260edb1f869e5d32d71f59a228b47b12_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

260edb1f869e5d32d71f59a228b47b12_JaffaCakes118
Size

512KB
MD5

260edb1f869e5d32d71f59a228b47b12
SHA1

ed06d2f35a01f2ff830b806694f1471812af3e4b
SHA256

93ac35b9428946af6cfc990b444fd4bedd3ddd684950a18b99e702a1aeaf3ebf
SHA512

2666219624ac1a6a0210169d99235c1a974fd1d9607328f3f2571e47b0303d79e7e0b23317f3943f7683daac8eca0c952b4606617a40bc005365dba3a6e9ecb2
SSDEEP

6144:JsskivR5/xOA2zyZupAC569sjoYnZFmQ8B+sw/s0HkxRXT2LErpWA0VZQNJinzY+:qYvR5/cPSC8/4zQo/uDtrpWA2gMq9Y

Score

1^/10

Malware Config

Signatures

Files

260edb1f869e5d32d71f59a228b47b12_JaffaCakes118
.dll windows:4 windows x86 arch:x86

26523783c4a86ceef359677a1a2ad7a4

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6c:10:31:8a:98:1b:9a:03:c9:a8:40:ef:f4:e5:8f:33
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

11/02/2009, 00:00

Not After

13/02/2010, 23:59

Subject

CN=Market Precision\, Inc.,OU=IT,O=Market Precision\, Inc.,L=Cambridge,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:bf:9d:da:a7:39:de:09:85:f9:73:21:b9:d7:25:80:55:ad:cb:2f
Signer

Actual PE Digest

70:bf:9d:da:a7:39:de:09:85:f9:73:21:b9:d7:25:80:55:ad:cb:2f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

xpcom

NS_CStringContainerFinish
NS_StringContainerFinish
NS_CStringContainerInit
NS_Free
NS_StringGetData
NS_CStringGetData
NS_Alloc
NS_GetServiceManager
NS_StringContainerInit
NS_GetComponentManager

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr80

_wfopen_s
free
_vsnwprintf_s
malloc
isalnum
wcsncmp
wcstok_s
wcscpy_s
strcpy_s
??_V@YAXPAX@Z
_wcsnicmp
wcstod
wcstoul
wcsnlen
fwprintf_s
_purecall
memmove_s
wcsncpy_s
_snwprintf_s
rand_s
??0exception@std@@QAE@XZ
_stricmp
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
??0exception@std@@QAE@ABQBD@Z
towlower
??2@YAPAXI@Z
??3@YAXPAX@Z
fclose
calloc
strcpy
strlen
memset
memcpy
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_except_handler4_common
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_amsg_exit
__CppXcptFilter
_wcsicmp
_adjust_fdiv
_CxxThrowException
_unlock
__CxxFrameHandler3

user32

EnumChildWindows
IsWindowVisible
GetPropW
EnumWindows

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

VariantInit
SysAllocString
SysFreeString

wininet

InternetCrackUrlW

shlwapi

PathRemoveFileSpecW
UrlUnescapeW

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

iphlpapi

GetAdaptersAddresses

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

advapi32

RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
SetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
RegQueryValueExW

kernel32

LoadResource
FindResourceW
SizeofResource
DisableThreadLibraryCalls
GetModuleFileNameW
CreateWaitableTimerW
GetLastError
GetSystemTimeAsFileTime
SetWaitableTimer
CreateThread
CloseHandle
UnmapViewOfFile
CreateEventW
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
HeapFree
GetProcessHeap
CreateMutexW
LockResource
GetTickCount
LoadLibraryW
GetProcAddress
FreeLibrary
DeleteFileW
FindFirstFileW
CreateFileW
GetFileTime
FindNextFileW
FindClose
GetCurrentProcess
Sleep
OutputDebugStringW
LocalFree
GetTempPathW
WaitForMultipleObjects
OpenFileMappingW
MapViewOfFile
SetEvent
WaitForSingleObject
ReleaseMutex
MultiByteToWideChar
GetCurrentThreadId
InterlockedDecrement
CreateDirectoryW
GetTempFileNameW
WideCharToMultiByte
GetVersionExW
SetLastError
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
OpenEventW

nspr4

PR_AtomicIncrement
PR_AtomicDecrement

Exports

Exports

NSGetModule

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26523783c4a86ceef359677a1a2ad7a4

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

6c:10:31:8a:98:1b:9a:03:c9:a8:40:ef:f4:e5:8f:33Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

70:bf:9d:da:a7:39:de:09:85:f9:73:21:b9:d7:25:80:55:ad:cb:2fSigner

Headers

File Characteristics

Imports

xpcom

msvcp80

msvcr80

user32

ole32

oleaut32

wininet

shlwapi

urlmon

iphlpapi

rpcrt4

advapi32

kernel32

nspr4

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 60KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 8KB - Virtual size: 5KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

6c:10:31:8a:98:1b:9a:03:c9:a8:40:ef:f4:e5:8f:33
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

70:bf:9d:da:a7:39:de:09:85:f9:73:21:b9:d7:25:80:55:ad:cb:2f
Signer

.text
Size: 64KB - Virtual size: 60KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 8KB - Virtual size: 5KB