9ff990dc02678c1301ee8d9604061199_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9ff990dc02678c1301ee8d9604061199_JaffaCakes118
Size

1.4MB
MD5

9ff990dc02678c1301ee8d9604061199
SHA1

0351c74a9135c31ffeaad5d3fcea3dd28cedf19c
SHA256

ecfda6df7c333c6ffc20e30111ba00f479a75a9cf87d1a4be014fed7bc196c59
SHA512

15ddde2c71c0130aaeb759d4ecac09caf0c988de32743af08b13723f9e8b35a8c65f8984afe10527e41cd81ca37fdd49025d370d509b4aa3a4e0303918829c48
SSDEEP

24576:yB6ZG+Qk1E7TKUC6R8TXcX1SWK+9nojRmgqFB9w10:yBCG+Qk1sTrC6REXcXlW1BqFjw10

Score

1^/10

Malware Config

Signatures

Files

9ff990dc02678c1301ee8d9604061199_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

dbbbc97c846926adcee8537a1e627ee5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:93:a3:af:50:4b:70:c4:37:13:ec:d7:36:53:6b:43
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/10/2010, 00:00

Not After

26/10/2012, 23:59

Subject

CN=Smartshopper Technologies\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Smartshopper Technologies\, LLC,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:28:29:d1:d3:99:0d:5b:39:a0:70:8a:95:44:d5:44:e8:a3:8e:22
Signer

Actual PE Digest

0e:28:29:d1:d3:99:0d:5b:39:a0:70:8a:95:44:d5:44:e8:a3:8e:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\101108_112954_build_SmartShopper_Build_SmartShopper_2.7.27.0\source\source_sms\bin\Smrt-Shpr.pdb

Imports

kernel32

LockResource
LoadResource
SizeofResource
FreeLibrary
InterlockedDecrement
InterlockedIncrement
HeapAlloc
WaitForSingleObject
GetModuleHandleA
InterlockedExchange
CompareStringA
GetCurrentProcessId
lstrlenA
GetProcessHeap
GetTickCount
GetLocalTime
GetFullPathNameA
GetDriveTypeA
CreateDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryA
MoveFileExW
GetSystemTime
GetSystemDefaultLangID
DeleteFileA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
SetLastError
GetCurrentThreadId
GetThreadLocale
SetThreadLocale
VirtualQuery
GetModuleFileNameA
LoadLibraryA
HeapReAlloc
HeapFree
LocalAlloc
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
RaiseException
SetEnvironmentVariableA
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeA
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringA
ExitProcess
GetStdHandle
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
FatalAppExitA
HeapCreate
GetCommandLineA
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemInfo
VirtualProtect
RtlUnwind
GetSystemTimeAsFileTime
HeapSize
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
GlobalHandle
GlobalFree
PulseEvent
ReleaseSemaphore
WriteFile
ReadFile
FlushFileBuffers
SetFilePointer
CloseHandle
ReleaseMutex
SetEvent
ResetEvent
UnmapViewOfFile
MapViewOfFile
WaitForMultipleObjects
GetExitCodeProcess
FileTimeToSystemTime
FindClose
Sleep
SetFileTime
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
SystemTimeToFileTime
GetFileTime
SetUnhandledExceptionFilter
IsBadWritePtr
GetCurrentThread
ResumeThread
SetThreadPriority
TerminateThread
CreateThread
SetEndOfFile
GetFileSize
LocalFree

advapi32

SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey

user32

IsIconic
GetWindowRect
MoveWindow
EqualRect
CopyRect
GetParent
IsWindow
DestroyWindow
KillTimer
MapDialogRect
IsWindowVisible
GetWindow
SetWindowContextHelpId
GetSysColor
GetClientRect
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
RedrawWindow
SetWindowPos
IsChild
GetDlgItem
ReleaseCapture
FillRect
EndPaint
BeginPaint
GetDesktopWindow
DestroyAcceleratorTable
SetFocus
GetFocus
TranslateMessage
MsgWaitForMultipleObjects
UpdateWindow
GetTopWindow
ReplyMessage
GetKeyState
BringWindowToTop
MapWindowPoints
EnumChildWindows
UnregisterClassA
SetTimer
SetWindowRgn
InflateRect
OffsetRect
EnumWindows
ShowWindow
SetRectEmpty
GetSysColorBrush
SetCapture

gdi32

CreateRectRgn
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
CreateSolidBrush
CombineRgn
GetStockObject
CreatePolygonRgn
CreateRoundRectRgn
OffsetRgn
FillRgn
DeleteDC

sensapi

IsNetworkAlive

iphlpapi

GetAdaptersInfo

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoMarshalInterface
CoUnmarshalInterface
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoInitialize
CoUninitialize
CoCreateInstance
ProgIDFromCLSID
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
CoReleaseMarshalData
OleRun
OleUninitialize
StringFromCLSID
OleInitialize

oleaut32

SafeArrayPutElement
SysStringLen
SysFreeString
VarBstrCat
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
VariantInit
VariantClear
DispCallFunc
UnRegisterTypeLi
RegisterTypeLi
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetElement
VarUdateFromDate
BstrFromVector
VectorFromBstr
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayCopy
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayUnlock
SafeArrayLock
VarBstrCmp
VariantCopy
OleCreateFontIndirect

shlwapi

StrRChrW
StrToIntW
PathFileExistsW

ws2_32

WSACreateEvent
WSASetEvent
WSAEventSelect
WSASocketW
closesocket
WSARecv
WSAResetEvent
WSASend
WSAGetOverlappedResult
WSAConnect
WSAGetLastError
WSAEnumNetworkEvents
WSACloseEvent
WSACleanup
WSASetLastError
WSAStartup
GetAddrInfoW
FreeAddrInfoW

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW

version

VerQueryValueA
VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW

urlmon

CreateURLMoniker

comctl32

_TrackMouseEvent
ord17
ImageList_ReplaceIcon
ImageList_GetImageCount

crypt32

CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
CryptQueryObject
CryptMsgClose
CertGetNameStringW
CryptMsgGetParam

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllSendIdsRequestAbort
DllSendIdsRequestAlreadyInstalled
DllSendIdsRequestCancel
DllSendIdsRequestInstalledOnVista
DllSendIdsRequestOk
DllSendUninstallReport
DllUnregisterServer

Sections

.text
Size: 923KB - Virtual size: 922KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbbbc97c846926adcee8537a1e627ee5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

6b:93:a3:af:50:4b:70:c4:37:13:ec:d7:36:53:6b:43Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

0e:28:29:d1:d3:99:0d:5b:39:a0:70:8a:95:44:d5:44:e8:a3:8e:22Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

gdi32

sensapi

iphlpapi

ole32

oleaut32

shlwapi

ws2_32

shell32

version

urlmon

comctl32

crypt32

Exports

Exports

Sections

.text Size: 923KB - Virtual size: 922KB

.rdata Size: 279KB - Virtual size: 278KB

.data Size: 39KB - Virtual size: 52KB

.rsrc Size: 106KB - Virtual size: 106KB

.reloc Size: 63KB - Virtual size: 62KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

6b:93:a3:af:50:4b:70:c4:37:13:ec:d7:36:53:6b:43
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

0e:28:29:d1:d3:99:0d:5b:39:a0:70:8a:95:44:d5:44:e8:a3:8e:22
Signer

.text
Size: 923KB - Virtual size: 922KB

.rdata
Size: 279KB - Virtual size: 278KB

.data
Size: 39KB - Virtual size: 52KB

.rsrc
Size: 106KB - Virtual size: 106KB

.reloc
Size: 63KB - Virtual size: 62KB