7697d70bcdc1cede5bda2fcfeb0fdd23_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7697d70bcdc1cede5bda2fcfeb0fdd23_JaffaCakes118
Size

439KB
MD5

7697d70bcdc1cede5bda2fcfeb0fdd23
SHA1

48d037b5c31027f64d68f5f402c3fd903fb69771
SHA256

2e35d4427657a77ab6e94d7a4ab144df557ac28a990d85d02907b27a5e93c916
SHA512

7ec63d5994ebf4a3ef2823b9f0f9857a342fe6bb9a637c7b26852da1b19e8a2ef9106d9794341b07be8f6264ccddb25ff1a7760b19dbe9c02b9e6027f9076af4
SSDEEP

12288:gHteShpQAXov++CVOr4WndT9B6zSOSs6X:6t56SVOrlTj6GOr6X

Score

1^/10

Malware Config

Signatures

Files

7697d70bcdc1cede5bda2fcfeb0fdd23_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

851e0801b5ce12af950fab936a1a537d

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:66:87:06:2d:75:5a:0a:7a:12:94:f7:9b:e0:62:da
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

05/11/2004, 00:00

Not After

05/11/2005, 23:59

Subject

CN=Amazing Software Products,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Amazing Software Products,O=Amazing Software Products,L=Wilmington,ST=Delaware,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6c:54:45:7b:76:f6:b4:f1:bb:90:6f:ae:67:25:a5:0e:e7:ed:13:00
Signer

Actual PE Digest

6c:54:45:7b:76:f6:b4:f1:bb:90:6f:ae:67:25:a5:0e:e7:ed:13:00

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundA

shlwapi

PathFileExistsA

wininet

DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindCloseUrlCache
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
HttpQueryInfoA
InternetReadFile

kernel32

Sleep
WriteFile
GetTempPathA
GetModuleFileNameA
SetEvent
lstrlenW
MoveFileExA
CreateFileA
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
FindClose
FindNextFileA
GetProcAddress
FindFirstFileA
lstrcpyA
lstrcatA
SetLastError
MultiByteToWideChar
LoadLibraryA
OutputDebugStringA
lstrlenA
GetModuleFileNameW
FreeLibrary
LoadLibraryW
TerminateThread
GetCurrentThreadId
DebugBreak
GlobalUnlock
GlobalLock
WaitForSingleObject
ResetEvent
CreateEventA
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
FlushInstructionCache
GetCurrentProcess
GetCurrentProcessId
lstrcmpA
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThread
HeapFree
HeapAlloc
GetProcessHeap
RemoveDirectoryA
DisableThreadLibraryCalls
HeapDestroy
GetShortPathNameA
CloseHandle
DeleteFileA
GetModuleHandleA
GetVersionExA
GetModuleHandleW
GetLastError
SetCurrentDirectoryA
RaiseException
InterlockedExchange
LocalAlloc
LocalFree

user32

LoadCursorA
GetClassInfoExA
RegisterClassExA
RegisterWindowMessageA
DrawEdge
MoveWindow
FillRect
DefWindowProcA
GetDC
OffsetRect
GetMenuItemInfoA
CopyRect
GetSystemMetrics
SetFocus
GetWindow
ShowWindow
IsWindowVisible
GetAsyncKeyState
GetWindowRect
LoadMenuA
GetSubMenu
InsertMenuA
TrackPopupMenu
DestroyMenu
LoadImageA
LoadStringA
CharNextA
wvsprintfA
MapWindowPoints
GetMessagePos
GetCursorPos
GetFocus
GetWindowLongA
SetWindowLongA
SetWindowPos
SetWindowsHookExA
WindowFromPoint
SetTimer
SetCursor
ScreenToClient
PtInRect
GetKeyState
GetClassNameA
CallNextHookEx
InvalidateRect
KillTimer
MessageBoxA
UnhookWindowsHookEx
GetSysColor
CharLowerA
SendMessageA
wsprintfA
IsWindow
GetParent
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
CloseClipboard
GetClipboardData
OpenClipboard
DestroyWindow
CallWindowProcA
IsChild
EndPaint
BeginPaint
GetClientRect
RedrawWindow
GetDesktopWindow
CreateAcceleratorTableA
DestroyAcceleratorTable
ReleaseCapture
DestroyCursor
PostMessageA
EmptyClipboard
LoadCursorFromFileA
TranslateMessage
EnableMenuItem
ReleaseDC
CheckMenuItem
AppendMenuA
CreatePopupMenu
GetActiveWindow
CreateWindowExA
GetDlgItem
InvalidateRgn
SetCapture
UnregisterClassA
SetWindowRgn
SetActiveWindow
DispatchMessageA

