3585b78e7c2dcb550afc91b45a93337b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3585b78e7c2dcb550afc91b45a93337b_JaffaCakes118
Size

853KB
MD5

3585b78e7c2dcb550afc91b45a93337b
SHA1

09ec2b7182de0fef3ace92db34e5efe096357ae6
SHA256

0f097b1b9f19f6365313e754d949fcdd7f0fdce16df0944350173d77f4904b9a
SHA512

7c4113ac4cc8a141ecff85fffef16f0b32e204d9223a35ed1c82b7b9975711b405c89e0d0bb8d13ee33b7b3f44a10bed4dfba84036cf54820e5d7d10dc65b61c
SSDEEP

24576:4iIG/U1LdoGHP2uep43mNh6FQNPcRwojUwT7JcWKLdQf:4rN5HP2ffkFQNejT7J5

Score

1^/10

Malware Config

Signatures

Files

3585b78e7c2dcb550afc91b45a93337b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

2f2fa07f8de1b1ef79d3d0b15b57eab5

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6c:8e:2a:1c:7d:43:fc:69:15:72:e1:70:53:27:1b:4d
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

01/09/2009, 00:00

Not After

05/09/2011, 23:59

Subject

CN=Inbox.com\, Inc,OU=INBOX.COM,O=Inbox.com\, Inc,L=Wilmington,ST=DELAWARE,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
CreateErrorInfo
GetErrorInfo
SetErrorInfo
DispGetIDsOfNames
RegisterTypeLib
LoadTypeLibEx
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysFreeString
SysAllocStringLen

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegFlushKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegNotifyChangeKeyValue

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExW
CreateWindowExA
WindowFromDC
UpdateWindow
TranslateMessage
TranslateAcceleratorA
TrackPopupMenu
SystemParametersInfoA
ShowWindow
SetWindowRgn
SetWindowTextW
SetWindowTextA
SetWindowPos
SetWindowLongA
SetTimer
SetPropA
SetMenuItemInfoA
SetMenuInfo
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClassW
RegisterClassA
RedrawWindow
PtInRect
PostThreadMessageA
PostQuitMessage
PostMessageA
PeekMessageA
OffsetRect
MsgWaitForMultipleObjects
MoveWindow
MessageBoxW
MessageBoxA
LoadStringA
LoadImageA
LoadIconA
LoadCursorA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
InvalidateRgn
InvalidateRect
InsertMenuItemW
InsertMenuItemA
InflateRect
GetWindowThreadProcessId
GetWindowTextLengthW
GetWindowTextLengthA
GetWindowTextW
GetWindowTextA
GetWindowRect
GetWindowLongA
GetUpdateRgn
GetSystemMetrics
GetSystemMenu
GetSysColor
GetPropA
GetParent
GetWindow
GetMessageTime
GetMenuItemInfoW
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenuInfo
GetKeyState
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDC
GetCursorPos
GetClientRect
GetClassNameA
GetClassLongA
GetClassInfoW
GetClassInfoA
GetCapture
FrameRect
FindWindowExA
FindWindowA
FillRect
EnumWindows
EnumChildWindows
EndPaint
EnableWindow
EnableMenuItem
DrawTextW
DrawEdge
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyAcceleratorTable
DeleteMenu
DefWindowProcW
DefWindowProcA
CreatePopupMenu
CreateMenu
CopyImage
ClientToScreen
CheckMenuRadioItem
CharUpperBuffW
CharNextW
CharLowerBuffW
CallWindowProcW
CallWindowProcA
BeginPaint
CharNextA
CharLowerBuffA
CharUpperBuffA
CharToOemA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
WritePrivateProfileStringA
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
TerminateThread
SystemTimeToFileTime
SizeofResource
SetThreadPriority
SetLastError
SetFileTime
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
SearchPathA
ResumeThread
ResetEvent
RemoveDirectoryA
ReleaseMutex
ReadFile
OutputDebugStringA
OpenProcess
MultiByteToWideChar
LockResource
LocalFileTimeToFileTime
LoadResource
LoadLibraryExW
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalFree
GetVersionExA
GetUserDefaultLCID
GetTickCount
GetThreadLocale
GetTempPathA
GetTempFileNameA
GetStringTypeExW
GetStringTypeExA
GetStdHandle
GetShortPathNameA
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameW
GetFullPathNameA
GetFileInformationByHandle
GetFileAttributesA
GetExitCodeThread
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcess
GetCPInfo
GetACP
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageW
FormatMessageA
FindResourceW
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsA
EnumCalendarInfoA
EnterCriticalSection
DosDateTimeToFileTime
DeleteFileA
DeleteCriticalSection
CreateMutexA
CreateFileW
CreateFileA
CreateEventA
CreateDirectoryA
CompareStringW
CompareStringA
CloseHandle
Sleep
GetProcAddress
LoadLibraryA
GetModuleHandleA

