72f2fa15728882f9b6d78607c2debc33_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

72f2fa15728882f9b6d78607c2debc33_JaffaCakes118
Size

199KB
MD5

72f2fa15728882f9b6d78607c2debc33
SHA1

f3bc08f62270bf05828d09300c58f4ec272a5263
SHA256

aadbaa79f8a033ed2f3298d040d65b119c6c52fd17d767f4366d1997492512f2
SHA512

1e625e0c91fa30c2d01b90acd474f61578f922d0bb59428fe2c333d9e0678ddbc52eeb36a6e08d1b57233c1ca9f56ac78fee807bdf7353d5530b7d1697364d56
SSDEEP

3072:imqXcu3J/7sqQH/9PY7mXC8BoXfw6QXCdCF/5BKUyokjtTaoR+a:ilXcu3J/7sqQiaXC8mXI60Cd8TKUyN7

Score

1^/10

Malware Config

Signatures

Files

72f2fa15728882f9b6d78607c2debc33_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f88137e555c10be415ddace8489cef7d

Code Sign

04:68:e1:d3:69:fe:2a:5f:2a:a4:8e:ac:33:61:5a:0b
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/05/2011, 00:00

Not After

05/06/2012, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:82:bc:f9:e3:84:d8:8d:a3:69:2e:a7:91:93:5f:53
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/09/2011, 00:00

Not After

17/09/2014, 12:00

Subject

CN=Mediaparts Interactive S.A.,O=Mediaparts Interactive S.A.,L=Panama,ST=5,C=PA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:04:df:21:74:5d:4d:2b:8c:ea:33:72:05:00:50:e9
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:cd:35:58:ed:4b:70:4e:b7:a3:b8:63:b4:ea:5e:a0:64:92:65:fb
Signer

Actual PE Digest

5d:cd:35:58:ed:4b:70:4e:b7:a3:b8:63:b4:ea:5e:a0:64:92:65:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualQuery
GetSystemInfo
TlsSetValue
TlsAlloc
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
GetTickCount
TlsFree
lstrcmpiA
lstrlenA
TlsGetValue
HeapDestroy
HeapCreate
LockResource
LoadResource
FindResourceA
LoadLibraryExA
SizeofResource
MulDiv
lstrcpyW
lstrcpyA
IsBadWritePtr
GetUserDefaultLCID
GetSystemDefaultLCID
GetThreadLocale
lstrcmpA
HeapFree
HeapAlloc
VirtualAlloc
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapReAlloc
GetOEMCP
GetACP
GetCPInfo
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TerminateProcess
ExitProcess
RtlUnwind
GetVersion
GetCommandLineA
VirtualProtect
GetCurrentProcess
FlushInstructionCache
VirtualFree
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
GetModuleHandleA
lstrlenW
GetCurrentDirectoryA
CreateFileA
CreateEventA
FreeLibrary
LoadLibraryA
GetCurrentThreadId
GetProcAddress

user32

UnhookWindowsHookEx
SetWindowsHookExA
GetCursorPos
ScreenToClient
PostMessageA
DestroyAcceleratorTable
GetFocus
IsChild
GetWindow
SetFocus
CallNextHookEx
EndPaint
GetUpdateRect
GetWindowRect
wsprintfA
SendMessageA
RegisterWindowMessageA
SetTimer
KillTimer
RegisterClassExA
UnregisterClassA
SetWindowLongA
CallWindowProcA
BeginPaint
InvalidateRgn
FillRect
ReleaseCapture
CreateAcceleratorTableA
InvalidateRect
UpdateWindow
GetDC
GetClientRect
DrawTextA
ReleaseDC
GetWindowLongA
CreateWindowExA
RedrawWindow
GetParent
IsWindowUnicode
DefWindowProcA
LoadMenuIndirectA
LookupIconIdFromDirectory
CreateIconFromResource
SetCapture

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetRgnBox
SelectObject
CreateRectRgnIndirect
CreateDIBSection
CreateSolidBrush
DeleteObject
CreateDCA
SelectClipRgn
DeleteDC
GetDeviceCaps

