49a9f64c1d7fe48125d6429c039148dd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

49a9f64c1d7fe48125d6429c039148dd_JaffaCakes118
Size

157KB
MD5

49a9f64c1d7fe48125d6429c039148dd
SHA1

e2f2f1590ac4b538d97911baacb04cd55ca2ae19
SHA256

664aadd52bcace321dffee80c500ef6519d19e6bd734009b3fca85c283090955
SHA512

a235495b54a034aa5de9dab96758ea1ba18ac34a165eb9c0f6cf49cbb9499c5b104633e5818090022daef1f3b1b89aee4f5e4aad355367a0990debb7fe25f496
SSDEEP

1536:OawpXG2oOwDNRbzEqqIxe5tCGq0F9YHu8t1Cty0R5H26Hy:OawpuXXkqq95tqLO8t1CdxHy

Score

1^/10

Malware Config

Signatures

Files

49a9f64c1d7fe48125d6429c039148dd_JaffaCakes118
.dll windows:4 windows x86 arch:x86

564027778db016a8bdce711c340fcf7e

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:cd:6f:7f:f8:0a:fd:b7:7e:aa:a5:b5:49:58:22:76
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/01/2005, 00:00

Not After

12/01/2006, 23:59

Subject

CN=Hummingbird,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Connectivity R&D,O=Hummingbird,L=Toronto,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

WSACleanup
gethostname
WSAStartup
gethostbyname
ioctlsocket
inet_addr
gethostbyaddr
ntohs

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

hcldes10

passwd_crypt
passwd_verify
xencrypt
passwd_saltgen
decrypt_secret_key

hnrpc10

rpcCreateAuthDES
xdr_uint32_t
xdr_rpc_netobj
rpcCreateReplyHeader
ReplyRPC
xdr_void
xdr_array
xdr_pointer
rpcAcceptIncoming
xdrutil_malloc
rpcInitServerOperation
xdr_u_char
xdr_string
xdr_bool
xdr_u_int
mbufGetString
rpcCreateAuthUnix
rpcPrepareRPCHeader
InitDataBuffer
mbufAddString
mbufAddLong
CallRPC
GetProgramPort
rpcInitOperation
rpcCloseOperation
xdr_int
xdr_bytes
rpcCreateAuthNull
xdrutil_free
xdrutil_strdup

kernel32

SetLastError
lstrlenA
lstrcpyA
CreateFileA
DeviceIoControl
GetUserDefaultLangID
IsDBCSLeadByte
WritePrivateProfileStringA
GetPrivateProfileStringA
GetTickCount
CreateMutexA
GetLastError
CloseHandle
LoadLibraryA
GetProcAddress
FreeLibrary
LeaveCriticalSection
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection

user32

wsprintfA
wvsprintfA
LoadStringA
GetForegroundWindow
EndDialog
GetWindowLongA
GetDlgItem
SendMessageA
SetWindowLongA
MessageBoxA
DialogBoxParamA
CharToOemW

advapi32

RegOpenKeyExA
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
LookupAccountNameA
RegCloseKey
GetUserNameA
RegQueryValueExA

hnsrch10

SvrSearchCreate
SvrSearchDestroy
SvrSearchWait
SvrSearchStart

hnutil10

PlatformRegCloseKey
PlatformRegOpenKeyExA

msvcrt

strrchr
printf
putchar
atoi
_stricmp
strstr
fputs
ctime
puts
sscanf
_pctype
__mb_cur_max
_isctype
strncat
strtol
tolower
_atoi64
calloc
_strlwr
_initterm
_adjust_fdiv
??2@YAPAXI@Z
malloc
??3@YAXPAX@Z
free
_iob
atol
rand
srand
time
strncpy
strtok
strchr
sprintf
_getch
realloc
fprintf

Exports

Exports

SNIS_FormPrincipalName
__nis_create_callback
__nis_create_callbackEx
__nis_destroy_callback
__nis_do_callback
extractkey
getypbindverEx
hclnis3_RefreshDomainEx
hclnis3_SwapServerPositionEx
nis3keylogon_AcquireCredEx
nis3keylogon_GUI
nis3keylogon_TryDefaultPasswdsEx
nis3keylogon_TryLoadOrLogonEx
nisini_LoadConfigNoShuffleEx
nisini_ResetConfig
nisini_SaveConfigEx
nislib_create_object
nislib_create_result
nislib_domain_of
nislib_find_column
nislib_free_attrs
nislib_free_names
nislib_free_object
nislib_free_result
nislib_leaf_of
nislib_listEx
nislib_local_domainEx
nislib_local_principalEx
nislib_lookupEx
nislib_modify_entryEx
nislib_nstype2str
nislib_parse_request
nislib_perror
nislib_print_object
nislib_print_rights
nislib_replace_entry_str
nislib_sperrno
nislib_sprint_endpoint
nislib_sprint_flags
nislib_sprint_objtype
nislib_sprint_pkey
nislib_sprint_rights
nislib_sprint_ttl
nisreg_CheckSetupEx
nisreg_CopyConfig
nisreg_LoadConfigAllExt
nisreg_LoadConfigEx
nisreg_LoadConfigNoShuffleEx
nisreg_LoadDomainEx
nisreg_LoadFullPrincipalNameEx
nisreg_LoadUserInfoEx
nisreg_Migrate_inet_addr
nisreg_ResetConfigEx
nisreg_ResetUserInfoEx
nisreg_SaveConfigEx
nisreg_SaveUserInfoEx
nisreg_SearchConfig
nisutil_AutoGetServerList
nisutil_ChangePasswdEx
nisutil_FormShadowField
nisutil_GetDesCredsEx
nisutil_GetDesCredsUsingDomain
nisutil_GetDesPrincipleName
nisutil_GetLocalCredsEx
nisutil_GetServerList
nisutil_LoadString
nisutil_ParseShadowField
nisutil_PwdPrompt
nisutil_UnsecureConnectServer
nisutil_UnsecureConnectServerByIP
nisutil_VerifyConfigEx
nisutil_VerifyCredentialsEx
nisutil_VerifyLogonPasswdEx
setnisEx
xdr_ib_request
xdr_nis_result
ypall
ypbindEx
ypclose
ypconfig_Copy
ypconfig_FindServers
ypconfig_LoadAllExt
ypconfig_LoadEx
ypconfig_LoadINIEx
ypconfig_ResetEx
ypconfig_ResetINI
ypconfig_SaveEx
ypconfig_SaveINIEx
ypconfig_Search
ypconfig_VerifyAndRefreshEx
ypconfig_VerifyAndRefreshExNoMapCheck
ypdomainEx
ypfirstEx
ypgeterrornumber
ypgeterrortext
ypinit
ypmaplistEx
ypmaplistfree
ypmasterEx
ypmatchEx
ypnextEx
yppasswdEx
ypslowgeterrortext

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

564027778db016a8bdce711c340fcf7e

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

62:cd:6f:7f:f8:0a:fd:b7:7e:aa:a5:b5:49:58:22:76Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

wsock32

ole32

hcldes10

hnrpc10

kernel32

user32

advapi32

hnsrch10

hnutil10

msvcrt

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 68KB - Virtual size: 66KB

.data Size: 16KB - Virtual size: 21KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

62:cd:6f:7f:f8:0a:fd:b7:7e:aa:a5:b5:49:58:22:76
Certificate

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 68KB - Virtual size: 66KB

.data
Size: 16KB - Virtual size: 21KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB