88fb83f2e56bd01c030eece01ab75177_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

88fb83f2e56bd01c030eece01ab75177_JaffaCakes118
Size

16KB
MD5

88fb83f2e56bd01c030eece01ab75177
SHA1

1a8a54daab7d88fa3dee4c9015b9848f64c2e7a4
SHA256

8f0f2656775049af7980d2bc32657d0d38000021a34512f43476404a988127d9
SHA512

dcf5dde032ae4a118738034eaade96b3f8a62223f7a1f109af148e40057061e55c2afaf892609a161aff70536e8aeaa27fd687348e175290db9cc858807d25a9
SSDEEP

384:VjMa9sEKLdNEhe+mJanSoHerzhNXqX2XfPl9pYUvWLJof+vbCx1Z:VjMaFENETmJ7F2qFcbCTZ

Score

1^/10

Malware Config

Signatures

Files

88fb83f2e56bd01c030eece01ab75177_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1e20c0c8efc0f046abdc7a73458f93ff

Code Sign

3d:c7:f5:22:0d:b5:cb:6b:79:ea:7e:64:b1:c0:19:97
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

28/01/2010, 00:00

Not After

22/03/2012, 23:59

Subject

CN=OPSWAT\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=OPSWAT\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a6:1a:a5:8e:ec:51:4a:9e:99:22:0c:c9:e6:69:c4:ae:12:e9:5b:45
Signer

Actual PE Digest

a6:1a:a5:8e:ec:51:4a:9e:99:22:0c:c9:e6:69:c4:ae:12:e9:5b:45

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oesiscore

?addIfError@CErrorInfo@OESIS@@SI_H_HQAG_H@Z

msvcp60

?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB

msvcrt

_purecall

Exports

Exports

??0CFileVersionInfo@OESIS@@QAE@ABV01@@Z
??0CRegKey@OESIS@@QAE@ABV01@@Z
??0typeObject@OESIS@@QAE@ABV01@@Z
??0typeObject@OESIS@@QAE@XZ
??1CSoftwareVersion@OESIS@@QAE@XZ
??1CSoftwareVersionRange@OESIS@@QAE@XZ
??4CFileVersionInfo@OESIS@@QAEAAV01@ABV01@@Z
??4CRegKey@OESIS@@QAEAAV01@ABV01@@Z
??4CStringUtils@OESIS@@QAEAAV01@ABV01@@Z
??4typeObject@OESIS@@QAEAAV01@ABV01@@Z
??_7CFileVersionInfo@OESIS@@6B@
??_7typeObject@OESIS@@6B@
?GetCPByIndex@CFileVersionInfo@OESIS@@QBEGI@Z
?GetCurCP@CFileVersionInfo@OESIS@@QBEGXZ
?GetCurLID@CFileVersionInfo@OESIS@@QBEGXZ
?GetCurTrans@CFileVersionInfo@OESIS@@QBEKXZ
?GetCurTransIndex@CFileVersionInfo@OESIS@@QBEIXZ
?GetFileVersionBuild@CFileVersionInfo@OESIS@@QBEGXZ
?GetFileVersionMajor@CFileVersionInfo@OESIS@@QBEGXZ
?GetFileVersionMinor@CFileVersionInfo@OESIS@@QBEGXZ
?GetFileVersionQFE@CFileVersionInfo@OESIS@@QBEGXZ
?GetLIDByIndex@CFileVersionInfo@OESIS@@QBEGI@Z
?GetProductVersionBuild@CFileVersionInfo@OESIS@@QBEGXZ
?GetProductVersionMajor@CFileVersionInfo@OESIS@@QBEGXZ
?GetProductVersionMinor@CFileVersionInfo@OESIS@@QBEGXZ
?GetProductVersionQFE@CFileVersionInfo@OESIS@@QBEGXZ
?GetTransCount@CFileVersionInfo@OESIS@@QBEIXZ
?GetVSFFI@CFileVersionInfo@OESIS@@QBEABUtagVS_FIXEDFILEINFO@@XZ
?IsValid@CFileVersionInfo@OESIS@@QBEHXZ
?RegUtil_ReadMultiStringFromRegistry@CRegKey@OESIS@@SA_HJABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0AAVtypeProperty@2@@Z
?RegUtil_ReadStringFromRegistry@CRegKey@OESIS@@SA_HJABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@0AAV34@@Z
?getType@typeTime@OESIS@@UAE?AW4enumObjectType@typeObject@2@XZ
FWSDK_BridgeLib_AllowApplication
FWSDK_BridgeLib_AllowPort
FWSDK_BridgeLib_BlockApplication
FWSDK_BridgeLib_BlockPort
FWSDK_BridgeLib_DisableFW
FWSDK_BridgeLib_EnableFW
FWSDK_BridgeLib_GetInstalledProductIds
FWSDK_BridgeLib_GetProductDescription
FWSDK_BridgeLib_GetProductVendor
FWSDK_BridgeLib_GetProductVersion
FWSDK_BridgeLib_Init
FWSDK_BridgeLib_InvokeFunc
FWSDK_BridgeLib_IsFirewallEnabled
FWSDK_BridgeLib_Uninit
FWSDK_GetModuleVersion

Sections

.text
Size: 5KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1e20c0c8efc0f046abdc7a73458f93ff

Code Sign

3d:c7:f5:22:0d:b5:cb:6b:79:ea:7e:64:b1:c0:19:97Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

a6:1a:a5:8e:ec:51:4a:9e:99:22:0c:c9:e6:69:c4:ae:12:e9:5b:45Signer

Headers

File Characteristics

Imports

kernel32

oesiscore

msvcp60

msvcrt

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 32KB

.rsrc Size: 6KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 4KB

3d:c7:f5:22:0d:b5:cb:6b:79:ea:7e:64:b1:c0:19:97
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

a6:1a:a5:8e:ec:51:4a:9e:99:22:0c:c9:e6:69:c4:ae:12:e9:5b:45
Signer

.text
Size: 5KB - Virtual size: 32KB

.rsrc
Size: 6KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 4KB