4b5437f96c4b1e54a662f4dae418557f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4b5437f96c4b1e54a662f4dae418557f_JaffaCakes118
Size

509KB
MD5

4b5437f96c4b1e54a662f4dae418557f
SHA1

540af3ec7384dd5124aaba044a31f4aa27add113
SHA256

229295c0b1fdcdb43c1efe80414e6f53ac2675124ff8e4c3f45500d1f279b155
SHA512

dbe04e8b087550864410c395ce119f08e31ef9bb6107374cb4d710fd87cd72cfdbfe7242eba3a629a37fac55f4358116bc13b5637a37687ae5c22c62ce90c213
SSDEEP

6144:EfHvLjIeNV4jvgaderTNpd1++bcx1sdYZeSyHxs9t5XdA5genMnYg8wQ4DhVw9bt:cR4jvArdix1JVyR8tdOqYHl47MnqXRrG

Score

1^/10

Malware Config

Signatures

Files

4b5437f96c4b1e54a662f4dae418557f_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

200b0bff798b9557e96b4ad4b7bd13aa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:ca:c0:20:4e:26:af:c8:93:f8:a3:db:73:e0:1c:70
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

20/04/2011, 00:00

Not After

16/07/2013, 23:59

Subject

CN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f0:83:47:1d:5b:ab:1b:e2:19:ef:c8:7b:74:1c:68:2e:ba:17:40:58
Signer

Actual PE Digest

f0:83:47:1d:5b:ab:1b:e2:19:ef:c8:7b:74:1c:68:2e:ba:17:40:58

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeviceIoControl
LocalAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcmpA
LocalFree
GetProcAddress
HeapReAlloc
CloseHandle
CreateProcessW
lstrcpynW
GetLocalTime
GlobalFree
DeleteFileW
GetTempFileNameW
GetTempPathW
CreateEventW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
SetFilePointer
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetPrivateProfileStringW
GetFileType
SetHandleCount
HeapFree
GetConsoleCP
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetModuleFileNameA
GetStdHandle
WriteFile
HeapCreate
ExitProcess
ReadFile
IsValidCodePage
GetOEMCP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCommandLineA
GetSystemInfo
GetModuleHandleA
VirtualProtect
GetSystemTimeAsFileTime
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
HeapSize
HeapDestroy
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
HeapAlloc
GetProcessHeap
WaitForSingleObject
ResetEvent
lstrcpyW
SetEvent
lstrcmpiA
lstrlenA
CreateThread
lstrcmpW
InterlockedDecrement
GetLastError
CreateFileW
GetVersionExW
SizeofResource
GetEnvironmentVariableW
CreateDirectoryW
Sleep
VirtualQuery
GetThreadLocale
SetThreadLocale
GetModuleHandleW
MultiByteToWideChar
SetLastError
GetCurrentThreadId
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
GetCurrentProcess
FlushInstructionCache
InterlockedIncrement
lstrcmpiW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
GetTickCount
SetThreadExecutionState
LoadLibraryExW
FindFirstFileW
FindNextFileW
FindClose
FreeLibrary
WritePrivateProfileStringW
GetConsoleMode
GetPrivateProfileIntW
GetModuleFileNameW
GetFileAttributesW
FindResourceExW
FindResourceW
LoadResource
LockResource
GetStartupInfoA

user32

GetWindowRect
GetClientRect
GetWindowLongW
ReleaseDC
SetTimer
KillTimer
IsWindow
CallWindowProcW
DefWindowProcW
SetWindowPos
SetFocus
ShowCursor
GetMenuItemCount
RemoveMenu
AppendMenuW
LoadStringW
PostMessageW
CreateAcceleratorTableW
UnregisterClassA
SetWindowLongW
SendMessageW
DdeConnect
DdeCreateStringHandleW
DdeInitializeW
TrackPopupMenu
GetSubMenu
LoadMenuW
MessageBoxW
GetDC
ScreenToClient
GetDoubleClickTime
CreateWindowExW
FillRect
EnumDisplayMonitors
GetCursorPos
TrackMouseEvent
CharNextW
DestroyWindow
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
EndPaint
BeginPaint
PtInRect
UnionRect
ShowWindow
GetClassInfoExW
LoadCursorW
IsChild
GetFocus
GetParent
InvalidateRect
GetKeyState
RegisterClassExW
DestroyCursor
SetCursor
GetDesktopWindow
ReleaseCapture
SetCapture
CharLowerA
FindWindowExW
GetClassNameW
FindWindowW
SetWindowTextW
IsWindowVisible
SetParent
GetWindow
GetWindowTextW
GetWindowTextLengthW
CheckMenuItem
CheckMenuRadioItem
EnableMenuItem
ModifyMenuW
RegisterWindowMessageW
GetSysColor
MoveWindow
ClientToScreen
InvalidateRgn
RedrawWindow
GetDlgItem
DestroyAcceleratorTable
InsertMenuItemW
DeleteMenu
DdeDisconnect
DdeFreeStringHandle
DdeClientTransaction

