ab0a305ff013c56d275c1b9573c1365a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ab0a305ff013c56d275c1b9573c1365a_JaffaCakes118
Size

120KB
MD5

ab0a305ff013c56d275c1b9573c1365a
SHA1

9f68414458ade3c3170409247767e4bca32b11e9
SHA256

46b8e31d91935a95a8f0b5ba043ff3f9ff1a3247ddb26aeba42f57b1536af29d
SHA512

3bbb205ceaa25bf93d7508681149a980103fa758cb2465527b6727ff0984f53ab53177c266e36e925b0353c11b880c852310c1053f08b565f224d19f19d6e5e7
SSDEEP

3072:ctJN9PLNAIhvMbZYnQE0329yOgcw74+JP5atJ:S9zZEmnQEE0yOgcwDvGJ

Score

1^/10

Malware Config

Signatures

Files

ab0a305ff013c56d275c1b9573c1365a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c157f4abcb6143da1e9395941e19f0d2

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6c:10:31:8a:98:1b:9a:03:c9:a8:40:ef:f4:e5:8f:33
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

11/02/2009, 00:00

Not After

13/02/2010, 23:59

Subject

CN=Market Precision\, Inc.,OU=IT,O=Market Precision\, Inc.,L=Cambridge,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:1f:9e:5c:bd:86:7e:0c:60:f4:8d:89:c9:d9:0b:ca:89:07:df:da
Signer

Actual PE Digest

36:1f:9e:5c:bd:86:7e:0c:60:f4:8d:89:c9:d9:0b:ca:89:07:df:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

xpcom

NS_StringContainerFinish
NS_CStringContainerFinish
NS_StringContainerInit
NS_Free
NS_StringGetData
NS_CStringGetData
NS_Alloc
NS_GetServiceManager
NS_CStringContainerInit
NS_GetComponentManager

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr80

fwprintf_s
_wfopen_s
_vsnwprintf_s
free
malloc
isalnum
wcsncmp
wcstok_s
wcscpy_s
strcpy_s
wcsnlen
_wcsnicmp
wcstod
wcstoul
fclose
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
_snwprintf_s
towlower
??0exception@std@@QAE@ABQBD@Z
_invalid_parameter_noinfo
??2@YAPAXI@Z
_purecall
wcsncpy_s
??3@YAXPAX@Z
memmove_s
rand_s
_stricmp
??0exception@std@@QAE@XZ
??_V@YAXPAX@Z
calloc
strcpy
strlen
memset
memcpy
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_except_handler4_common
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
_amsg_exit
__CppXcptFilter
_wcsicmp
_adjust_fdiv
_CxxThrowException
?terminate@@YAXXZ
__CxxFrameHandler3

user32

EnumChildWindows
IsWindowVisible
GetPropW
EnumWindows

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VariantInit
SysFreeString
SysAllocString

wininet

InternetCrackUrlW

shlwapi

PathRemoveFileSpecW
UrlUnescapeW

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

iphlpapi

GetAdaptersAddresses

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
SetNamedSecurityInfoW
RegSetValueExW

kernel32

CreateFileW
FindFirstFileW
FindNextFileW
OpenEventW
CreateMutexW
OpenFileMappingW
WaitForMultipleObjects
MapViewOfFile
WaitForSingleObject
SetEvent
ReleaseMutex
MultiByteToWideChar
GetCurrentThreadId
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
HeapFree
GetProcessHeap
DisableThreadLibraryCalls
GetFileTime
DeleteFileW
FindClose
GetCurrentProcess
GetTickCount
Sleep
OutputDebugStringW
LocalFree
GetTempPathW
CreateDirectoryW
GetTempFileNameW
FreeLibrary
GetVersionExW
LoadLibraryW
GetProcAddress
CreateWaitableTimerW
GetLastError
GetSystemTimeAsFileTime
SetWaitableTimer
CreateThread
CloseHandle
UnmapViewOfFile
CreateEventW
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedDecrement
SetLastError
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleFileNameW

nspr4

PR_AtomicIncrement
PR_AtomicDecrement

Exports

Exports

NSGetModule

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c157f4abcb6143da1e9395941e19f0d2

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

6c:10:31:8a:98:1b:9a:03:c9:a8:40:ef:f4:e5:8f:33Certificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

36:1f:9e:5c:bd:86:7e:0c:60:f4:8d:89:c9:d9:0b:ca:89:07:df:daSigner

Headers

File Characteristics

Imports

xpcom

msvcp80

msvcr80

user32

ole32

oleaut32

wininet

shlwapi

urlmon

iphlpapi

rpcrt4

advapi32

kernel32

nspr4

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 61KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 8KB - Virtual size: 5KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

6c:10:31:8a:98:1b:9a:03:c9:a8:40:ef:f4:e5:8f:33
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

36:1f:9e:5c:bd:86:7e:0c:60:f4:8d:89:c9:d9:0b:ca:89:07:df:da
Signer

.text
Size: 64KB - Virtual size: 61KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 8KB - Virtual size: 5KB