64244c379a417ab1310f6c3cf87c3a2d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

64244c379a417ab1310f6c3cf87c3a2d_JaffaCakes118
Size

270KB
MD5

64244c379a417ab1310f6c3cf87c3a2d
SHA1

60adf8c9765275bd3ce018bc0577c497862a800f
SHA256

60f751ff2ac95a455f1d6b6f66be737114391c1e4fe48042649f0de53716e203
SHA512

aef9bc769ee6098773b897d36f60d981cf8d40c170e8aa9d0d1a371155d121316807e488f7bc01f5c54658bb225442f6d19f923c1aad65203e52700f5ff7c17f
SSDEEP

6144:d1xmrdvhzjVnhzAyAzYZakIhHTE1Pun1kS:PwXVn6yAzYZak8Tn1kS

Score

1^/10

Malware Config

Signatures

Files

64244c379a417ab1310f6c3cf87c3a2d_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

726536557b42ef9549d5168a35b6036b

Code Sign

f4:18:66:b8:e5:e7:fc:49:a2:3b:f8:30:60:14:c3:c4
Certificate

Issuer

CN=Samsung,O=Samsung,C=KR,1.2.840.113549.1.9.1=#0c10737570704073616d73756e672e636f6d

Not Before

17-01-2011 00:00

Not After

16-01-2012 23:59

Subject

CN=Samsung,O=Samsung,C=KR,1.2.840.113549.1.9.1=#0c10737570704073616d73756e672e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
CreateFileW
WriteFile
GetModuleFileNameA
VirtualQuery
FlushFileBuffers
FreeLibrary
LoadLibraryExW
GetModuleHandleW
MapViewOfFile
CreateFileMappingW
CreateDirectoryW
GetFileAttributesW
GetSystemDirectoryW
GetCurrentProcessId
DeleteFileA
GetProcAddress
LoadLibraryW
GetTempPathA
GetTempFileNameW
lstrcpyA
lstrlenA
OpenMutexW
GetFileAttributesA
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileInformationByHandle
CreateFileA
InterlockedExchangeAdd
DuplicateHandle
GetCurrentProcess
OpenProcess
CloseHandle
FindResourceW
GlobalLock
Sleep
CreateMutexW
SetFilePointer
ReadFile
FindClose
FindNextFileW
FindFirstFileW
InterlockedExchange
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStartupInfoA
SetHandleCount
GetFileType
LCMapStringW
LCMapStringA
GetOEMCP
GetCPInfo
GetStdHandle
HeapCreate
VirtualFree
ExitProcess
GetLastError
WideCharToMultiByte
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
GetVersionExW
MultiByteToWideChar
lstrcmpW
FindResourceExW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
GlobalUnlock
SetLastError
TlsFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
TlsSetValue
TlsAlloc
TlsGetValue
GetCommandLineA
GetCurrentThreadId
GetSystemInfo
GetModuleHandleA
VirtualAlloc
VirtualProtect
GetSystemTimeAsFileTime
GetConsoleMode
GetConsoleCP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW

user32

PtInRect
GetKeyboardLayout
OpenClipboard
GetClipboardData
CloseClipboard
SendMessageW
RegisterWindowMessageW
CallWindowProcW
GetTopWindow
GetWindow
FindWindowExW
UnhookWindowsHookEx
EnumWindows
GetWindowLongW
GetWindowThreadProcessId
GetClassNameW
GetParent
SetWindowLongW
SetTimer
KillTimer
CharNextW
UnregisterClassA

gdi32

DeleteObject
GetDIBColorTable
GetObjectW
StretchBlt
SelectObject
DeleteDC
CreateCompatibleDC
CreateDIBSection

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

SHGetSpecialFolderPathW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

oleaut32

SysStringLen
SysAllocString
DispCallFunc
VariantChangeType
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SafeArrayDestroy
SysStringByteLen
SysAllocStringByteLen
SysReAllocStringLen
SafeArrayUnlock
SafeArrayLock
VariantCopy
VariantClear
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VarBstrCmp
SysAllocStringLen
VarBstrCat
SysFreeString
SafeArrayGetVartype

shlwapi

PathFindExtensionW

gdiplus

GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage
GdipAlloc
GdipFree

msimg32

TransparentBlt
AlphaBlend

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

726536557b42ef9549d5168a35b6036b

Code Sign

f4:18:66:b8:e5:e7:fc:49:a2:3b:f8:30:60:14:c3:c4Certificate

Extended Key Usages

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

msimg32

Exports

Exports

Sections

.text Size: 196KB - Virtual size: 193KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 16KB - Virtual size: 13KB

f4:18:66:b8:e5:e7:fc:49:a2:3b:f8:30:60:14:c3:c4
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

.text
Size: 196KB - Virtual size: 193KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 16KB - Virtual size: 13KB