gdi32

SetBkMode
DeleteDC
BitBlt
GetTextExtentPoint32A
DeleteObject
SelectObject
CreateBrushIndirect
GetTextMetricsA
SetBkColor
SetTextColor
CreateFontA
CreateRectRgn
GetObjectA
CreateSolidBrush
CreateCompatibleBitmap
GetStockObject
ExtTextOutA
GetDeviceCaps
CreateCompatibleDC
GetTextExtentPointA

shell32

ShellExecuteA
DragQueryFileA
SHAddToRecentDocs

ole32

CLSIDFromProgID
OleRun
RegisterDragDrop
OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CLSIDFromString
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
ReleaseStgMedium
CoInitialize
CoCreateInstance
CoCreateGuid

oleaut32

GetErrorInfo
SysAllocString
SysStringByteLen
VariantInit
VariantClear
SysAllocStringLen
OleCreateFontIndirect
SafeArrayAccessData
SafeArrayUnaccessData
RegisterTypeLi
LoadTypeLi
SafeArrayCreateVector
SysAllocStringByteLen
SysStringLen
SysFreeString
SafeArrayCreate
DispCallFunc
LoadRegTypeLi
VariantChangeType
VariantCopy
SafeArrayDestroy
SafeArrayPutElement

msvcp60

?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB

msvcrt

realloc
wcstol
wcstod
_strlwr
_CxxThrowException
wcscpy
srand
fread
ftell
wcschr
rand
wcscmp
wcsncpy
_fullpath
isdigit
wcslen
_beginthread
_except_handler3
atoi
time
_itoa
wcsstr
localtime
mktime
difftime
_purecall
_mkdir
fseek
free
memcpy
strstr
strtok
fopen
fgets
strcmp
fclose
strcat
strcpy
strrchr
strlen
??2@YAPAXI@Z
memcmp
memmove
__CxxFrameHandler
memset
_initterm
fwrite
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
malloc
_adjust_fdiv

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
TBStudioReg

Sections

.text
Size: 296KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARED
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

851e0801b5ce12af950fab936a1a537d

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

51:66:87:06:2d:75:5a:0a:7a:12:94:f7:9b:e0:62:daCertificate

Extended Key Usages

Key Usages

6c:54:45:7b:76:f6:b4:f1:bb:90:6f:ae:67:25:a5:0e:e7:ed:13:00Signer

Headers

File Characteristics

Imports

winmm

shlwapi

wininet

kernel32

user32

gdi32

shell32

ole32

oleaut32

msvcp60

msvcrt

Exports

Exports

Sections

.text Size: 296KB - Virtual size: 292KB

.rdata Size: 68KB - Virtual size: 64KB

.data Size: 16KB - Virtual size: 14KB

.SHARED Size: 4KB - Virtual size: 2KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 36KB - Virtual size: 33KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

51:66:87:06:2d:75:5a:0a:7a:12:94:f7:9b:e0:62:da
Certificate

6c:54:45:7b:76:f6:b4:f1:bb:90:6f:ae:67:25:a5:0e:e7:ed:13:00
Signer

.text
Size: 296KB - Virtual size: 292KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 16KB - Virtual size: 14KB

.SHARED
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 36KB - Virtual size: 33KB