77060f699120980dbd5e94160ed9ae64_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

77060f699120980dbd5e94160ed9ae64_JaffaCakes118
Size

78KB
MD5

77060f699120980dbd5e94160ed9ae64
SHA1

cd237642f3255d2e6bdf6518d9012482b07c5c00
SHA256

ff68fff3e2182ebb6f1682b8c8cc4a9f01ef71605a3acf01e834e4603ccf501d
SHA512

4856b88976bc5a5bb57aab65dc1b2e057ced7d8d638bf7a7742bbdc402ebf7e4ec78ec8ab66da3ead3480cab9f4fd943dbcb134ed762bb4125345f76b58b651f
SSDEEP

1536:GhQsDCUUVBgmQB/MVzbU5SWczoD87DVan36e888888888888888888qOy:AQUUrgmQBMVsYH0qF

Score

1^/10

Malware Config

Signatures

Files

77060f699120980dbd5e94160ed9ae64_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

206cd047340a7c219f20bc1489b07073

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/05/2002, 00:55

Not After

25/11/2003, 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2c:4f:73:7a:fb:46:d4:52:ea:28:79:19:14:fb:9d:60:86:2a:8f:cc
Signer

Actual PE Digest

2c:4f:73:7a:fb:46:d4:52:ea:28:79:19:14:fb:9d:60:86:2a:8f:cc

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dwdcw20.pdb

Imports

user32

LoadStringW

kernel32

GlobalAlloc
GlobalFree
CreateProcessW
CloseHandle
GetShortPathNameW
GetLongPathNameW
lstrcmpiW
GetSystemDefaultLCID
GetSystemDefaultUILanguage
GetUserDefaultLangID
LoadLibraryA
GetModuleHandleA
GetModuleFileNameA
RemoveDirectoryW
DeleteFileW
FindNextFileW
GetLastError
FindClose
ExpandEnvironmentStringsW
FindFirstFileW
LoadLibraryW
GetProcAddress
FreeLibrary
GetSystemWindowsDirectoryW
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsFree
DeleteCriticalSection
VirtualFree
EnterCriticalSection
LeaveCriticalSection
SetLastError
VirtualAlloc
GetCurrentProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter

advapi32

RegQueryInfoKeyW
RegEnumValueW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegOpenKeyExA
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW

ole32

CoTaskMemFree
CoTaskMemAlloc

shlwapi

wnsprintfW
SHDeleteKeyW

msvcrt

malloc
_XcptFilter
_onexit
__dllonexit
_adjust_fdiv
free
_initterm
_except_handler3

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

206cd047340a7c219f20bc1489b07073

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:07:11:43:00:00:00:00:00:34Certificate

Extended Key Usages

Key Usages

2c:4f:73:7a:fb:46:d4:52:ea:28:79:19:14:fb:9d:60:86:2a:8f:ccSigner

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

advapi32

ole32

shlwapi

msvcrt

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 512B - Virtual size: 99KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 1024B - Virtual size: 796B

.rsrc Size: 39KB - Virtual size: 40KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:07:11:43:00:00:00:00:00:34
Certificate

2c:4f:73:7a:fb:46:d4:52:ea:28:79:19:14:fb:9d:60:86:2a:8f:cc
Signer

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 512B - Virtual size: 99KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 1024B - Virtual size: 796B

.rsrc
Size: 39KB - Virtual size: 40KB