462b23db042a9aa545c632f242ae82a0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

462b23db042a9aa545c632f242ae82a0_JaffaCakes118
Size

295KB
MD5

462b23db042a9aa545c632f242ae82a0
SHA1

ed6c91ee4894282cd52b3c589ce24e61b7c662ec
SHA256

5ea060047f433f711001db309c612356efbc266a2c3dae1baf85902879a43506
SHA512

16807fcc2d02b6fe194ade8fd1000bb30330a93b53ec953fbe4b4b85235031acb449257a1a01536db69243b8089a0640d74563c079d84c85615ff3723ea68d31
SSDEEP

6144:idojqndNs7Yg5/JDjaZgkGwHLUfoCb1ueIlHeGWosLbhiJ8vubk+Y9HvwXgu7vqX:idojUdGYQ/JDjaZgkfHwfoo1ueA+GWoK

Score

1^/10

Malware Config

Signatures

Files

462b23db042a9aa545c632f242ae82a0_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

947fdfc854cd858dadc32a77928ff9a2

Code Sign

86:c5:a6:45:2b:b0:f6:40:a1:1c:f2:a7:26:2e:92:10
Certificate

Issuer

CN=Adobe Systems\, Incorporated,OU=Adobe Systems\, Incorporated,O=Adobe Systems\, Incorporated,L=Los Angeles,ST=CA,C=US,1.2.840.113549.1.9.1=#0c1842696c6c5f4761746573406d6963726f736f66742e636f6d

Not Before

29/01/2009, 00:00

Not After

28/01/2010, 23:59

Subject

CN=Adobe Systems\, Incorporated,OU=Adobe Systems\, Incorporated,O=Adobe Systems\, Incorporated,L=Los Angeles,ST=CA,C=US,1.2.840.113549.1.9.1=#0c1842696c6c5f4761746573406d6963726f736f66742e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteProcessMemory
GetLocalTime
WideCharToMultiByte
FindResourceA
SizeofResource
LockResource
LoadResource
FindResourceExA
FreeLibrary
IsDBCSLeadByte
LoadLibraryExA
GetThreadLocale
SetThreadLocale
DeleteCriticalSection
RaiseException
EnterCriticalSection
InitializeCriticalSection
MultiByteToWideChar
lstrlenA
GetLastError
GetModuleFileNameA
lstrlenW
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
GetSystemDirectoryA
GetCurrentProcessId
CreateFileA
WriteFile
CreateThread
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFilePointer
SetEndOfFile
CompareStringW
InterlockedExchange
CompareStringA
LoadLibraryA
Sleep
FlushFileBuffers
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
VirtualQuery
GetProcAddress
GetModuleHandleA
GetSystemInfo
lstrcmpiA
Module32Next
Module32First
GetCurrentProcess
CreateToolhelp32Snapshot
CreateDirectoryA
CloseHandle
GetConsoleMode
GetConsoleCP
GetStringTypeW
SetHandleCount
LCMapStringW
LCMapStringA
GetStdHandle
ExitProcess
VirtualFree
HeapCreate
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetCPInfo
GetTimeZoneInformation
RtlUnwind
GetCommandLineA
GetStringTypeA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetACP
GetLocaleInfoA
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualProtect
VirtualAlloc
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetFileType

user32

CharNextA
UnregisterClassA

advapi32

RegOpenKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegEnumKeyExA
RegEnumValueA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoTaskMemRealloc
StringFromGUID2
CoInitialize
CoGetClassObject

oleaut32

SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
DispCallFunc
VariantInit
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetVartype
LoadRegTypeLi
VariantClear
VariantCopy
SysFreeString
LoadTypeLi
SysAllocString
UnRegisterTypeLi
SysStringLen
RegisterTypeLi
VarUI4FromStr

shlwapi

PathFindFileNameA
PathFindExtensionA
PathAddBackslashA

imagehlp

ImageDirectoryEntryToData

urlmon

CoInternetGetSession

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

947fdfc854cd858dadc32a77928ff9a2

Code Sign

86:c5:a6:45:2b:b0:f6:40:a1:1c:f2:a7:26:2e:92:10Certificate

Extended Key Usages

Key Usages

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

imagehlp

urlmon

Exports

Exports

Sections

.text Size: 208KB - Virtual size: 207KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 20KB - Virtual size: 17KB

86:c5:a6:45:2b:b0:f6:40:a1:1c:f2:a7:26:2e:92:10
Certificate

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

.text
Size: 208KB - Virtual size: 207KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 20KB - Virtual size: 17KB