24ebd5eabdc47e2111c83ed379fa4d26_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

24ebd5eabdc47e2111c83ed379fa4d26_JaffaCakes118
Size

1.1MB
MD5

24ebd5eabdc47e2111c83ed379fa4d26
SHA1

6a31eaa9b95afb6928000dc8db701a34da7a0285
SHA256

973a7d392be5ce27c604ae65fa8401795be85febc01e19cfaf7bc6134ad2eb5f
SHA512

567630918ff3a21cf3efdfe0ad220860ae9f829509022c3ddda5f2cc36fd8ab51f60312156c11b6d90a4ee0427428fcefb221124bb83d4e1167f15762962d34c
SSDEEP

24576:/XADUEeg0ckrgzd4+tEalUJrZQOS7MMQEF:/XaUEeg6UHLcZQOaQy

Score

1^/10

Malware Config

Signatures

Files

24ebd5eabdc47e2111c83ed379fa4d26_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

c648b4939b5234213ae6167b79262d60

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:31:97:50:e8:54:09:f9:45:69:40:14:a4:ed:26:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/05/2011, 00:00

Not After

29/05/2014, 23:59

Subject

CN=Awareness Technologies\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Awareness Technologies\, Inc.,L=Marina del Rey,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e6:00:33:7d:89:25:27:a4:f5:e2:99:4a:4d:69:c7:05:9d:58:ca:d4
Signer

Actual PE Digest

e6:00:33:7d:89:25:27:a4:f5:e2:99:4a:4d:69:c7:05:9d:58:ca:d4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\BuildSource\6\WindowsClient\WindowsClient.Client.RC\Binaries\Win32\Release Sonar\mcsky.pdb

Imports

kernel32

Process32NextW
LocalAlloc
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
Sleep
FindCloseChangeNotification
FindNextChangeNotification
FindFirstChangeNotificationW
LoadLibraryW
ResetEvent
ReadFile
GetFileSize
CreateFileW
GetSystemDirectoryW
DeleteFileW
MoveFileExW
FlushFileBuffers
WriteFile
SetFileAttributesW
SetEnvironmentVariableW
GetEnvironmentVariableW
DuplicateHandle
CreateEventW
GetVersionExA
WideCharToMultiByte
AreFileApisANSI
GetFileAttributesA
DeleteFileA
GetFileAttributesW
GetTempPathA
GetTempPathW
SetFilePointer
GetFileAttributesExW
LockFile
LockFileEx
UnlockFile
GetFullPathNameA
GetFullPathNameW
LoadLibraryA
GetSystemTime
GetSystemTimeAsFileTime
TlsSetValue
TlsGetValue
TlsAlloc
CreateFileA
SetEvent
WaitForSingleObject
TerminateThread
GetTickCount
CreateProcessW
WaitForMultipleObjects
GetExitCodeProcess
GetProcAddress
GetCurrentProcess
InterlockedExchangeAdd
FileTimeToSystemTime
GetCurrentProcessId
ProcessIdToSessionId
GetComputerNameW
LocalFree
CloseHandle
GetCurrentThread
FindResourceExW
LockResource
InterlockedExchange
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetProcessHeap
HeapAlloc
FindFirstFileW
FindNextFileW
FindClose
HeapFree
lstrcmpiW
InterlockedDecrement
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
WriteConsoleW
RaiseException
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
GetLocaleInfoW
SetConsoleCtrlHandler
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
InterlockedIncrement
GetLastError
lstrlenW
DisableThreadLibraryCalls
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetEndOfFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetACP
GetLocaleInfoA
GetThreadLocale
HeapDestroy
HeapReAlloc
HeapSize
ReleaseMutex
ReleaseSemaphore
UnmapViewOfFile
MapViewOfFile
GetVersionExW
GetTimeZoneInformation
lstrcatW
FileTimeToDosDateTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetLocalTime
GetFileInformationByHandle
GlobalAlloc
GlobalFree
lstrlenA
IsBadReadPtr
GlobalReAlloc
GlobalUnlock
GlobalLock
CreateSemaphoreW
CreateMutexW
lstrcpynW
lstrcpyW
CreateFileMappingW
lstrcpyA
OpenFileMappingW
ExpandEnvironmentStringsW
GetComputerNameExW
FindNextFileA
FindFirstFileA
lstrcpynA
GetSystemDefaultLangID
SetLastError
CreateDirectoryW
CopyFileW
RemoveDirectoryW
GetTempFileNameW
CreateMutexA
GetCurrentThreadId
GlobalSize
SetFileTime
SetThreadPriority
GetExitCodeThread
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetCommandLineA
FatalAppExitA
VirtualFree
VirtualAlloc
HeapCreate
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
TlsFree
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType

