a0218609ad317134e6f2b0023729f66b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a0218609ad317134e6f2b0023729f66b_JaffaCakes118
Size

413KB
MD5

a0218609ad317134e6f2b0023729f66b
SHA1

a971ffb5e83da21bd658c01d1c13d20f58615886
SHA256

ffddb97d2a71378207cb7008b18c32e2850173e014de6df248aa576826ab75e6
SHA512

f5a548c92a6f5cc23d6b4040d3abe99cac2d16ca435b1a364392616566a4882c516f9405c8cca55e1ac9a3f217041d731738834d3d328182eb16836ce6a5da43
SSDEEP

6144:DJvI1MGOVHQa7npJ0B/ZB1piKUWxGuEbYX3Dz1lEEcTInOWpPeG7BSWs:JI1MVVHQa7pcRzsKsXkDz19Z7B+

Score

1^/10

Malware Config

Signatures

Files

a0218609ad317134e6f2b0023729f66b_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

154b7eb7684ade98c51a16475fdc2fb4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:52:2d:eb:7b:7a:c2:73:94:e5:fe:57:32:39:12:cb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

25/05/2006, 00:00

Not After

03/07/2009, 23:59

Subject

CN=Intervideo\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Head Quarter,O=Intervideo\, Inc.,L=Fremont,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

53:55:5c:5d:0f:7a:1f:b9:de:c4:6f:37:d8:aa:89:ac:4f:85:97:f2
Signer

Actual PE Digest

53:55:5c:5d:0f:7a:1f:b9:de:c4:6f:37:d8:aa:89:ac:4f:85:97:f2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc80

ord2408
ord2413
ord2396
ord2398
ord2400
ord2394
ord2410
ord2390
ord934
ord930
ord932
ord928
ord923
ord5233
ord5235
ord5960
ord1600
ord4282
ord4722
ord3403
ord5214
ord4185
ord6275
ord5073
ord1908
ord5152
ord4244
ord1402
ord3946
ord1617
ord1620
ord5915
ord6725
ord760
ord3684
ord3683
ord566
ord3333
ord4481
ord2838
ord5566
ord5213
ord5230
ord4568
ord3948
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord757
ord3830
ord2248
ord1049
ord6174
ord1191
ord1187
ord762
ord765
ord315
ord1084
ord1037
ord1092
ord1206
ord1208
ord1098
ord371
ord1167
ord1120
ord1201
ord1175
ord1177
ord1209
ord581
ord5403
ord2468
ord2902
ord3934
ord4108
ord578
ord781
ord3997
ord310
ord297
ord2271
ord876
ord1467
ord2131
ord304
ord865
ord2322
ord1486
ord300
ord783
ord784
ord1185
ord5715
ord745
ord557
ord6754
ord1230
ord314
ord1917
ord911
ord3255
ord1181
ord5320
ord265
ord266
ord6286
ord5331
ord6297
ord1489
ord6118
ord299
ord6703
ord1482
ord2346
ord1580
ord1110
ord1279
ord602
ord347
ord2392
ord2415
ord2403
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2537
ord2731
ord2835
ord4307
ord2714
ord2862
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4486
ord4261
ord3337
ord572
ord764

msvcr80

_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
__dllonexit
_encode_pointer
_unlock
_except_handler4_common
sscanf
__CxxFrameHandler3
atoi
__CppXcptFilter
memset
_wcsicmp
free
strcpy_s
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
memcpy_s
atof
malloc
_recalloc
calloc
_resetstkoflw
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_purecall
vsprintf_s
memcpy
memcmp
_makepath
_splitpath
_CIsqrt
_mbsnbcat
_invalid_parameter_noinfo
_snprintf
memmove_s
_beginthreadex
_mbscmp
sprintf
_mbslwr
?terminate@@YAXXZ
_CIacos
_mbsstr
qsort
strncpy
__clean_type_info_names_internal