gdi32

CreatePolygonRgn
CreateEllipticRgn
CreateRectRgn
CombineRgn
LPtoDP
SetMapMode
SetViewportOrgEx
CreateDCW
CreateMetaFileW
SaveDC
SetWindowOrgEx
TextOutW
RestoreDC
CloseMetaFile
DeleteMetaFile
GetDeviceCaps
CreateRectRgnIndirect
CreateSolidBrush
DeleteObject
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
SetTextAlign
CreateFontIndirectW
Rectangle
SelectClipRgn
GetClipRgn
CreateCompatibleBitmap
GetObjectW
SetWindowExtEx
GetStockObject

advapi32

RegQueryInfoKeyW
RegCreateKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegOpenKeyW
RegEnumKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteKeyW

shell32

ShellExecuteW

ole32

StringFromCLSID
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoUninitialize
StringFromGUID2
ReadClassStm
OleSaveToStream
WriteClassStm
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
CreateOleAdviseHolder
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize

oleaut32

SafeArrayCreate
SafeArrayPutElement
OleCreateFontIndirect
SysAllocStringLen
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
OleCreatePropertyFrame
SysStringLen
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
SysFreeString
SysAllocString
VariantCopy
VariantClear
VariantInit

ws2_32

WSASend
WSAResetEvent
WSARecv
WSAGetOverlappedResult
WSASetEvent
WSACreateEvent
WSAStartup
WSAConnect
WSAGetLastError
WSAEnumNetworkEvents
WSACloseEvent
WSAEventSelect
WSACleanup
closesocket
WSASocketW
WSASetLastError
getaddrinfo
freeaddrinfo

gdiplus

GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipDeletePen
GdipCreatePen1
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCloneImage
GdipCreateFont
GdipDrawImageRectRectI
GdipFillRectangleI
GdipGetImageGraphicsContext
GdipCreateSolidFill
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipDeleteBrush
GdipAlloc
GdipFree
GdipDeleteFont
GdipBitmapGetPixel
GdipSetImageAttributesColorMatrix
GdipCreateFromHWND
GdipDrawRectangleI
GdipMeasureString
GdipCloneBitmapAreaI
GdipDrawImageRectI
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatTrimming
GdiplusStartup
GdiplusShutdown
GdipCloneBrush
GdipDrawString
GdipTranslateWorldTransform

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertCloseStore
CryptMsgClose
CertFreeCertificateContext
CryptDecodeObject
CertGetNameStringW
CryptQueryObject

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wintrust

WinVerifyTrust

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 336KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

200b0bff798b9557e96b4ad4b7bd13aa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

2c:ca:c0:20:4e:26:af:c8:93:f8:a3:db:73:e0:1c:70Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

f0:83:47:1d:5b:ab:1b:e2:19:ef:c8:7b:74:1c:68:2e:ba:17:40:58Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

gdiplus

crypt32

version

wintrust

Exports

Exports

Sections

.text Size: 336KB - Virtual size: 332KB

.rdata Size: 104KB - Virtual size: 100KB

.data Size: 20KB - Virtual size: 28KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 28KB - Virtual size: 27KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

2c:ca:c0:20:4e:26:af:c8:93:f8:a3:db:73:e0:1c:70
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

f0:83:47:1d:5b:ab:1b:e2:19:ef:c8:7b:74:1c:68:2e:ba:17:40:58
Signer

.text
Size: 336KB - Virtual size: 332KB

.rdata
Size: 104KB - Virtual size: 100KB

.data
Size: 20KB - Virtual size: 28KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 28KB - Virtual size: 27KB