2230a77157b903067ea237b4e5bcf556_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2230a77157b903067ea237b4e5bcf556_JaffaCakes118
Size

329KB
MD5

2230a77157b903067ea237b4e5bcf556
SHA1

d1caa463f0f5a38c9d5fa0416c296aad64931720
SHA256

99dc3afba7c98d595508b185e98c89ca67f7f4a6d66d1546b21f2ba71bfd8a16
SHA512

99848457fbbc652d7b901faab2aab00a6c2e840870456fd68b74ccf811017b6cbe68d358da9f3496dc3713d8808b4d873430cb1bf8f291911dacbfa522c49f71
SSDEEP

6144:JCcMqUB0oT7RbRUtWA7/0yXzcR1f64HMKa98ht+:XhU2a7RbGxr0ozm7Ra9Et+

Score

1^/10

Malware Config

Signatures

Files

2230a77157b903067ea237b4e5bcf556_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

e25bdab11cae28979c76bf1e4daf26e2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:31:97:50:e8:54:09:f9:45:69:40:14:a4:ed:26:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/05/2011, 00:00

Not After

29/05/2014, 23:59

Subject

CN=Awareness Technologies\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Awareness Technologies\, Inc.,L=Marina del Rey,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:b2:44:84:5f:bb:a1:7d:04:cc:0f:51:1f:c5:04:d9:15:cb:6c:ab
Signer

Actual PE Digest

4a:b2:44:84:5f:bb:a1:7d:04:cc:0f:51:1f:c5:04:d9:15:cb:6c:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Z:\Source\FreeWindowsClient\Servicing\v1\v1.0\v1.0.3 Release\Release\PluginIE.pdb

Imports

kernel32

CreateEventW
HeapFree
GetProcessHeap
HeapAlloc
LocalFree
GetTickCount
GetCurrentProcessId
GlobalFree
GlobalReAlloc
GlobalAlloc
GetCurrentThreadId
GlobalLock
GlobalUnlock
lstrlenA
GetModuleHandleW
LoadLibraryExW
MultiByteToWideChar
lstrcmpiW
DisableThreadLibraryCalls
GetVersionExW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
LoadLibraryW
GetLastError
GetProcAddress
SetEvent
lstrlenW
FreeLibrary
GetCurrentThread
GetThreadPriority
SetThreadPriority
ReleaseMutex
WaitForSingleObject
CloseHandle
CreateMutexW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
InterlockedDecrement
GetSystemDirectoryW
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
GetStringTypeW
GetStringTypeA
GetModuleFileNameW
FlushFileBuffers
SetFilePointer
GetConsoleMode
GetConsoleCP
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
InterlockedExchangeAdd
InterlockedExchange
ProcessIdToSessionId
DuplicateHandle
GetCurrentProcess
ResetEvent
TerminateThread
CreateThread
FreeLibraryAndExitThread
CreateToolhelp32Snapshot
Thread32First
OpenThread
Thread32Next
IsBadReadPtr
IsBadCodePtr
VirtualAlloc
VirtualProtect
VirtualFree
VirtualLock
VirtualUnlock
CompareFileTime
GetFileSize
ReadFile
CreateFileW
GetFileTime
GetFileAttributesExW
LocalAlloc
GetComputerNameW
GetACP
lstrcpyW
SetLastError
DeleteFileW
GetTimeZoneInformation
lstrcpynW
CreateSemaphoreW
ReleaseSemaphore
Sleep
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
WriteFile
GetStdHandle
GetModuleFileNameA
GetOEMCP
IsValidCodePage
HeapCreate
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InterlockedIncrement

user32

CharLowerW
UnregisterClassA
wsprintfW
GetClassNameW
RegisterWindowMessageW
CharNextW
CharLowerBuffW
EnumChildWindows
GetWindowThreadProcessId
EnumWindows
GetParent
PostThreadMessageW
SendMessageTimeoutW
DispatchMessageW
CharLowerA
KillTimer
SetTimer
MsgWaitForMultipleObjects
PeekMessageW
MessageBoxW

advapi32

CryptDestroyHash
RegSetKeySecurity
GetSecurityInfo
LookupAccountNameW
ConvertSidToStringSidW
RegOpenKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptAcquireContextW
CryptEncrypt
CryptDecrypt
CryptDestroyKey
CryptReleaseContext
CryptCreateHash
CryptHashData
CryptDeriveKey

ole32

CoCreateInstance
CoTaskMemRealloc
CreateStreamOnHGlobal
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoTaskMemAlloc
GetHGlobalFromStream

oleaut32

VariantClear
SysAllocString
SysFreeString
VarI4FromStr
VariantInit
VarBstrCmp
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VarBstrFromI4
VarUI4FromStr
SysAllocStringLen

shlwapi

SHCreateStreamOnFileW
PathAppendW
PathFileExistsW
PathStripPathW
PathRemoveFileSpecW
SHDeleteKeyW

oleacc

ObjectFromLresult

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e25bdab11cae28979c76bf1e4daf26e2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

26:31:97:50:e8:54:09:f9:45:69:40:14:a4:ed:26:5aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

4a:b2:44:84:5f:bb:a1:7d:04:cc:0f:51:1f:c5:04:d9:15:cb:6c:abSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

oleacc

Exports

Exports

Sections

.text Size: 212KB - Virtual size: 209KB

.rdata Size: 48KB - Virtual size: 45KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 28KB - Virtual size: 26KB

.reloc Size: 24KB - Virtual size: 20KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

26:31:97:50:e8:54:09:f9:45:69:40:14:a4:ed:26:5a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

4a:b2:44:84:5f:bb:a1:7d:04:cc:0f:51:1f:c5:04:d9:15:cb:6c:ab
Signer

.text
Size: 212KB - Virtual size: 209KB

.rdata
Size: 48KB - Virtual size: 45KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 28KB - Virtual size: 26KB

.reloc
Size: 24KB - Virtual size: 20KB