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

ole32

CoCreateInstance
CoUninitialize
CoCreateGuid
CoInitialize
CreateStreamOnHGlobal
OleLockRunning

oleaut32

SysAllocString
SysFreeString
SysStringLen

Exports

Exports

FPCCallFunctionA
FPCCallFunctionBSTR
FPCCallFunctionW
FPCGetAudioEnabled
FPCIsFlashInstalled
FPCIsTransparentAvailable
FPCLoadMovieFromMemory
FPCLoadMovieFromResourceA
FPCLoadMovieFromResourceW
FPCLoadMovieFromStream
FPCLoadMovieUsingStream
FPCPutMovieFromMemory
FPCPutMovieFromResourceA
FPCPutMovieFromResourceW
FPCPutMovieFromStream
FPCPutMovieUsingStream
FPCSetAudioEnabled
FPCSetEventListener
FPCSetGlobalOnLoadExternalResourceHandler
FPCSetReturnValueA
FPCSetReturnValueW
FPC_AddGetBindInfoHandler
FPC_AddOnLoadExternalResourceHandlerA
FPC_AddOnLoadExternalResourceHandlerW
FPC_Back
FPC_CallWndProc
FPC_CanUnloadNow
FPC_CreateWindowA
FPC_CreateWindowW
FPC_CurrentFrame
FPC_EnableFullScreen
FPC_EnableSound
FPC_FlashVersion
FPC_Forward
FPC_FrameLoaded
FPC_GetAlignMode
FPC_GetAllowScriptAccessA
FPC_GetAllowScriptAccessW
FPC_GetAudioVolume
FPC_GetAxHWND
FPC_GetBGColorA
FPC_GetBGColorW
FPC_GetBackgroundColor
FPC_GetBaseA
FPC_GetBaseW
FPC_GetCapture
FPC_GetClassAtomA
FPC_GetClassAtomW
FPC_GetClassNameA
FPC_GetClassNameW
FPC_GetDeviceFont
FPC_GetEmbedMovie
FPC_GetFlashVarsA
FPC_GetFlashVarsW
FPC_GetFocus
FPC_GetFrameNum
FPC_GetGlobalOption
FPC_GetHFPC
FPC_GetImportTableEntry
FPC_GetLoop
FPC_GetMenu
FPC_GetMovieA
FPC_GetMovieDataA
FPC_GetMovieDataW
FPC_GetMovieW
FPC_GetOption
FPC_GetPlaying
FPC_GetQuality
FPC_GetQuality2A
FPC_GetQuality2W
FPC_GetReadyState
FPC_GetSAlignA
FPC_GetSAlignW
FPC_GetSWRemoteA
FPC_GetSWRemoteW
FPC_GetScaleA
FPC_GetScaleMode
FPC_GetScaleW
FPC_GetSoundVolume
FPC_GetStackingA
FPC_GetStackingW
FPC_GetStandardMenu
FPC_GetTotalFrames
FPC_GetVariableA
FPC_GetVariableW
FPC_GetVersion
FPC_GetWModeA
FPC_GetWModeW
FPC_GotoFrame
FPC_IStream_AddRef
FPC_IStream_Release
FPC_IStream_SetSize
FPC_IStream_Write
FPC_Internal_GetFlashOCXHandle
FPC_Internal_HookFunc
FPC_IsFullScreenEnabled
FPC_IsPlaying
FPC_IsSoundEnabled
FPC_LoadMovieA
FPC_LoadMovieW
FPC_LoadOCXCodeFromMemory
FPC_LoadRegisteredOCX
FPC_PaintTo
FPC_Pan
FPC_PercentLoaded
FPC_Play
FPC_PutAlignMode
FPC_PutAllowScriptAccessA
FPC_PutAllowScriptAccessW
FPC_PutAudioVolume
FPC_PutBGColorA
FPC_PutBGColorW
FPC_PutBackgroundColor
FPC_PutBaseA
FPC_PutBaseW
FPC_PutDeviceFont
FPC_PutEmbedMovie
FPC_PutFlashVarsA
FPC_PutFlashVarsW
FPC_PutFrameNum
FPC_PutLoop
FPC_PutMenu
FPC_PutMovieA
FPC_PutMovieDataA
FPC_PutMovieDataW
FPC_PutMovieW
FPC_PutPlaying
FPC_PutQuality
FPC_PutQuality2A
FPC_PutQuality2W
FPC_PutSAlignA
FPC_PutSAlignW
FPC_PutSWRemoteA
FPC_PutSWRemoteW
FPC_PutScaleA
FPC_PutScaleMode
FPC_PutScaleW
FPC_PutStackingA
FPC_PutStackingW
FPC_PutStandardMenu
FPC_PutWModeA
FPC_PutWModeW
FPC_QueryInterface
FPC_RemoveGetBindInfoHandler
FPC_RemoveOnLoadExternalResourceHandler
FPC_Rewind
FPC_SetCapture
FPC_SetContext
FPC_SetFocus
FPC_SetGlobalOption
FPC_SetOption
FPC_SetPreProcessURLHandler
FPC_SetSoundListener
FPC_SetSoundVolume
FPC_SetVariableA
FPC_SetVariableW
FPC_SetZoomRect
FPC_StartMinimizeMemoryTimer
FPC_Stop
FPC_StopFPCMinimizeMemoryTimer
FPC_StopMinimizeMemoryTimer
FPC_StopPlay
FPC_TCallFrameA
FPC_TCallFrameW
FPC_TCallLabelA
FPC_TCallLabelW
FPC_TCurrentFrameA
FPC_TCurrentFrameW
FPC_TCurrentLabelA
FPC_TCurrentLabelW
FPC_TGetPropertyA
FPC_TGetPropertyAsNumberA
FPC_TGetPropertyAsNumberW
FPC_TGetPropertyNumA
FPC_TGetPropertyNumW
FPC_TGetPropertyW
FPC_TGotoFrameA
FPC_TGotoFrameW
FPC_TGotoLabelA
FPC_TGotoLabelW
FPC_TPlayA
FPC_TPlayW
FPC_TSetPropertyA
FPC_TSetPropertyNumA
FPC_TSetPropertyNumW
FPC_TSetPropertyW
FPC_TStopPlayA
FPC_TStopPlayW
FPC_UnloadCode
FPC_Zoom
GetInstalledFlashVersion
GetUsingFlashVersion
RegisterFlashWindowClass
RegisterFlashWindowClassEx
UnregisterFlashWindowClass

