8434c5f226e5afeff2758142735a5169_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8434c5f226e5afeff2758142735a5169_JaffaCakes118
Size

169KB
MD5

8434c5f226e5afeff2758142735a5169
SHA1

5ad8879a5f680ee14a4dcae0f41db99363d6deb1
SHA256

786665a3b839365c5256cb453ffd915b3e99a552b6ef9030292a41103a1214d9
SHA512

c2f907cb298e95d18207709bd8dd52a0e476b7217e6d0a14d4abbde6f3af941a005b5547a02be1e91246a8b122f2d6dcb7fcd21c1fae88b67f327aab69d0120b
SSDEEP

1536:yple1n4Z3g8oTtr6Rw9WccYO5/Df5y0qm+bFb9fJVnkv9XyMarDUO6hwyJ6tTZ3z:yne1M6TtWbt25N0QamyJ6tTZ3Tw4Nb

Score

1^/10

Malware Config

Signatures

Files

8434c5f226e5afeff2758142735a5169_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a31cb4fcc99319f28708a8285873b8c7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:38:5d:e6:14:bc:be:5b:ae:4d:49:d9:ae:89:5c:f7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

25/11/2008, 00:00

Not After

09/12/2011, 23:59

Subject

CN=Synaptics Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technical Marketing,O=Synaptics Incorporated,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8d:f4:00:1e:1d:30:03:46:3c:12:70:6f:6d:8f:f4:2a:54:b8:18:82
Signer

Actual PE Digest

8d:f4:00:1e:1d:30:03:46:3c:12:70:6f:6d:8f:f4:2a:54:b8:18:82

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\checkpoints\TPDrv\Do_Not_Release_v15_3_26_2\SynTPAPI\Win32\ReleaseA\SynTPAPI.pdb

Imports

kernel32

LeaveCriticalSection
MapViewOfFile
CreateFileMappingA
PulseEvent
WideCharToMultiByte
UnmapViewOfFile
CloseHandle
CreateEventA
GetLastError
CreateMutexA
EnterCriticalSection
ExpandEnvironmentStringsA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
GetProcAddress
GetModuleFileNameA
LoadLibraryExA
FreeLibrary
DeleteCriticalSection
CreateProcessA
WaitForSingleObject
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
InterlockedDecrement
MultiByteToWideChar
SetStdHandle
ReadFile
GetConsoleMode
GetConsoleCP
SetFilePointer
lstrlenA
HeapFree
GetProcessHeap
RtlUnwind
RaiseException
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapAlloc
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsFree
SetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
HeapSize
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

SendMessageA
wsprintfA
LoadStringW
LoadStringA
PtInRect
IsWindow
GetWindowThreadProcessId
PostMessageA

advapi32

RegEnumKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyA

ole32

CLSIDFromProgID
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantClear

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

CommitPlugIns
ConfigurePlugIn
ConfigurePlugInDefaults
DllGetVersion
ExitPlugIns
FindAndGetCustomZoneProperty
GetActionHandle
GetActivePlugIn
GetActivePlugInDefault
GetNumPlugIns
GetPlugInActionIDA
GetPlugInActionIDW
GetPlugInBitmapID
GetPlugInHandle
GetPlugInHandleW
GetPlugInHelpCommand
GetPlugInHelpData
GetPlugInHelpFile
GetPlugInHelpFileW
GetPlugInKeySequence
GetPlugInLongName
GetPlugInLongNameW
GetPlugInOrderID
GetPlugInRegistryValueToChangeA
GetPlugInRegistryValueToChangeW
GetPlugInShortName
GetPlugInShortNameW
GetPlugInValidZones
GetPlugInWindowMessageA
GetPlugInWindowMessageW
IsPlugInConfigurable
IsPlugInValidOnDevice
IsPlugInValidOnZone
ReInitZonesA
ReInitZonesAtDisplayChangeA
ReInitZonesAtDisplayChangeW
ReInitZonesW
RegisterActionHandle
RegisterPlugIn
RegisterPlugInW
RevertPlugIns
SendPlugInEvent
SetActivePlugIn
StartPlugIns
UpdateTPList
_DllMain@12

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a31cb4fcc99319f28708a8285873b8c7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

76:38:5d:e6:14:bc:be:5b:ae:4d:49:d9:ae:89:5c:f7Certificate

Extended Key Usages

Key Usages

8d:f4:00:1e:1d:30:03:46:3c:12:70:6f:6d:8f:f4:2a:54:b8:18:82Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

version

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 16KB - Virtual size: 14KB

.reloc Size: 12KB - Virtual size: 8KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

76:38:5d:e6:14:bc:be:5b:ae:4d:49:d9:ae:89:5c:f7
Certificate

8d:f4:00:1e:1d:30:03:46:3c:12:70:6f:6d:8f:f4:2a:54:b8:18:82
Signer

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 16KB - Virtual size: 14KB

.reloc
Size: 12KB - Virtual size: 8KB