Winw9Q1DeKNxXXg7737X92wQ8+btbZNfFMmw:Dc9EH1xeKNNgf71CdZRPw

Score

1^/10

Malware Config

Signatures

Files

215990a1ed5cacdb66f575874fd3efb6_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5caa9d7f8e786400a3e7d9ce1445f60c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:9f:1e:2f:73:eb:9c:0f:7d:fa:ac:48:16:b2:92:d3
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

21/01/2009, 00:00

Not After

21/01/2010, 23:59

Subject

CN=DoubleD Advertising Limited,O=DoubleD Advertising Limited,POSTALCODE=N/A,STREET=COMMITTEE RD SHATIN NT+STREET=PLAZA 138 SHATIN RURAL+STREET=15/F TOWER 1 GRAND CENTRAL,L=HONG KONG,ST=HONG KONG,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4a:b7:54:fe:a6:bf:0b:ae:e0:42:b2:ba:07:4b:f4:38:4c:29:d5:0e
Signer

Actual PE Digest

4a:b7:54:fe:a6:bf:0b:ae:e0:42:b2:ba:07:4b:f4:38:4c:29:d5:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

x:\Projects\ProductwiseToolbar\Sources\VS_Projects\SmileyHookAol\Release\bin\stbAol.pdb

Imports

kernel32

DebugBreak
OutputDebugStringW
WideCharToMultiByte
GetCurrentThreadId
GetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpiW
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
GetProcAddress
LoadLibraryW
Sleep
lstrlenA
InterlockedIncrement
InterlockedDecrement
lstrlenW
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateThread
CreateMutexW
ReleaseMutex
CreateEventW
WaitForSingleObject
SetEvent
TerminateThread
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
FlushInstructionCache
GetCurrentProcess
CloseHandle
SetLastError
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetTickCount
GetVersionExW
GetFileAttributesW
GetModuleHandleA
OutputDebugStringA
GetVersion
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetOEMCP
IsValidCodePage
HeapDestroy
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
RaiseException

user32

GetKeyState
GetCursorPos
SetWinEventHook
SetWindowLongW
IsWindow
CharUpperW
GetParent
FindWindowExW
GetWindowLongW
GetWindowRect
SendMessageTimeoutW
RegisterWindowMessageW
UnhookWinEvent
GetDlgItem
SetRect
GetWindow
SetWindowTextW
UnregisterClassA
SetTimer
KillTimer
MapWindowPoints
SystemParametersInfoW
EndDialog
DialogBoxParamW
CharLowerW
FindWindowW
GetWindowThreadProcessId
AttachThreadInput
BringWindowToTop
keybd_event
PostMessageW
SetWindowsHookExW
GetClassNameW
SendMessageW
MessageBoxW
DestroyWindow
GetWindowTextW
GetActiveWindow
GetClientRect
ScreenToClient
CallNextHookEx
RegisterClipboardFormatW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetFocus
GetForegroundWindow
SetForegroundWindow
SetFocus
UnhookWindowsHookEx
CharNextW
wvsprintfW
LoadStringW
PtInRect
SetWindowPos

gdi32

CopyEnhMetaFileW
DeleteObject
DeleteEnhMetaFile
CreateCompatibleDC
GetObjectW
SelectObject
CreateBitmap
BitBlt
DeleteDC

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW

ole32

CoInitialize
OleRun
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize

oleaut32

SysAllocStringByteLen
GetErrorInfo
SysFreeString
VariantChangeType
SysStringByteLen
SysAllocString
VariantClear
VarUI4FromStr
VariantInit

oleacc

AccessibleObjectFromWindow
AccessibleObjectFromEvent
WindowFromAccessibleObject

productinfo

?Get_PRODUCT_BAND@CProductInfo@@SA?AVCString@WTL@@XZ
?Get_COMPANY_NAME@CProductInfo@@SA?AVCString@WTL@@XZ
?Create@CProductInfo@@SA_NHPAH@Z
?Get_PRODUCT_NAME@CProductInfo@@SA?AVCString@WTL@@XZ

urlmon

URLDownloadToCacheFileW

Exports

Exports

DLLDoAction
DLLInit
DLLInitGlitter
DLLInstallHook
DLLSetAdvText
DLLSetTellFdMsg
DLLUnHook
DLLViralMessage

Sections

.text
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHAREDHW
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5caa9d7f8e786400a3e7d9ce1445f60c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

51:9f:1e:2f:73:eb:9c:0f:7d:fa:ac:48:16:b2:92:d3Certificate

Extended Key Usages

Key Usages

4a:b7:54:fe:a6:bf:0b:ae:e0:42:b2:ba:07:4b:f4:38:4c:29:d5:0eSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

oleacc

productinfo

urlmon

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 129KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 8KB - Virtual size: 14KB

SHAREDHW Size: 20KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 24KB - Virtual size: 22KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

51:9f:1e:2f:73:eb:9c:0f:7d:fa:ac:48:16:b2:92:d3
Certificate

4a:b7:54:fe:a6:bf:0b:ae:e0:42:b2:ba:07:4b:f4:38:4c:29:d5:0e
Signer

.text
Size: 132KB - Virtual size: 129KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 8KB - Virtual size: 14KB

SHAREDHW
Size: 20KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 22KB