4a969185c4274d6456d64dd49a1e0f73_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4a969185c4274d6456d64dd49a1e0f73_JaffaCakes118
Size

569KB
MD5

4a969185c4274d6456d64dd49a1e0f73
SHA1

24d90b6e817785ba968e23f37fbdb0de7aeff335
SHA256

970165ad410627073d1c6b3dee78bf80d50d545fd86790b2d784bc69781cda65
SHA512

dd2d9ecb96cf4a20067588f919831aea6ed4fbce93a29bf20b704d9376b12f918c041f32bf5d050b9fcfd07dcd35d5fe5f6778fba9ba6e08e8edb2f98a0cd7cd
SSDEEP

6144:xFi43SaRsu0xho+Qvv0QhHxcul05EtXdosFRJrTy6kbdXLOvZ9sNSOVJEmY7ixzL:tz0Y1d05EtXtFR9G6IcZZxsxzpKpHgTf

Score

1^/10

Malware Config

Signatures

Files

4a969185c4274d6456d64dd49a1e0f73_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

cfee1e29d0f367e5c8bc56d6283da3b3

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:8b:c3:fa:61:33:ad:c2:3c:15:ae:0e:64:3b:cf:81
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

01/04/2009, 00:00

Not After

01/04/2011, 23:59

Subject

CN=Koch Media GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Deep Silver,O=Koch Media GmbH,L=Hoefen,ST=Tirol,C=AT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e0:75:67:12:7a:72:2c:66:2c:4b:a4:43:8a:ce:24:ba:e4:22:0c:ac
Signer

Actual PE Digest

e0:75:67:12:7a:72:2c:66:2c:4b:a4:43:8a:ce:24:ba:e4:22:0c:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

SetWindowRgn

gdi32

SetBkColor

advapi32

RegDeleteKeyW

shell32

SHGetPathFromIDListW

ole32

OleSaveToStream

oleaut32

SafeArrayGetDim

rpcrt4

NdrProxySendReceive

winmm

sndPlaySoundW

version

GetFileVersionInfoSizeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProductSKU
InstallEngineTypelib
RemoveEngineTypelib

Sections

.text
Size: 435KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 129KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cfee1e29d0f367e5c8bc56d6283da3b3

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

68:8b:c3:fa:61:33:ad:c2:3c:15:ae:0e:64:3b:cf:81Certificate

Extended Key Usages

Key Usages

e0:75:67:12:7a:72:2c:66:2c:4b:a4:43:8a:ce:24:ba:e4:22:0c:acSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

rpcrt4

winmm

version

Exports

Exports

Sections

.text Size: 435KB - Virtual size: 1.5MB

.rsrc Size: 129KB - Virtual size: 132KB

.reloc Size: 512B - Virtual size: 4KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

68:8b:c3:fa:61:33:ad:c2:3c:15:ae:0e:64:3b:cf:81
Certificate

e0:75:67:12:7a:72:2c:66:2c:4b:a4:43:8a:ce:24:ba:e4:22:0c:ac
Signer

.text
Size: 435KB - Virtual size: 1.5MB

.rsrc
Size: 129KB - Virtual size: 132KB

.reloc
Size: 512B - Virtual size: 4KB