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f88137e555c10be415ddace8489cef7d

Code Sign

04:68:e1:d3:69:fe:2a:5f:2a:a4:8e:ac:33:61:5a:0bCertificate

Extended Key Usages

Key Usages

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1Certificate

Extended Key Usages

Key Usages

0d:82:bc:f9:e3:84:d8:8d:a3:69:2e:a7:91:93:5f:53Certificate

Extended Key Usages

Key Usages

0a:04:df:21:74:5d:4d:2b:8c:ea:33:72:05:00:50:e9Certificate

Extended Key Usages

Key Usages

5d:cd:35:58:ed:4b:70:4e:b7:a3:b8:63:b4:ea:5e:a0:64:92:65:fbSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 160KB - Virtual size: 156KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 5KB

04:68:e1:d3:69:fe:2a:5f:2a:a4:8e:ac:33:61:5a:0b
Certificate

07:f4:73:6f:af:ef:40:8a:1f:66:40:f2:65:d1:0a:c1
Certificate

0d:82:bc:f9:e3:84:d8:8d:a3:69:2e:a7:91:93:5f:53
Certificate

0a:04:df:21:74:5d:4d:2b:8c:ea:33:72:05:00:50:e9
Certificate

5d:cd:35:58:ed:4b:70:4e:b7:a3:b8:63:b4:ea:5e:a0:64:92:65:fb
Signer

.text
Size: 160KB - Virtual size: 156KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 5KB