5af33babf5055d4154ea3ab8212717a1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5af33babf5055d4154ea3ab8212717a1_JaffaCakes118
Size

197KB
MD5

5af33babf5055d4154ea3ab8212717a1
SHA1

db28164141b377e3abfc5a80aa479d4219d6488d
SHA256

6b24c811a1946aff33044478aba68ebd9e81a4f509d8f5da5d52d613d7cebc63
SHA512

a93ccd8cb9c69a2018e8b2311874dc4d023539852a663cf87d815d71742c829c775e074bfb12f446d7a32407ea95d89313c2e5741350701a2aa34492e4b78248
SSDEEP

3072:51cU+0Hva22fRFlNmJw1+Q4xtUL5D3xmoGNWyDtjdvM1oPkVf:3cRPSwD4xtUtD3xvyRjdvM1Zf

Score

1^/10

Malware Config

Signatures

Files

5af33babf5055d4154ea3ab8212717a1_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

7d351440018122236ccfc5218898079d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:49:f1:23:f8:f5:71:f2:63:8a:6f:c8:e1:a4:f5:88
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

04/01/2008, 00:00

Not After

24/01/2011, 23:59

Subject

CN=combit Software GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=combit Software GmbH,ST=Baden-Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

cmls14

ord9
ord37
ord8
ord32
ord10
ord23
ord33

kernel32

RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
ExitProcess
TerminateProcess
RaiseException
HeapSize
GetEnvironmentVariableA
GetVersionExA
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
SetStdHandle
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
LockResource
LoadResource
FindResourceA
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
lstrlenA
LoadLibraryA
FreeLibrary
Sleep
GetShortPathNameA
GetModuleHandleA
GetModuleFileNameA
SizeofResource
GetLastError
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
lstrcpyA
lstrcatA
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentThread
FlushFileBuffers
SetFilePointer
WriteFile
GetProcessVersion
GlobalAddAtomA
GlobalFindAtomA
SetLastError
WritePrivateProfileStringA
GlobalFlags
GetVersion
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
lstrcmpA
GlobalReAlloc
TlsFree
GlobalHandle
GlobalFree
TlsAlloc
LocalFree
LocalAlloc
CloseHandle
GlobalDeleteAtom

user32

DestroyMenu
AdjustWindowRectEx
CopyRect
GetTopWindow
GetCapture
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
SetPropA
GetPropA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetDlgItem
DrawTextA
TabbedTextOutA
GetMenuItemCount
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetWindowRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
CallNextHookEx
DestroyWindow
IsWindow
ShowWindow
MoveWindow
WinHelpA
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
PostQuitMessage
EnableWindow
PostMessageA
GetSysColorBrush
GrayStringA
LoadIconA
SendMessageA
BeginPaint
IsDialogMessageA
LoadStringA
CreateDialogParamA
GetSysColor
DefWindowProcA
GetKeyState
PtInRect
UnionRect
SetWindowLongA
GetWindowLongA
CallWindowProcA
CreateWindowExA
CharNextA
GetDialogBaseUnits
ReleaseDC
GetDC
RegisterClassExA
wsprintfA
LoadCursorA
GetClassInfoExA
IsChild
GetFocus
SetFocus
GetParent
MapWindowPoints
GetDlgCtrlID
GetClientRect
EndPaint
InvalidateRect
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos

gdi32

CreateMetaFileA
DeleteDC
SetViewportOrgEx
SetMapMode
LPtoDP
CreateDCA
CreateBitmap
GetStockObject
SetBkColor
SetTextColor
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
ScaleWindowExtEx
GetClipBox
SaveDC
PtVisible
RectVisible
ExtTextOutA
Escape
GetObjectA
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
GetDeviceCaps
CreateFontIndirectA
SelectObject
GetTextMetricsA
GetTextExtentPointA
DeleteObject
Rectangle
SetTextAlign
TextOutA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
RegDeleteKeyA

comctl32

ord17

ole32

CreateOleAdviseHolder
OleSaveToStream
OleLoadFromStream
CoCreateInstance
CoTaskMemRealloc
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
CoTaskMemAlloc
CoTaskMemFree
WriteClassStm

olepro32

ord250
ord254

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantChangeType
SysAllocStringLen
SysStringLen
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
SysAllocStringByteLen
SysStringByteLen
LoadRegTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d351440018122236ccfc5218898079d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

08:49:f1:23:f8:f5:71:f2:63:8a:6f:c8:e1:a4:f5:88Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

cmls14

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

ole32

olepro32

oleaut32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 100KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 16KB - Virtual size: 29KB

.rsrc Size: 20KB - Virtual size: 18KB

.reloc Size: 20KB - Virtual size: 16KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

08:49:f1:23:f8:f5:71:f2:63:8a:6f:c8:e1:a4:f5:88
Certificate

.text
Size: 104KB - Virtual size: 100KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 20KB - Virtual size: 18KB

.reloc
Size: 20KB - Virtual size: 16KB