669a3d5ce81745bcba0dc6373043e7bb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

669a3d5ce81745bcba0dc6373043e7bb_JaffaCakes118
Size

145KB
MD5

669a3d5ce81745bcba0dc6373043e7bb
SHA1

8c112cc86daa94205e7e92904d9a4946aa65f191
SHA256

02c3f6d5a790e77718b473d102e24042a0ebf1d1595b64b877afbf50f5bd15d6
SHA512

07afa7d350cecc30e1ca49d84e0af990bffdaf09174d3039036fcc183c3490a06d883c4c6c0dbad541b3f62181d4739048b4c1f19e75b30ccd16d2e8874d7fd7
SSDEEP

3072:GKgl0dQXWZxbpm8GyyDq4FsrWV96st73oH:GKVM4Dm3/DqWsqV9nkH

Score

1^/10

Malware Config

Signatures

Files

669a3d5ce81745bcba0dc6373043e7bb_JaffaCakes118
.dll windows:4 windows x86 arch:x86

28f3f844794b45e1096fa39bf4d6ff18

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:af:04:f9:9f:f4:24:c8:d6:6f:f4:fd:c4:a5:df:4b
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

29/06/2011, 00:00

Not After

28/06/2012, 23:59

Subject

CN=winsys,O=winsys,L=Gangnam-gu\ ,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:49:71:96:c5:60:4a:c4:67:2f:12:ea:59:63:60:0b:c4:46:b5:4d
Signer

Actual PE Digest

1b:49:71:96:c5:60:4a:c4:67:2f:12:ea:59:63:60:0b:c4:46:b5:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateDirectoryA
DeleteFileA
MoveFileA
RemoveDirectoryA
SetFileAttributesA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetTempPathA
GlobalMemoryStatus
GetComputerNameA
GetSystemInfo
GetProcAddress
GetVersionExA
GetModuleFileNameA
ProcessIdToSessionId
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
InterlockedExchange
ReleaseMutex
CreateThread
CreateMutexA
GetPrivateProfileStringA
WritePrivateProfileStringA
LoadLibraryA
GetPrivateProfileIntA
GetCurrentProcess
ResumeThread
CreateEventA
SetEvent
Module32Next
Module32First
OpenProcess
DeviceIoControl
GetDriveTypeA
GlobalLock
FindClose
GlobalAlloc
lstrcmpiA
FlushFileBuffers
SetStdHandle
LCMapStringW
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
IsBadWritePtr
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
RaiseException
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetDiskFreeSpaceExA
SetFilePointer
VirtualAlloc
VirtualFree
GetFileSize
GetFileAttributesA
FindFirstFileA
GlobalUnlock
FindNextFileA
GetFileTime
SetFileTime
CreateFileA
GlobalFree
GetLastError
WaitForMultipleObjects
PeekNamedPipe
LocalAlloc
ReadFile
LocalFree
WriteFile
TerminateThread
TerminateProcess
WaitForSingleObject
DisconnectNamedPipe
CreatePipe
GetStartupInfoA
GetSystemDirectoryA
CreateProcessA
GetModuleHandleA
VirtualProtect
Sleep
CreateToolhelp32Snapshot
Process32First
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
Process32Next
GlobalSize
CloseHandle
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
UnhandledExceptionFilter
HeapSize
HeapReAlloc
ExitProcess
TlsGetValue
RtlUnwind
TlsSetValue
ExitThread
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
TlsAlloc
TlsFree
SetLastError

user32

SetClipboardData
wsprintfA
GetSystemMetrics
CloseDesktop
SetThreadDesktop
CloseWindowStation
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA
GetThreadDesktop
GetProcessWindowStation
GetForegroundWindow
GetAsyncKeyState
GetWindowTextA
PostMessageA
GetUserObjectInformationA
ExitWindowsEx
ReleaseDC
GetCursorPos
GetDesktopWindow
GetDC
SetRect
EmptyClipboard
OpenInputDesktop
OpenClipboard
GetClipboardData
CloseClipboard
SetCursorPos
WindowFromPoint
SetCapture
MapVirtualKeyA
keybd_event
mouse_event
GetKeyState

gdi32

GetDIBits
DeleteDC
DeleteObject
BitBlt
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateCompatibleBitmap

advapi32

InitializeSecurityDescriptor
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
RegFlushKey
OpenProcessToken
LookupPrivilegeValueA
DuplicateTokenEx
SetTokenInformation
AdjustTokenPrivileges
CreateProcessAsUserA
QueryServiceStatus
SetSecurityDescriptorDacl
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
ControlService
DeleteService
OpenSCManagerA
CloseServiceHandle
OpenServiceA

ws2_32

getsockname
inet_addr
inet_ntoa

dnsapi

DnsRecordListFree
DnsQuery_A

wininet

InternetOpenA
InternetReadFile
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetCloseHandle
InternetConnectA

userenv

CreateEnvironmentBlock

Exports

Exports

GetDebugInfo
SetDebugInfo

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28f3f844794b45e1096fa39bf4d6ff18

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

3b:af:04:f9:9f:f4:24:c8:d6:6f:f4:fd:c4:a5:df:4bCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

1b:49:71:96:c5:60:4a:c4:67:2f:12:ea:59:63:60:0b:c4:46:b5:4dSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ws2_32

dnsapi

wininet

userenv

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 92KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

3b:af:04:f9:9f:f4:24:c8:d6:6f:f4:fd:c4:a5:df:4b
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

1b:49:71:96:c5:60:4a:c4:67:2f:12:ea:59:63:60:0b:c4:46:b5:4d
Signer

.text
Size: 96KB - Virtual size: 92KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB