b1eb364843ef26efc0072e8a53e7c50c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b1eb364843ef26efc0072e8a53e7c50c_JaffaCakes118
Size

171KB
MD5

b1eb364843ef26efc0072e8a53e7c50c
SHA1

28f214629737c58f2f10b8361beb6b862ad040b6
SHA256

777a2378913c5a0dbf83855948f3cc01a268cb2f721c53812750b0f0f352bb3d
SHA512

f532dcc831b465f32d24f582056e0f5200b30edb4c0d8dcd055dd58c1161d21a515e61e57aba52eab681d7c9c5c5af6f1138a166f6f50ab7f8adef4af77ab419
SSDEEP

3072:eKqfAEyScG680ykJCeI7ahKBEpad12Cq2o6qjeN8zwPf0P60r4jdYGzcRZw5Jml0:ayScG70DJCeI7GgE8d12Cq2oJjeN6UQc

Score

1^/10

Malware Config

Signatures

Files

b1eb364843ef26efc0072e8a53e7c50c_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

dbaa529bb696826bcc8725c46baa082c

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/05/2002, 00:55

Not After

25/11/2003, 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FileTimeToSystemTime
lstrcmpW
GetComputerNameA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
TerminateProcess
GetTempPathA
GetTempFileNameA
GetFileAttributesExW
SystemTimeToFileTime
GetSystemTimeAsFileTime
CompareFileTime
GetSystemDefaultLangID
lstrcmpA
ExpandEnvironmentStringsA
lstrcatA
lstrcpyA
CreateFileA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
LoadLibraryExA
FindResourceA
GetFileAttributesW
GetFileAttributesA
InitializeCriticalSection
DeleteFileW
DeleteFileA
CreateFileW
GetCommandLineA
CompareStringW
CompareStringA
FormatMessageW
FormatMessageA
Sleep
LoadResource
SizeofResource
FreeLibrary
lstrcpynA
HeapDestroy
lstrlenA
GetCurrentThreadId
lstrcmpiA
lstrlenW
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GetVersionExA
WriteFile
GetCurrentThread
GetCurrentProcess
LocalReAlloc
GetFileSize
ReadFile
CloseHandle
GetACP
MultiByteToWideChar
WideCharToMultiByte
GetLastError
LocalAlloc
LocalFree
LoadLibraryA
GetModuleHandleA
GetModuleFileNameA
GetProcAddress
SetLastError
EnterCriticalSection
LeaveCriticalSection
DisableThreadLibraryCalls
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection

msvcrt

_wcsnicmp
??3@YAXPAX@Z
_adjust_fdiv
??2@YAPAXI@Z
_purecall
wcscpy
wcslen
_except_handler3
wcscmp
wcscat
_wcsicmp
malloc
free
realloc
_ltoa
atol
_initterm
sprintf
isxdigit
isdigit
isupper
strncmp
strtoul

user32

MessageBoxW
MessageBoxA
GetWindowTextW
GetWindowTextA
CharNextA
wsprintfA
wsprintfW
DialogBoxParamA
GetWindowLongA
EndDialog
SetWindowLongA
SendDlgItemMessageA
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
SetFocus
LoadStringA
LoadStringW

advapi32

CryptSetProvParam
IsValidSecurityDescriptor
AllocateAndInitializeSid
OpenThreadToken
OpenProcessToken
DuplicateToken
GetTokenInformation
FreeSid
CryptAcquireContextA
CryptReleaseContext
CryptGetProvParam
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessDeniedAce
AddAccessAllowedAce
GetAce
EqualSid
InitializeAcl
GetAclInformation
GetSecurityDescriptorDacl
CryptDestroyKey
CryptSetKeyParam
CryptGetUserKey
CryptGetKeyParam
CryptExportKey
CryptGenKey
RegDeleteKeyA
RegQueryInfoKeyA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExW
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
RegDeleteValueA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExW
GetUserNameA
CryptGetHashParam
RegOpenKeyExW

rpcrt4

UuidCreate
UuidToStringA
UuidCompare
RpcStringFreeA

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTreatAsClass
CoTaskMemAlloc

oleaut32

LoadRegTypeLi
SysStringByteLen
SysStringLen
SysAllocStringLen
LoadTypeLi
RegisterTypeLi
VarI4FromStr
SetErrorInfo
SysAllocString
SysAllocStringByteLen
SysFreeString

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

crypt32

CertAddEncodedCRLToStore
CertAddSerializedElementToStore
CryptMsgOpenToDecode
CryptMsgUpdate
CryptMsgGetParam
CryptMsgClose
CertFreeCRLContext
CertAddEncodedCertificateToStore
CryptMemFree
CryptEnumOIDFunction
I_CryptInstallOssGlobal
CryptInstallOIDFunctionAddress
I_CryptGetOssGlobal
CryptExportPublicKeyInfo
CryptVerifyMessageSignature
CertStrToNameW
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertGetCertificateContextProperty
CryptEncodeObject
CertCloseStore
CertOpenStore
CertCompareCertificateName
CertDeleteCertificateFromStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertEnumCertificateContextProperties
CryptHashCertificate
CryptDecodeObject
CertSetCertificateContextProperty
CertFindCertificateInStore
CryptSignMessage
CertDuplicateStore
CertCreateCertificateContext
CertGetNameStringW
CryptEncryptMessage
PFXExportCertStore
CryptMsgOpenToEncode
CertFindExtension
CryptHashPublicKeyInfo
CryptSignCertificate

wininet

InternetCanonicalizeUrlW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
PIEnroll2GetNoCOM
PIEnroll4GetNoCOM
PIEnrollGetNoCOM

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbaa529bb696826bcc8725c46baa082c

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:07:11:43:00:00:00:00:00:34Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

advapi32

rpcrt4

ole32

oleaut32

version

crypt32

wininet

Exports

Exports

Sections

.text Size: 121KB - Virtual size: 121KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 27KB - Virtual size: 28KB

.reloc Size: 9KB - Virtual size: 9KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:07:11:43:00:00:00:00:00:34
Certificate

.text
Size: 121KB - Virtual size: 121KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 27KB - Virtual size: 28KB

.reloc
Size: 9KB - Virtual size: 9KB