703a918b2d65fdbf712bc847d1ed91f9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

703a918b2d65fdbf712bc847d1ed91f9_JaffaCakes118
Size

1.4MB
MD5

703a918b2d65fdbf712bc847d1ed91f9
SHA1

c4fc98b9fa86dadd6930fe63dfc2451771e10ce8
SHA256

13c93d01e3cfb5116d7eaf1e70d87f6a56d36b01a84461d8c82cc43bed033a4f
SHA512

e2c308b7b52f99822526153796951adcfbe6ec791a96f5f0b1cfee7050b3b6fd87df46193c193f200e036f3f00611084f079391981e59b4a610458b5a3f47859
SSDEEP

24576:hUUWdhlj/6yY+2a6cIPs6imhvqiXUkkkkkkkkkkkkkkUkkkkkkkkkkkkkkkkkkko:hOGyLubkaZT2Z1o

Score

1^/10

Malware Config

Signatures

Files

703a918b2d65fdbf712bc847d1ed91f9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

968045f9102c233d5720f90731f64629

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:e5:15:41:2e:c8:f5:d9:c5:e5:5c:1e:25:f6:7a:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

03-09-2009 00:00

Not After

24-09-2012 23:59

Subject

CN=Acronis\, Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarter,O=Acronis\, Inc,L=South San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c4:b9:63:c6:4a:81:75:e1:97:68:33:59:90:fd:21:99:9a:83:81:58
Signer

Actual PE Digest

c4:b9:63:c6:4a:81:75:e1:97:68:33:59:90:fd:21:99:9a:83:81:58

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\bs_hudson\workspace\ABR10u3_redhat_kvm\12708\exe\vs\release\english\reminst_msi_dll.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExA
RegSetValueExW
RegCreateKeyExW
RegQueryInfoKeyA
RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
GetUserNameW
RegCreateKeyExA
RegEnumKeyExA
RegEnumValueA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
GetUserNameA
SetFileSecurityW
GetSecurityDescriptorOwner
GetFileSecurityW
SetThreadToken
RevertToSelf
OpenThreadToken
ImpersonateLoggedOnUser
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid

kernel32

SetCurrentDirectoryW
GetLogicalDriveStringsW
GetDriveTypeW
GetSystemDirectoryW
GetWindowsDirectoryW
GetShortPathNameW
CreateDirectoryW
RemoveDirectoryW
GetFileAttributesW
SetFileAttributesW
CopyFileW
MoveFileW
MoveFileExW
GetFullPathNameW
OutputDebugStringW
ExpandEnvironmentStringsW
LoadLibraryExW
CreateProcessW
GetStartupInfoW
GetComputerNameW
SetComputerNameW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
WriteConsoleW
GetEnvironmentVariableW
SetEnvironmentVariableW
WriteConsoleA
WideCharToMultiByte
GetConsoleOutputCP
FindNextFileA
FindFirstFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateFileA
LocalAlloc
GetTempPathA
GetTempFileNameA
GetLogicalDriveStringsA
GetDriveTypeA
GetSystemDirectoryA
GetWindowsDirectoryA
GetShortPathNameA
CreateDirectoryA
RemoveDirectoryA
GetFileAttributesA
SetFileAttributesA
DeleteFileA
CopyFileA
MoveFileA
GetFullPathNameA
OutputDebugStringA
ExpandEnvironmentStringsA
LoadLibraryA
LoadLibraryExA
CreateProcessA
GetStartupInfoA
GetModuleFileNameA
GetComputerNameA
SetComputerNameA
GetLocaleInfoA
GetTimeFormatA
GetDateFormatA
GetNumberFormatA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetModuleHandleA
InterlockedIncrement
InterlockedDecrement
GetSystemTimeAsFileTime
GetThreadLocale
GetACP
GetTimeZoneInformation
FileTimeToSystemTime
FindClose
GetLogicalDrives
SetFileApisToANSI
SetErrorMode
EnterCriticalSection
SetEvent
GetCurrentThreadId
WaitForSingleObject
WaitForMultipleObjects
CreateEventA
FindCloseChangeNotification
FindNextChangeNotification
ReadFile
GetCurrentDirectoryW
SetFilePointer
SetEndOfFile
LockFileEx
UnlockFileEx
SetProcessWorkingSetSize
GetProcessWorkingSetSize
GetCurrentProcess
DeviceIoControl
SetFileTime
SetLastError
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
CompareStringW
FindFirstChangeNotificationW
GetVolumeInformationW
GetDiskFreeSpaceW
GetCompressedFileSizeW
GetFileInformationByHandle
CompareStringA
FindFirstChangeNotificationA
GetDiskFreeSpaceA
GetVolumeInformationA
WritePrivateProfileStringA
EnumResourceLanguagesW
LockResource
LoadResource
FindResourceExW
ExitThread
GetCurrentThread
GetSystemDefaultLangID
EnumResourceNamesW
BackupRead
BackupSeek
BackupWrite
GetFileTime
SystemTimeToFileTime
GetSystemTime
GetLocalTime
GetUserDefaultLangID
GetStdHandle
VirtualAlloc
VirtualFree
GetLastError
GetVersionExA
GetVersion
TerminateThread
GetThreadPriority
GetProcAddress
SetThreadPriority
ReleaseSemaphore
CreateSemaphoreA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
HeapCreate
HeapDestroy
ExitProcess
HeapSize
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
CreateThread
HeapReAlloc
GetProcessHeap
HeapAlloc
GetCommandLineA
HeapFree
RaiseException
FindFirstFileW
FindNextFileW
GetModuleFileNameW
GetSystemInfo
FlushFileBuffers
LeaveCriticalSection
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
Sleep
InterlockedExchange
InterlockedCompareExchange
DeleteCriticalSection
InitializeCriticalSection
FormatMessageA
MultiByteToWideChar
FormatMessageW
LocalFree
GetTempPathW
FreeLibrary
DeleteFileW
CloseHandle
WriteFile
LoadLibraryW
GetTempFileNameW
CreateFileW
ResetEvent