msimg32

AlphaBlend

gdi32

TextOutW
StretchDIBits
StretchBlt
SetTextColor
SetROP2
SetPixel
SetDIBits
SetBkMode
SetBkColor
SelectObject
SelectClipRgn
RoundRect
Rectangle
RectVisible
MoveToEx
LineTo
GetTextExtentPoint32W
GetTextExtentPoint32A
GetStockObject
GetPixel
GetPaletteEntries
GetObjectA
GetDeviceCaps
GetDIBits
GetBkColor
ExtTextOutW
ExtTextOutA
DeleteObject
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreateRectRgn
CreatePen
CreatePalette
CreateFontIndirectA
CreateFontA
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CombineRgn
BitBlt

ole32

IsEqualGUID
CLSIDFromString
CoTaskMemFree
StringFromCLSID
CreateStreamOnHGlobal
OleSetMenuDescriptor
CoTaskMemFree
CLSIDFromString
StringFromCLSID
CoCreateInstance
CoLockObjectExternal
CoDisconnectObject
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
CoUninitialize
CoInitializeEx
CoInitialize
IsEqualGUID

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetDesktopFolder

wininet

InternetSetOptionA
InternetReadFile
InternetOpenUrlW
InternetOpenA
InternetCrackUrlA
InternetConnectA
InternetCloseHandle
HttpSendRequestA
HttpQueryInfoA
HttpOpenRequestA
HttpAddRequestHeadersA

shfolder

SHGetFolderPathA

comctl32

ImageList_GetIconSize
ImageList_DrawEx
InitCommonControls

urlmon

CoInternetGetSession

Exports

Exports

CheckDailyHitEx
CloseFirefox
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
InstallPlugin
IsFirefoxRunnig
ShowPanel
UpdatePlugins

Sections

.text
Size: 526KB - Virtual size: 526KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 305B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 270KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f2fa07f8de1b1ef79d3d0b15b57eab5

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

6c:8e:2a:1c:7d:43:fc:69:15:72:e1:70:53:27:1b:4dCertificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

msimg32

gdi32

ole32

shell32

wininet

shfolder

comctl32

urlmon

Exports

Exports

Sections

.text Size: 526KB - Virtual size: 526KB

.itext Size: 2KB - Virtual size: 2KB

.data Size: 9KB - Virtual size: 8KB

.bss Size: - Virtual size: 20KB

.idata Size: 10KB - Virtual size: 10KB

.edata Size: 512B - Virtual size: 305B

.reloc Size: 28KB - Virtual size: 27KB

.rsrc Size: 270KB - Virtual size: 269KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

6c:8e:2a:1c:7d:43:fc:69:15:72:e1:70:53:27:1b:4d
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

.text
Size: 526KB - Virtual size: 526KB

.itext
Size: 2KB - Virtual size: 2KB

.data
Size: 9KB - Virtual size: 8KB

.bss
Size: - Virtual size: 20KB

.idata
Size: 10KB - Virtual size: 10KB

.edata
Size: 512B - Virtual size: 305B

.reloc
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 270KB - Virtual size: 269KB