24af4a919827a04e5a8e5f7dc3add786_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

24af4a919827a04e5a8e5f7dc3add786_JaffaCakes118
Size

253KB
MD5

24af4a919827a04e5a8e5f7dc3add786
SHA1

a6196a920613a31a41a87409bf8fb00395589405
SHA256

77a6a48bb51c952428e5a1eeedd8403d1a0ccd7b19bb428a411c142ec557e2c3
SHA512

13baca5456c4e0015b8622c8589bd7be885b48b5057209495aa01b10b7961eb05b258278190c948aa4ce816770a845d85fafa4e87a30a5760fb9d1e516ba74c1
SSDEEP

3072:qUn5PdZvlBHh/iYfZZmP3+6t7HMJ0WUkvnYgTKTJctTaDQbnDK9:qo9n6+EZWvYgRTacbnDK9

Score

1^/10

Malware Config

Signatures

Files

24af4a919827a04e5a8e5f7dc3add786_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

22cb3943a0e6216fd4d47c5b5f8015d6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:73:0e:b0:e6:d9:2a:47:6e:16:62:8a:0d:be:fb:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31/05/2010, 00:00

Not After

06/05/2012, 23:59

Subject

CN=Mindspark Interactive Network,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Mindspark Interactive Network,L=White Plains,ST=NewYork,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegFlushKey

gdi32

GetStockObject
SetBkMode
SetTextColor
UpdateColors
CreateHalftonePalette
GetDeviceCaps
DeleteObject
GetObjectA
SelectObject
SelectPalette
RealizePalette
BitBlt
DeleteDC
CreateRectRgnIndirect
CreateFontIndirectA
CreateCompatibleDC

kernel32

EnterCriticalSection
InterlockedDecrement
HeapDestroy
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpyA
MultiByteToWideChar
lstrlenA
lstrcatA
WideCharToMultiByte
lstrlenW
GetModuleFileNameA
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
lstrcmpiA
CloseHandle
CreateProcessA
GetShortPathNameA
GetCurrentProcessId
GetDiskFreeSpaceExA
GetDriveTypeA
GetModuleHandleA
SizeofResource
LoadResource
FindResourceA
GetLastError
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
InterlockedIncrement
LeaveCriticalSection
WaitForSingleObject
CreateEventA
SetLastError
WaitForMultipleObjects
SetEvent
GetTickCount
lstrcmpA
CreateDirectoryA
GetExitCodeProcess
WriteFile
ReadFile
GetFileSize
CreateFileA
DeleteFileA
LockResource
CreateThread
DebugBreak
HeapReAlloc
HeapFree
FindClose
SetFileAttributesA
FindNextFileA
FindFirstFileA
SetCurrentDirectoryA
FlushFileBuffers
SetThreadPriority
ResumeThread
WritePrivateProfileSectionA
GetPrivateProfileIntA
GetPrivateProfileStringA
ResetEvent
LocalFree
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
DuplicateHandle
CreateFileMappingA
VirtualQuery
DeleteCriticalSection
InitializeCriticalSection
HeapCreate
GetVersionExA
GetSystemInfo
HeapAlloc
DisableThreadLibraryCalls
CreateMutexA
WritePrivateProfileStringA
GetSystemDirectoryA
GetCurrentDirectoryA
VirtualProtect
GlobalMemoryStatus
GetWindowsDirectoryA
MoveFileA
GetCommandLineA
GetFileAttributesA
ReleaseMutex

ole32

CreateOleAdviseHolder
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoUninitialize
CoInitialize
CLSIDFromProgID
OleRegEnumVerbs
OleRegGetUserType
OleRegGetMiscStatus
CoFreeUnusedLibraries
CoCreateInstance

oleaut32

VariantChangeTypeEx
SysAllocStringLen
VariantInit
SysStringLen
LoadRegTypeLi
VariantClear
RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString

user32

EndPaint
GetClientRect
BeginPaint
GetWindowRect
GetParent
DispatchMessageA
TranslateMessage
GetMessageA
ShowWindow
SetFocus
KillTimer
PostQuitMessage
SetTimer
LoadImageA
MapWindowPoints
SendDlgItemMessageA
SendMessageA
CreateDialogParamA
SetForegroundWindow
EnableWindow
GetDlgItem
InvalidateRect
UpdateWindow
LoadStringA
ReleaseDC
GetDC
SetWindowTextA
GetSystemMetrics
SetCursor
EndDeferWindowPos
DeferWindowPos
GetWindowTextA
ScreenToClient
BeginDeferWindowPos
IntersectRect
EqualRect
SetWindowPos
IsWindow
DestroyWindow
GetFocus
IsChild
GetClassInfoExA
LoadCursorA
wsprintfA
RegisterClassExA
OffsetRect
RedrawWindow
GetWindowLongW
SetWindowLongW
CharNextA
CreateWindowExA
CallWindowProcA
GetWindowLongA
SetWindowLongA
UnionRect
PtInRect
GetKeyState
DefWindowProcA
CallWindowProcW
DefWindowProcW
PeekMessageA
PostMessageA
GetWindowThreadProcessId
GetClassNameA
EnumWindows
GetKeyboardType
UnregisterClassA
SetWindowRgn

shell32

SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteA
SHGetPathFromIDListA

crypt32

CryptMsgGetParam
CryptDecodeObject
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptMsgClose

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Update

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22cb3943a0e6216fd4d47c5b5f8015d6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

41:73:0e:b0:e6:d9:2a:47:6e:16:62:8a:0d:be:fb:36Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

ole32

oleaut32

user32

shell32

crypt32

version

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 144KB - Virtual size: 142KB

.reloc Size: 8KB - Virtual size: 5KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

41:73:0e:b0:e6:d9:2a:47:6e:16:62:8a:0d:be:fb:36
Certificate

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 144KB - Virtual size: 142KB

.reloc
Size: 8KB - Virtual size: 5KB