user32

VkKeyScanW
VkKeyScanExW
WinHelpW
DefWindowProcA
GetWindowLongA
SetWindowLongA
SendMessageA
SendNotifyMessageA
PostMessageA
CreateDialogIndirectParamA
PeekMessageA
DispatchMessageA
RegisterClassExA
RegisterClipboardFormatA
SystemParametersInfoW
ModifyMenuA
SetWindowTextA
SystemParametersInfoA
GetClipboardFormatNameA
WinHelpA
VkKeyScanA
VkKeyScanExA
CharUpperBuffW
CharUpperBuffA
TranslateMessage
GetMessageA
CreateWindowExA
IsCharAlphaNumericW
IsCharAlphaW
SetWindowTextW
ModifyMenuW
AppendMenuW
GetClipboardFormatNameW
RegisterClipboardFormatW
DispatchMessageW
PeekMessageW
CreateDialogIndirectParamW
SendNotifyMessageW
SendMessageW
SetWindowLongW
wsprintfW
PostMessageW
GetWindowLongW
DefWindowProcW
RegisterClassExW
AppendMenuA

gdi32

CreateFontIndirectA
GetTextMetricsA
EnumFontFamiliesExW
GetTextMetricsW
CreateFontIndirectW
EnumFontFamiliesExA

shell32

Shell_NotifyIconA
ShellExecuteExW
ShellExecuteW
SHGetPathFromIDListA
ShellExecuteA
ShellExecuteExA
SHGetDesktopFolder
SHGetMalloc
SHGetFileInfoA

comdlg32

GetOpenFileNameA
GetSaveFileNameW
GetOpenFileNameW
GetSaveFileNameA

mpr

WNetAddConnection3A
WNetGetUniversalNameA
WNetGetUniversalNameW
WNetAddConnection3W
WNetOpenEnumW
WNetCloseEnum
WNetCancelConnection2W
WNetEnumResourceW

ole32

OleInitialize
CoInitialize
CoUninitialize
OleUninitialize
CoCreateInstance

oleaut32

VariantChangeType
VariantInit
VariantClear

rpcrt4

RpcStringFreeA
UuidToStringA

version

GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoSizeW

msi

ord32
ord158
ord160
ord115
ord118
ord123
ord121
ord159
ord92
ord45
ord49
ord48
ord171
ord17
ord125
ord103
ord64
ord74
ord145
ord141
ord113
ord70
ord78
ord150
ord8
ord20

Exports

Exports

ReminstInstall
ReminstPrepn
ReminstRollback
ReminstUninstall

Sections

.text
Size: 836KB - Virtual size: 833KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 448KB - Virtual size: 446KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

968045f9102c233d5720f90731f64629

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

21:e5:15:41:2e:c8:f5:d9:c5:e5:5c:1e:25:f6:7a:3eCertificate

Extended Key Usages

Key Usages

c4:b9:63:c6:4a:81:75:e1:97:68:33:59:90:fd:21:99:9a:83:81:58Signer

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

gdi32

shell32

comdlg32

mpr

ole32

oleaut32

rpcrt4

version

msi

Exports

Exports

Sections

.text Size: 836KB - Virtual size: 833KB

.rdata Size: 448KB - Virtual size: 446KB

.data Size: 36KB - Virtual size: 52KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 80KB - Virtual size: 77KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

21:e5:15:41:2e:c8:f5:d9:c5:e5:5c:1e:25:f6:7a:3e
Certificate

c4:b9:63:c6:4a:81:75:e1:97:68:33:59:90:fd:21:99:9a:83:81:58
Signer

.text
Size: 836KB - Virtual size: 833KB

.rdata
Size: 448KB - Virtual size: 446KB

.data
Size: 36KB - Virtual size: 52KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 80KB - Virtual size: 77KB