6938a5ed8332389a26826df2545d2210_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6938a5ed8332389a26826df2545d2210_JaffaCakes118
Size

31KB
MD5

6938a5ed8332389a26826df2545d2210
SHA1

28e18c8be22bfeb592f0543c0fbbce9aeb01654b
SHA256

8a7a2c403ff90761635d08d41dbe90fd673b4fcdfe9b819bdd26b901397cbdbb
SHA512

3d82e6b47024d0db810d5c11277f0195f35ddc8e51f3eef6b43b578bd249dcb6057b2d085d415113ac4515b035ab4bed3d345dfc9b7ffcaff1b47f7075f4b89a
SSDEEP

768:6Rz8jrjvAXgOxbdDgOlazpf/YT4CyX0Ql4QVObfgIKurj+ij:sz8kQwizl/UI/l4IefgImij

Score

1^/10

Malware Config

Signatures

Files

6938a5ed8332389a26826df2545d2210_JaffaCakes118
.cab
Notifier.dll
.dll regsvr32 windows:4 windows x86 arch:x86

f9a1b62be35488bc013c050f6fe9bd7d

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:29:23:61:30:8d:9a:b6:26:35:b4:dc:de:2a:7a:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13/12/2007, 00:00

Not After

12/12/2008, 23:59

Subject

CN=INTER CHINA NETWORK SOFTWARE (BEIJING) CO.\, LTD,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Security,O=INTER CHINA NETWORK SOFTWARE (BEIJING) CO.\, LTD,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
WaitForSingleObject
CloseHandle
Sleep
GetVersionExA
DisableThreadLibraryCalls
GetShortPathNameA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
lstrlenA

user32

LoadStringA
CopyRect
DrawTextA
SetWindowPos
SetRect
FillRect
GetSysColor
PeekMessageA
TranslateMessage
DispatchMessageA
SetForegroundWindow
DrawIcon
KillTimer
LoadIconA
InflateRect
GetClientRect
SystemParametersInfoA
IsWindow
CreateWindowExA
wsprintfA
UnregisterClassA
RegisterClassA
PostMessageA
DialogBoxParamA
GetDesktopWindow
ShowWindow
DrawEdge
RegisterClassExA
UpdateWindow
EndDialog
BeginPaint
EndPaint
GetDlgItem
IsDlgButtonChecked
SetTimer
GetWindowLongA
SetWindowLongA
DestroyWindow
PtInRect
SetCapture
LoadCursorA
SetCursor
ReleaseCapture
DefWindowProcA
GetWindowRect
ScreenToClient
GetDC
GetWindowTextA
GetTabbedTextExtentA
ReleaseDC
LoadBitmapA
GetMessageA
SendMessageA

gdi32

CreatePen
SetBkMode
SetTextColor
CreateFontIndirectA
SelectObject
Rectangle
GetStockObject
CreateFontA
StretchBlt
GetObjectA
MoveToEx
LineTo
GetDeviceCaps
CreateSolidBrush
CreateCompatibleDC
DeleteObject

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA

shell32

Shell_NotifyIconA

ole32

CoCreateInstance
CoUninitialize
StringFromIID
CoGetMalloc
CoInitialize

oleaut32

SysAllocString
SysFreeString
LoadTypeLi
RegisterTypeLi

shlwapi

SHDeleteKeyA

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
malloc
free
_beginthreadex
strstr
_mbsstr
strcpy
sscanf
_ftol
abs
_except_handler3
_mbsicmp
??2@YAPAXI@Z
strlen
strncpy
memset
??3@YAXPAX@Z
memcmp
_snprintf

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.YahooNT
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9a1b62be35488bc013c050f6fe9bd7d

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

2a:29:23:61:30:8d:9a:b6:26:35:b4:dc:de:2a:7a:3eCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcrt

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 5KB

.YahooNT Size: 4KB - Virtual size: 4B

.rsrc Size: 56KB - Virtual size: 55KB

.reloc Size: 4KB - Virtual size: 2KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

2a:29:23:61:30:8d:9a:b6:26:35:b4:dc:de:2a:7a:3e
Certificate

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 5KB

.YahooNT
Size: 4KB - Virtual size: 4B

.rsrc
Size: 56KB - Virtual size: 55KB

.reloc
Size: 4KB - Virtual size: 2KB