62d1f76f3c6fd329dd92d6ca51ce18da_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

62d1f76f3c6fd329dd92d6ca51ce18da_JaffaCakes118
Size

313KB
MD5

62d1f76f3c6fd329dd92d6ca51ce18da
SHA1

359d9876a8f7e112e2228cb02246c77b04da2386
SHA256

29754f9f313a94af904ed40fc40dd507f8502f14007d163586337b6ad33d258f
SHA512

0c6db9322b3c651d1635c6060317c4f4fa849f02891a405e481cf3bf723bf5c272cd88fc7cdade49c055ed3d8bbd7fa96fd652eb1479e367b679eadf61d933c3
SSDEEP

3072:eC3J18ATtTfx8APQS2wOTMOP805TlUBkuLL3jrIsKa1fY4APXecO8U8YCi5PVzAG:zOE05TlUBLjcx7vCrxifN89p

Score

1^/10

Malware Config

Signatures

Files

62d1f76f3c6fd329dd92d6ca51ce18da_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

e25b72e58d27b962e3a586a8683c874a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:0d:05:62:da:54:3c:71:1b:ff:b9:03:17:90:10:27
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

07-08-2007 00:00

Not After

03-10-2010 23:59

Subject

CN=Seekmo,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Seekmo,O=Seekmo,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

50:06:50:76:82:84:a2:38:53:0d:4d:01:cf:39:e4:ff:89:e6:d0:70
Signer

Actual PE Digest

50:06:50:76:82:84:a2:38:53:0d:4d:01:cf:39:e4:ff:89:e6:d0:70

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\090515_141058_build_BECKS\Client_Build_BECKS_10.3.84.0\compile\source_sa\Bin\Seekmo_Release\SeekmoSAAX.pdb

Imports

advapi32

RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
OpenProcessToken
OpenThreadToken
CopySid
GetLengthSid
IsValidSid
GetTokenInformation
ConvertSidToStringSidA
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptDeriveKey
CryptDestroyKey
CryptDecrypt
CryptHashData
LookupAccountNameA
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegQueryValueExA
CryptAcquireContextA

kernel32

InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GetTickCount
SystemTimeToTzSpecificLocalTime
IsBadWritePtr
IsBadReadPtr
OutputDebugStringA
SetThreadLocale
GetThreadLocale
GlobalAddAtomA
GetCurrentProcess
GetCurrentThread
CloseHandle
LocalFree
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeFormatA
GetDateFormatA
SetLastError
GetSystemTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
ReleaseMutex
SetEvent
WaitForSingleObject
OpenEventA
OpenMutexA
ReadFile
CreateFileA
GetProcAddress
LoadLibraryA
DeleteFileA
WriteFile
GetVersionExA
LocalAlloc
RemoveDirectoryA
SetFileAttributesA
GetFileAttributesA
GetFileSize
GetTempPathA
GetTempFileNameA
GetPrivateProfileStringA
OpenFile
GetShortPathNameA
SetFilePointer
GetComputerNameA
GetDriveTypeA
GetVolumeInformationA
SetErrorMode
lstrcpyA
GetComputerNameExA
GetSystemDirectoryA
GetOEMCP
GetACP
GetUserDefaultLangID
GetSystemDefaultLangID
DosDateTimeToFileTime
GetProcessHeap
HeapFree
HeapAlloc
CopyFileA
GetCurrentThreadId
ResumeThread
CreateThread
FormatMessageA
lstrcmpA
GetSystemTimeAsFileTime
GetTimeZoneInformation
LoadLibraryW
LCMapStringW
LCMapStringA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
Sleep
GetStringTypeW
GetStringTypeA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
CreateMutexA
FlushFileBuffers
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStdHandle
ExitProcess
HeapCreate
VirtualFree
GetCommandLineA
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapSize
HeapReAlloc
SetStdHandle
IsDBCSLeadByte
CompareStringW
CompareStringA
GetVersion
lstrcmpiA
lstrlenA
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
GetConsoleMode
GetConsoleCP
HeapDestroy
GetLocaleInfoA

user32

EnumChildWindows
GetClassNameA
RegisterWindowMessageA
SendMessageA
FindWindowA
PostMessageA
GetDesktopWindow
CharNextA
UnregisterClassA

shell32

ShellExecuteExA

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
IIDFromString

oleaut32

VarUI4FromStr
SysStringLen
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SystemTimeToVariantTime
VariantTimeToSystemTime
RegisterTypeLi
UnRegisterTypeLi
SysAllocString
LoadTypeLi
LoadRegTypeLi
SysAllocStringLen

userenv

UnloadUserProfile

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

rpcrt4

UuidCreate

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e25b72e58d27b962e3a586a8683c874a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

32:0d:05:62:da:54:3c:71:1b:ff:b9:03:17:90:10:27Certificate

Extended Key Usages

Key Usages

50:06:50:76:82:84:a2:38:53:0d:4d:01:cf:39:e4:ff:89:e6:d0:70Signer

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

shell32

ole32

oleaut32

userenv

version

rpcrt4

Exports

Exports

Sections

.text Size: 196KB - Virtual size: 195KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 20KB - Virtual size: 30KB

.rsrc Size: 12KB - Virtual size: 9KB

.reloc Size: 24KB - Virtual size: 20KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

32:0d:05:62:da:54:3c:71:1b:ff:b9:03:17:90:10:27
Certificate

50:06:50:76:82:84:a2:38:53:0d:4d:01:cf:39:e4:ff:89:e6:d0:70
Signer

.text
Size: 196KB - Virtual size: 195KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 20KB - Virtual size: 30KB

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 24KB - Virtual size: 20KB