3fc41578452cbe9aa46da80820d4cd9e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3fc41578452cbe9aa46da80820d4cd9e_JaffaCakes118
Size

150KB
MD5

3fc41578452cbe9aa46da80820d4cd9e
SHA1

a38a0da63ab05b6038032cf74a51039b3b366b0b
SHA256

4bb2b95e448dedc8caf259a99c5121a500e0a5a55ab663274cb8b081158a2f7d
SHA512

fbe86aad5583261053e95711ef34db5dbbb01ff16f652790e6366e4f2848437efb9c8f2af4fe077f3133545024dc8da10acf8d03e7e9b868adf62a949f4da68d
SSDEEP

3072:HHSCNULYm5elyABcEpdd7PPoZ2/C9+bHt2C4f+kU:HHjO5Qyu7DdzgZ2/Xb4CVkU

Score

1^/10

Malware Config

Signatures

Files

3fc41578452cbe9aa46da80820d4cd9e_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

7e94cf9f098be7546f892e037f347b91

Code Sign

a9:3f:ad:65:18:7f:40:44:9a:71:c4:e9:cd:09:1a:b9
Certificate

Issuer

CN=Samsung,O=Samsung,C=KR,1.2.840.113549.1.9.1=#0c10737570704073616d73756e672e636f6d

Not Before

17/01/2012, 00:00

Not After

17/01/2014, 23:59

Subject

CN=Samsung,O=Samsung,C=KR,1.2.840.113549.1.9.1=#0c10737570704073616d73756e672e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

xpcom

NS_GetComponentManager
NS_GetServiceManager
NS_CStringContainerFinish
NS_CStringContainerInit
NS_StringContainerFinish
NS_StringContainerInit2
NS_StringContainerInit
NS_CStringSetDataRange
NS_CStringSetData
NS_CStringGetData
NS_StringSetDataRange
NS_StringSetData
NS_StringCopy
NS_StringGetMutableData
NS_StringGetData

kernel32

FlushFileBuffers
GetConsoleMode
GetConsoleCP
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GlobalAlloc
GlobalFree
GetProcAddress
LoadLibraryW
WideCharToMultiByte
GetModuleFileNameA
lstrlenA
lstrlenW
lstrcmpW
lstrcmpA
InterlockedExchangeAdd
MapViewOfFile
GetLastError
CreateFileMappingW
lstrcatW
lstrcpyW
lstrcmpiW
GetModuleFileNameW
GetLocalTime
MultiByteToWideChar
WriteConsoleA
CloseHandle
FindNextFileW
SetFileTime
SetEndOfFile
WriteFile
SetFilePointer
ReadFile
GetFileSize
GetFileTime
CreateFileW
GetFileAttributesW
GlobalUnlock
lstrcpynA
GlobalLock
lstrcpyA
GetCurrentThreadId
GetCurrentProcessId
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
Sleep
GetDateFormatA
GetTimeFormatA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
OpenMutexW
GetStringTypeW
GetStringTypeA
LoadLibraryA
VirtualAlloc
GetTimeZoneInformation
SetStdHandle
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStdHandle
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCPInfo
GetOEMCP
LCMapStringA
LCMapStringW
VirtualFree

user32

SetTimer
GetKeyboardLayout
OpenClipboard
CloseClipboard
wsprintfA
KillTimer
GetTopWindow
wsprintfW
GetParent
GetWindow
GetClassNameW
UnregisterClassA

advapi32

RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey

Exports

Exports

DllRegisterServer
DllUnregisterServer
NSModule

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e94cf9f098be7546f892e037f347b91

Code Sign

a9:3f:ad:65:18:7f:40:44:9a:71:c4:e9:cd:09:1a:b9Certificate

Extended Key Usages

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

xpcom

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 8KB - Virtual size: 20KB

.reloc Size: 12KB - Virtual size: 9KB

a9:3f:ad:65:18:7f:40:44:9a:71:c4:e9:cd:09:1a:b9
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 8KB - Virtual size: 20KB

.reloc
Size: 12KB - Virtual size: 9KB