user32

PeekMessageW
CharLowerW
MessageBoxW
UnregisterClassA
GetParent
GetDesktopWindow
GetWindowThreadProcessId
IsWindow
CharLowerBuffW
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW
CharNextW

advapi32

CryptDestroyKey
GetSidSubAuthority
GetSidSubAuthorityCount
CryptEncrypt
CryptDecrypt
CryptDeriveKey
LookupAccountSidW
SetNamedSecurityInfoW
ConvertStringSidToSidW
LookupPrivilegeValueW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
OpenProcessToken
GetTokenInformation
IsValidSid
DuplicateTokenEx
SetTokenInformation
LookupAccountNameW
ConvertSidToStringSidW
ImpersonateLoggedOnUser
OpenThreadToken
RevertToSelf
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
InitiateSystemShutdownExW

shell32

SHGetFolderPathW

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SafeArrayCreate
VarUI4FromStr
GetErrorInfo
SysStringLen
SystemTimeToVariantTime
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
VariantInit
VariantClear
SysAllocString
CreateErrorInfo
SysFreeString
SetErrorInfo
VarI4FromStr
VarBstrFromI4
VarBstrCmp
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayRedim
VarBstrCat
SafeArrayDestroy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreateVector

shlwapi

PathIsDirectoryW
PathSkipRootA
PathMatchSpecA
SHCreateStreamOnFileW
PathFindFileNameA
PathSkipRootW
PathMatchSpecW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW
PathAppendA
PathRemoveFileSpecA
PathIsDirectoryA
PathFindFileNameW
PathStripPathW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSCloseServer
WTSOpenServerW

netapi32

NetWkstaUserEnum
NetApiBufferFree

psapi

GetModuleFileNameExW

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 624KB - Virtual size: 623KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARSTA
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 360KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c648b4939b5234213ae6167b79262d60

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

26:31:97:50:e8:54:09:f9:45:69:40:14:a4:ed:26:5aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

e6:00:33:7d:89:25:27:a4:f5:e2:99:4a:4d:69:c7:05:9d:58:ca:d4Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wtsapi32

netapi32

psapi

rpcrt4

version

Exports

Exports

Sections

.text Size: 624KB - Virtual size: 623KB

.rdata Size: 92KB - Virtual size: 91KB

.data Size: 8KB - Virtual size: 15KB

.SHARSTA Size: 4KB - Virtual size: 56B

.rsrc Size: 360KB - Virtual size: 357KB

.reloc Size: 28KB - Virtual size: 24KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

26:31:97:50:e8:54:09:f9:45:69:40:14:a4:ed:26:5a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

e6:00:33:7d:89:25:27:a4:f5:e2:99:4a:4d:69:c7:05:9d:58:ca:d4
Signer

.text
Size: 624KB - Virtual size: 623KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 8KB - Virtual size: 15KB

.SHARSTA
Size: 4KB - Virtual size: 56B

.rsrc
Size: 360KB - Virtual size: 357KB

.reloc
Size: 28KB - Virtual size: 24KB