kernel32

GetLocaleInfoA
GetThreadLocale
lstrlenW
GetACP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
LocalAlloc
LocalFree
SuspendThread
lstrcpyA
lstrcatA
Sleep
lstrcpynA
WaitForSingleObject
ResumeThread
QueryPerformanceFrequency
QueryPerformanceCounter
RaiseException
OutputDebugStringA
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
MulDiv
lstrlenA
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte

user32

CopyRect
GetIconInfo
SetRect
CreateWindowExA
DestroyWindow
ClientToScreen
GetDC
ReleaseDC
DrawTextA
GetWindowLongA
GetClientRect
SetWindowPos
GetClassLongA
PtInRect
IsRectEmpty
IntersectRect
UnionRect
SetRectEmpty
OffsetRect
PostMessageA
SendMessageTimeoutA
EnableWindow
RegisterWindowMessageA
GetSystemMetrics
GetMonitorInfoA
MonitorFromWindow
GetWindowRect
UnregisterClassA
SetWindowLongA
ClipCursor

gdi32

SelectObject
CreateCompatibleDC
DeleteObject
DeleteDC
GetObjectA
GetDIBits
SetTextAlign
ExtTextOutA
CreateDIBSection
SetTextColor
SetBkColor
SetMapMode
CreateFontIndirectA
GetTextExtentPoint32A
GetDeviceCaps

ole32

CoCreateInstance

oleaut32

VariantClear
VariantInit
VarBstrCmp
SysReAllocStringLen
VarBstrCat
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString

atl80

ord31
ord15
ord61
ord23
ord49
ord22
ord18
ord32
ord30
ord64

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipSetClipRectI
GdipSetCompositingMode
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHBITMAP
GdipDeleteGraphics
GdipBitmapGetPixel
GdipCloneBitmapAreaI
GdipGetFamily
GdipGetImagePixelFormat
GdipGetImageHeight
GdipDrawImageRectRectI
GdipCloneBrush
GdipGetFontSize
GdipGetFontStyle
GdipDrawString
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateSolidFill
GdipSetImageAttributesColorKeys
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCreateFont
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipCloneImage
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetImageWidth

d3d9

Direct3DCreate9

d3dx9_32

D3DXCreateTexture
D3DXCreateTextureFromFileExA
D3DXVec3TransformCoord
D3DXMatrixRotationX
D3DXMatrixRotationY
D3DXMatrixRotationZ
D3DXMatrixMultiply
D3DXMatrixOrthoLH
D3DXMatrixLookAtLH
D3DXMatrixPerspectiveFovLH
D3DXMatrixScaling
D3DXCreateTextureFromFileInMemoryEx

winmm

timeGetTime

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 244KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

154b7eb7684ade98c51a16475fdc2fb4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

11:52:2d:eb:7b:7a:c2:73:94:e5:fe:57:32:39:12:cbCertificate

Extended Key Usages

Key Usages

53:55:5c:5d:0f:7a:1f:b9:de:c4:6f:37:d8:aa:89:ac:4f:85:97:f2Signer

Headers

File Characteristics

Imports

mfc80

msvcr80

kernel32

user32

gdi32

ole32

oleaut32

atl80

gdiplus

d3d9

d3dx9_32

winmm

msvcp80

Exports

Exports

Sections

.text Size: 244KB - Virtual size: 241KB

.rdata Size: 84KB - Virtual size: 82KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 32KB - Virtual size: 28KB

.reloc Size: 32KB - Virtual size: 30KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

11:52:2d:eb:7b:7a:c2:73:94:e5:fe:57:32:39:12:cb
Certificate

53:55:5c:5d:0f:7a:1f:b9:de:c4:6f:37:d8:aa:89:ac:4f:85:97:f2
Signer

.text
Size: 244KB - Virtual size: 241KB

.rdata
Size: 84KB - Virtual size: 82KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 32KB - Virtual size: 28KB

.reloc
Size: 32KB - Virtual size: 30KB