b07cc95174bc11717bd65071260afa45_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b07cc95174bc11717bd65071260afa45_JaffaCakes118
Size

289KB
MD5

b07cc95174bc11717bd65071260afa45
SHA1

f691cb83ba999dbddc1b389e2f4d187df01767e3
SHA256

ac65daa6cd1e3c12a15d0ad3b6a2524790a6a18f0ebdeaf9709927ce9f0989f2
SHA512

339a51ae5a32a32d249f19d639d73107da43df328cca1367aeae6fb6b2887ffbfaa1deff01f2cf98fd02c4b61ec4b730a60849a9b1d61e08f03b984aec94fb3f
SSDEEP

6144:jXRd2qvor1YCi5K6jy0lQba6BhO7Vo3muOU:for1YFJ/Ma6BhOu3POU

Score

1^/10

Malware Config

Signatures

Files

b07cc95174bc11717bd65071260afa45_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b5d7abd0aa807790234d7049e49863d8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:62:58:22:4b:e2:96:6e:32:66:0b:fa:22:f6:a4:bc
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/12/2010, 00:00

Not After

12/01/2013, 23:59

Subject

CN=Gameforge Productions GmbH,O=Gameforge Productions GmbH,L=Karlsruhe,ST=Baden-Wuerttemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

98:8f:85:d9:47:14:a0:e9:fa:7f:05:c1:d8:18:fe:cc:17:ac:0a:75
Signer

Actual PE Digest

98:8f:85:d9:47:14:a0:e9:fa:7f:05:c1:d8:18:fe:cc:17:ac:0a:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeA
lstrlenW
GetCommandLineA
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
GetFileTime
LocalFree
FormatMessageA
CompareStringW
CompareStringA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetModuleHandleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
SetFilePointer
FlushFileBuffers
ReadFile
GetConsoleMode
CreateEventA
EnterCriticalSection
LeaveCriticalSection
FreeResource
GetFileAttributesA
DeviceIoControl
CreateFileA
GetSystemInfo
GetVolumeInformationA
GetDiskFreeSpaceExA
GetCurrentProcess
GetProcessHeap
HeapAlloc
HeapFree
GetVersionExA
ProcessIdToSessionId
Process32First
Process32Next
CreateToolhelp32Snapshot
GetProcAddress
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
ReleaseMutex
LCMapStringA
SetErrorMode
MoveFileExA
CreateMutexA
CloseHandle
CreateThread
SetLastError
FreeLibrary
LoadLibraryA
GetTickCount
Sleep
GlobalMemoryStatus
GetSystemDirectoryA
GetTempPathA
CopyFileA
CreatePipe
GetStartupInfoA
PeekNamedPipe
MoveFileA
GetDriveTypeA
GetLastError
SetFileTime
GetConsoleCP
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
HeapSize
SetFileAttributesA
MultiByteToWideChar
WideCharToMultiByte
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCurrentThreadId
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
SetEnvironmentVariableA

user32

GetProcessWindowStation
ReleaseDC
GetWindowDC
GetWindowRect
SystemParametersInfoA
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
OpenClipboard
keybd_event
MapVirtualKeyA
mouse_event
GetDesktopWindow
CloseDesktop
SwitchDesktop
OpenDesktopA
GetUserObjectInformationA
OpenInputDesktop
PostMessageA
GetClassNameA
FindWindowA
EnumDesktopWindows
SetThreadDesktop
GetThreadDesktop
CloseWindowStation
GetCursorPos
OpenWindowStationA
SetProcessWindowStation

gdi32

DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
GdiFlush
BitBlt
GetDIBits
GetSystemPaletteEntries
CreatePalette
SelectPalette
RealizePalette
GetObjectA
CreateBitmap
SelectObject
SetPixel
GetBitmapBits
DeleteObject
CreateDCA
GetDeviceCaps

advapi32

SetSecurityDescriptorDacl
RevertToSelf
LookupAccountSidA
GetTokenInformation
RegOpenKeyA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteKeyA
StartServiceA
OpenSCManagerA
CreateServiceA
OpenServiceA
CloseServiceHandle
LogonUserA
CreateProcessAsUserA
FreeSid
GetKernelObjectSecurity
GetSecurityDescriptorDacl
SetEntriesInAclA
MakeAbsoluteSD
ImpersonateLoggedOnUser
SetKernelObjectSecurity
AllocateAndInitializeSid
BuildTrusteeWithSidA
DuplicateTokenEx
SetTokenInformation
OpenProcessToken
RegCloseKey

shell32

SHFileOperationA
CommandLineToArgvW

ole32

CoInitialize
CoCreateInstance

dnsapi

DnsFlushResolverCache
DnsQuery_A
DnsRecordListFree

ws2_32

select
inet_ntoa
inet_addr
gethostbyname
gethostname
ntohs
getpeername
WSACleanup
shutdown
htons
recvfrom
__WSAFDIsSet
send
WSADuplicateSocketA
WSAIoctl
getsockname
ntohl
WSAGetLastError

netapi32

NetUserAdd
NetLocalGroupAddMembers
NetApiBufferFree
NetUserEnum
NetUserDel
NetUserSetInfo

psapi

EnumProcessModules
GetModuleBaseNameA
GetModuleFileNameExA
EnumProcesses

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Exports

Exports

Hello

Sections

.text
Size: 184KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5d7abd0aa807790234d7049e49863d8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

56:62:58:22:4b:e2:96:6e:32:66:0b:fa:22:f6:a4:bcCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

98:8f:85:d9:47:14:a0:e9:fa:7f:05:c1:d8:18:fe:cc:17:ac:0a:75Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

dnsapi

ws2_32

netapi32

psapi

wtsapi32

userenv

Exports

Exports

Sections

.text Size: 184KB - Virtual size: 182KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 28KB - Virtual size: 43KB

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 12KB - Virtual size: 11KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

56:62:58:22:4b:e2:96:6e:32:66:0b:fa:22:f6:a4:bc
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

98:8f:85:d9:47:14:a0:e9:fa:7f:05:c1:d8:18:fe:cc:17:ac:0a:75
Signer

.text
Size: 184KB - Virtual size: 182KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 28KB - Virtual size: 43KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 12KB - Virtual size: 11KB