2f2b111ce91b402c148a77fc9a396232_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2f2b111ce91b402c148a77fc9a396232_JaffaCakes118
Size

93KB
MD5

2f2b111ce91b402c148a77fc9a396232
SHA1

c0e101643ac741a6aaaafecf5e84a303d88e4209
SHA256

5ab33052f23b08c92bbec4631bd7148990c4f568a55a1eeedcd89b4bcf80db1c
SHA512

23d3c42f106b083a361cd30d7e28d75fe2862f7882ea7ec2fc9c73734253f527bad68860500780e02f9f1153101f69a4268ff29df7ac4bf745e2f39172dfb139
SSDEEP

1536:x+fdFc0O3ZwVtwqxRWSvnODJtA7i+4ro+Jntm5q2m8:cFc0wZijU075+V85qI

Score

1^/10

Malware Config

Signatures

Files

2f2b111ce91b402c148a77fc9a396232_JaffaCakes118
.dll windows:4 windows x86 arch:x86

db0ad4fd237616da861d0218a90022fe

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:97:62:9e:97:34:0e:ae:88:85:0d:0c:fd:78:78:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

11/01/2008, 00:00

Not After

10/01/2010, 23:59

Subject

CN=Netcom3 Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Netcom3 Inc.,L=Los Angeles,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Documents and Settings\Himanshu\Desktop\SpyClean\_bin\Release\RegistryChecker.pdb

Imports

backupmanager

?GetManager@BackupManager@@YAAAUIManager@1@XZ

logger

?GetLogger@Logger@@YAAAUILogger@1@XZ

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?_Nomemory@std@@YAXXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ

kernel32

GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
ExitProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetFileAttributesA
ExpandEnvironmentStringsA
Sleep
GetLogicalDrives
GetDriveTypeA
FindFirstFileA
FindNextFileA
FindClose
CloseHandle
CreateEventA
WaitForSingleObject
SetEvent
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
ResetEvent

advapi32

RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegEnumValueA
RegCloseKey

ole32

CoInitialize
CoCreateInstance

oleaut32

SysAllocStringLen
SysFreeString

shlwapi

PathFileExistsA

msvcr71

__CppXcptFilter
?terminate@@YAXXZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
__security_error_handler
memset
_callnewh
atoi
_mbsnbicmp
_except_handler3
free
malloc
memmove
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??3@YAXPAX@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_purecall
__CxxFrameHandler
_strnicmp
_stricmp

mfc71

ord1024
ord2322
ord297
ord1489
ord876
ord2902
ord299
ord2933
ord1482
ord304
ord1486
ord865
ord3934
ord2272
ord1916
ord5529
ord310
ord4109
ord911
ord298
ord784
ord4081
ord6167
ord907
ord6179
ord6138
ord2699
ord2271
ord6168
ord5491
ord305
ord6118
ord781
ord578

Exports

Exports

?GetChecker@RegistryChecker@@YAAAUIChecker@1@XZ

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db0ad4fd237616da861d0218a90022fe

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

67:97:62:9e:97:34:0e:ae:88:85:0d:0c:fd:78:78:68Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

backupmanager

logger

msvcp71

kernel32

advapi32

ole32

oleaut32

shlwapi

msvcr71

mfc71

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 604B

.reloc Size: 12KB - Virtual size: 9KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

67:97:62:9e:97:34:0e:ae:88:85:0d:0c:fd:78:78:68
Certificate

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 604B

.reloc
Size: 12KB - Virtual size: 9KB