395f3c267a33d473f8df7fac26f38cec_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

395f3c267a33d473f8df7fac26f38cec_JaffaCakes118
Size

64KB
MD5

395f3c267a33d473f8df7fac26f38cec
SHA1

131928ece9b231eb9bbeae39bf9a988c5a86929a
SHA256

3fa231d3887c583fcc619ff43008ae2b6f9378fbc0bf6e516f3fcf2bb20d154b
SHA512

233c1a92b3a24d270d0dd9a8efcafde9ca07b8108f216eeb4ef6cac8bf893ccf6c72eef53ebc362a61af2802e707d98571d957a9863a77431e878cf29a747ec5
SSDEEP

768:gDxP7RMUAFM45QOBH6UL0uPvd79WOtesIr6/Q7odv9:s1635FH6k0uPvdQO8sI+IMdv9

Score

1^/10

Malware Config

Signatures

Files

395f3c267a33d473f8df7fac26f38cec_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2ba23464ebaeeb7f5880e1c42d29ed8d

Code Sign

e1:c4:ef:5f:1d:fe:67:45:f9:54:bb:21:ec:5f:89:b9
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-07-2006 00:00

Not After

16-07-2008 23:59

Subject

CN=Vomba Network,O=Vomba Network,POSTALCODE=H4R2B7,STREET=3300 Cote Vertu Suite 406,L=Montreal,ST=Qc,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09-07-1999 18:31

Not After

09-07-2019 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFindExtensionA
PathAppendA
PathFileExistsA
PathFindFileNameA
PathIsDirectoryA
PathRemoveExtensionA
SHGetValueA

nspr4

PR_FindSymbolAndLibrary
PR_SetEnv
PR_Free
PR_LoadLibraryWithFlags
PR_FindSymbol
PR_UnloadLibrary
PR_smprintf
PR_smprintf_free
PR_GetEnv
PR_AtomicIncrement
PR_AtomicDecrement
PR_GetLibraryFilePathname

msvcrt

strlen
malloc
_vsnprintf
realloc
??0exception@@QAE@ABV0@@Z
strcat
free
__CxxFrameHandler
??2@YAPAXI@Z
_CxxThrowException
fclose
fread
_stat
rewind
ftell
fseek
fopen
fflush
fputc
_stricmp
strtok
strcmp
memcpy
strncat
time
atoi
localtime
_purecall
_EH_prolog
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
fgets
strncmp
_fullpath
strcpy
_mbsrchr
??3@YAXPAX@Z
memset
strncpy
sprintf
_fstat
_fileno
_adjust_fdiv

kernel32

GetLastError
GetComputerNameA
LocalAlloc
CreateDirectoryA
GetEnvironmentVariableA
SetCurrentDirectoryA
GetModuleFileNameA
GetFileAttributesA
DeleteFileA
OutputDebugStringA
FormatMessageA
LocalFree
GetSystemTime
SetEnvironmentVariableA
GetTimeZoneInformation

user32

SendMessageTimeoutA
FindWindowExA
EnumWindows
RegisterWindowMessageA

advapi32

SetSecurityDescriptorDacl
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
InitializeSecurityDescriptor

msvcp60

??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDH@Z
?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z

mfc42

ord939
ord535
ord800
ord3181
ord1980
ord2818
ord858
ord540
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord356
ord665
ord353
ord537
ord1187
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord3178
ord2781
ord668
ord2770

shell32

SHGetSpecialFolderPathA

Exports

Exports

NSGetModule

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ba23464ebaeeb7f5880e1c42d29ed8d

Code Sign

e1:c4:ef:5f:1d:fe:67:45:f9:54:bb:21:ec:5f:89:b9Certificate

Extended Key Usages

Key Usages

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

shlwapi

nspr4

msvcrt

kernel32

user32

advapi32

msvcp60

mfc42

shell32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 856B

.reloc Size: 4KB - Virtual size: 2KB

e1:c4:ef:5f:1d:fe:67:45:f9:54:bb:21:ec:5f:89:b9
Certificate

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 856B

.reloc
Size: 4KB - Virtual size: 2KB