5bc974386392796e23301bf264934e50_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5bc974386392796e23301bf264934e50_JaffaCakes118
Size

201KB
MD5

5bc974386392796e23301bf264934e50
SHA1

a3755015f4c217c504b6c35fb7a65fd38a229afb
SHA256

babf481550d70a5a2d2429a8c50c5ecf6c3b06d949475511e67ec2919c04e9b6
SHA512

4ca04634c287f68db785788cb1595392072c9caa8786be96b5c277cc8ddd3c7fabab3b724729a7f0fb0121e49b64c10d48426aebe632c0ff7046c2e6f362f754
SSDEEP

1536:sMEuBk6kdIqR7zWXKTcdmpmTCYkVlliTkBZKbB7zeOmJP:91kbIqJa20CYkVlliTkBZKbpz0P

Score

1^/10

Malware Config

Signatures

Files

5bc974386392796e23301bf264934e50_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

f08df4cbba40f9f32f0e604a785d3f95

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:c3:24:87:f0:bc:03:c8:f4:97:ba:e8:01:3d:0f:f1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

25/09/2008, 00:00

Not After

24/09/2009, 23:59

Subject

CN=WithWeb Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=WithWeb Co.Ltd,L=Haeundae-gu,ST=Busan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
lstrcpynW
HeapDestroy
GetProcAddress
LoadLibraryW
lstrcpyW
lstrcatW
WriteFile
VirtualQuery
CreateThread
WideCharToMultiByte
GetSystemTime
LoadLibraryExW
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
FindResourceW
LoadResource
SizeofResource
lstrlenA
FreeLibrary
MultiByteToWideChar
GetModuleHandleW
GetShortPathNameW
lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
DisableThreadLibraryCalls
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
RtlUnwind
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetVersion
ExitProcess
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA

user32

SetTimer
GetMessageW
DispatchMessageW
CharNextW
MoveWindow
GetWindowRect
FindWindowExW
CreateWindowExW
RegisterClassW
SetLayeredWindowAttributes
DefWindowProcW
GetCursorPos
ScreenToClient
KillTimer
BeginPaint
LoadBitmapW
EndPaint
PostQuitMessage
LoadCursorW
LoadIconW

gdi32

SelectObject
BitBlt
DeleteObject
DeleteDC
GetStockObject
CreateCompatibleDC

advapi32

RegQueryValueExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyW

shell32

ShellExecuteW

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

LoadTypeLi
VarUI4FromStr
SysFreeString
SysAllocString
LoadRegTypeLi
RegisterTypeLi
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f08df4cbba40f9f32f0e604a785d3f95

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

05:c3:24:87:f0:bc:03:c8:f4:97:ba:e8:01:3d:0f:f1Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 56KB - Virtual size: 94KB

.rsrc Size: 84KB - Virtual size: 82KB

.reloc Size: 8KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

05:c3:24:87:f0:bc:03:c8:f4:97:ba:e8:01:3d:0f:f1
Certificate

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 56KB - Virtual size: 94KB

.rsrc
Size: 84KB - Virtual size: 82KB

.reloc
Size: 8KB - Virtual size: 4KB