438ae0f23cba331244434387087ca435_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

438ae0f23cba331244434387087ca435_JaffaCakes118
Size

566KB
MD5

438ae0f23cba331244434387087ca435
SHA1

1f3286f456572123e20b465a489c518605e96d41
SHA256

cbe5758ac9d7898e1fa391447854e70ad343a7be8fe70e799e4677cc48e1666b
SHA512

e913a04152392fd530fa7f69fd8b592441a6ce55328853d84a7410772ed748c4ff7a454b8f55ae47896fad7d8010a024c05aa6df9b79fc46308a8b098c6a90f9
SSDEEP

12288:JJdVUthAn2bSkABxlJuVWF2FBHddukoE3GtXjypUrbW0ocvDNvHzdQu+:J2tunOSVJc1zdnGlybO5D+

Score

1^/10

Malware Config

Signatures

Files

438ae0f23cba331244434387087ca435_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

7253277f396205e1060101cb701d1c1c

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:12:35:d2:80:dd:02:ff:b6:95:5b:28:8e:58:12:2d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/07/2010, 00:00

Not After

17/08/2011, 23:59

Subject

CN=LG Electronics Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Business Solution,O=LG Electronics Inc.,L=Pyeongtaek-si,ST=Gyeonggi-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

SetWindowRgn

gdi32

SetMetaFileBitsEx

advapi32

QueryServiceStatus

shell32

SHGetPathFromIDListA

ole32

StringFromGUID2

oleaut32

SysAllocStringByteLen

rpcrt4

NdrClearOutParameters

winmm

mciSendCommandA

version

VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProductSKU
InstallEngineTypelib
RemoveEngineTypelib

Sections

.text
Size: 433KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7253277f396205e1060101cb701d1c1c

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

57:12:35:d2:80:dd:02:ff:b6:95:5b:28:8e:58:12:2dCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

rpcrt4

winmm

version

Exports

Exports

Sections

.text Size: 433KB - Virtual size: 1.5MB

.rsrc Size: 128KB - Virtual size: 132KB

.reloc Size: 512B - Virtual size: 4KB

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

57:12:35:d2:80:dd:02:ff:b6:95:5b:28:8e:58:12:2d
Certificate

.text
Size: 433KB - Virtual size: 1.5MB

.rsrc
Size: 128KB - Virtual size: 132KB

.reloc
Size: 512B - Virtual size: 4KB