b25211fffc9a09f41386992ed0774858_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b25211fffc9a09f41386992ed0774858_JaffaCakes118
Size

854KB
MD5

b25211fffc9a09f41386992ed0774858
SHA1

54bfacaacbfe22581094a7f6d4514548a0051fb5
SHA256

7e8a5319722c3e7c5f0d75d6e704cac3dd8f4f5295d12ecab6c453d31a20cdaa
SHA512

d9077ca9e9d04f14e99843be621e72fd6c1247b52f61c2b10c54d0436b50b23e501d2fbc0f2204042e914900b670ca12f9934a0262c980c22fedd1a0d1c7b131
SSDEEP

24576:ViIG/U1LdoGHP2uep43mNh6FQNPcRwojUIT7JLWKLdQr:VrN5HP2ffkFQNefT7Ju

Score

1^/10

Malware Config

Signatures

Files

b25211fffc9a09f41386992ed0774858_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

2f2fa07f8de1b1ef79d3d0b15b57eab5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17-11-2006 00:00

Not After

16-07-2036 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:3a:9e:a3:5e:e9:21:7f:92:33:ab:d6:4f:c3:88:c0
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

29-08-2011 00:00

Not After

04-09-2013 23:59

Subject

CN=Inbox.com\, Inc,OU=INBOX.COM,O=Inbox.com\, Inc,L=Wilmington,ST=DELAWARE,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
CreateErrorInfo
GetErrorInfo
SetErrorInfo
DispGetIDsOfNames
RegisterTypeLib
LoadTypeLibEx
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysFreeString
SysAllocStringLen

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegFlushKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegNotifyChangeKeyValue

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExW
CreateWindowExA
WindowFromDC
UpdateWindow
TranslateMessage
TranslateAcceleratorA
TrackPopupMenu
SystemParametersInfoA
ShowWindow
SetWindowRgn
SetWindowTextW
SetWindowTextA
SetWindowPos
SetWindowLongA
SetTimer
SetPropA
SetMenuItemInfoA
SetMenuInfo
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClassW
RegisterClassA
RedrawWindow
PtInRect
PostThreadMessageA
PostQuitMessage
PostMessageA
PeekMessageA
OffsetRect
MsgWaitForMultipleObjects
MoveWindow
MessageBoxW
MessageBoxA
LoadStringA
LoadImageA
LoadIconA
LoadCursorA
KillTimer
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
InvalidateRgn
InvalidateRect
InsertMenuItemW
InsertMenuItemA
InflateRect
GetWindowThreadProcessId
GetWindowTextLengthW
GetWindowTextLengthA
GetWindowTextW
GetWindowTextA
GetWindowRect
GetWindowLongA
GetUpdateRgn
GetSystemMetrics
GetSystemMenu
GetSysColor
GetPropA
GetParent
GetWindow
GetMessageTime
GetMenuItemInfoW
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenuInfo
GetKeyState
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDC
GetCursorPos
GetClientRect
GetClassNameA
GetClassLongA
GetClassInfoW
GetClassInfoA
GetCapture
FrameRect
FindWindowExA
FindWindowA
FillRect
EnumWindows
EnumChildWindows
EndPaint
EnableWindow
EnableMenuItem
DrawTextW
DrawEdge
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyAcceleratorTable
DeleteMenu
DefWindowProcW
DefWindowProcA
CreatePopupMenu
CreateMenu
CopyImage
ClientToScreen
CheckMenuRadioItem
CharUpperBuffW
CharNextW
CharLowerBuffW
CallWindowProcW
CallWindowProcA
BeginPaint
CharNextA
CharLowerBuffA
CharUpperBuffA
CharToOemA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
WritePrivateProfileStringA
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
TerminateThread
SystemTimeToFileTime
SizeofResource
SetThreadPriority
SetLastError
SetFileTime
SetFilePointer
SetFileAttributesA
SetEvent
SetErrorMode
SetEndOfFile
SearchPathA
ResumeThread
ResetEvent
RemoveDirectoryA
ReleaseMutex
ReadFile
OutputDebugStringA
OpenProcess
MultiByteToWideChar
LockResource
LocalFileTimeToFileTime
LoadResource
LoadLibraryExW
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalFree
GetVersionExA
GetUserDefaultLCID
GetTickCount
GetThreadLocale
GetTempPathA
GetTempFileNameA
GetStringTypeExW
GetStringTypeExA
GetStdHandle
GetShortPathNameA
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameW
GetFullPathNameA
GetFileInformationByHandle
GetFileAttributesA
GetExitCodeThread
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcess
GetCPInfo
GetACP
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageW
FormatMessageA
FindResourceW
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsA
EnumCalendarInfoA
EnterCriticalSection
DosDateTimeToFileTime
DeleteFileA
DeleteCriticalSection
CreateMutexA
CreateFileW
CreateFileA
CreateEventA
CreateDirectoryA
CompareStringW
CompareStringA
CloseHandle
Sleep
GetProcAddress
LoadLibraryA
GetModuleHandleA

msimg32

AlphaBlend

gdi32

TextOutW
StretchDIBits
StretchBlt
SetTextColor
SetROP2
SetPixel
SetDIBits
SetBkMode
SetBkColor
SelectObject
SelectClipRgn
RoundRect
Rectangle
RectVisible
MoveToEx
LineTo
GetTextExtentPoint32W
GetTextExtentPoint32A
GetStockObject
GetPixel
GetPaletteEntries
GetObjectA
GetDeviceCaps
GetDIBits
GetBkColor
ExtTextOutW
ExtTextOutA
DeleteObject
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreateRectRgn
CreatePen
CreatePalette
CreateFontIndirectA
CreateFontA
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CombineRgn
BitBlt

ole32

IsEqualGUID
CLSIDFromString
CoTaskMemFree
StringFromCLSID
CreateStreamOnHGlobal
OleSetMenuDescriptor
CoTaskMemFree
CLSIDFromString
StringFromCLSID
CoCreateInstance
CoLockObjectExternal
CoDisconnectObject
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
CoUninitialize
CoInitializeEx
CoInitialize
IsEqualGUID

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetDesktopFolder

wininet

InternetSetOptionA
InternetReadFile
InternetOpenUrlW
InternetOpenA
InternetCrackUrlA
InternetConnectA
InternetCloseHandle
HttpSendRequestA
HttpQueryInfoA
HttpOpenRequestA
HttpAddRequestHeadersA

shfolder

SHGetFolderPathA

comctl32

ImageList_GetIconSize
ImageList_DrawEx
InitCommonControls

urlmon

CoInternetGetSession

Exports

Exports

CheckDailyHitEx
CloseFirefox
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
InstallPlugin
IsFirefoxRunnig
ShowPanel
UpdatePlugins

Sections

.text
Size: 526KB - Virtual size: 526KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 305B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 270KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f2fa07f8de1b1ef79d3d0b15b57eab5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

26:3a:9e:a3:5e:e9:21:7f:92:33:ab:d6:4f:c3:88:c0Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

msimg32

gdi32

ole32

shell32

wininet

shfolder

comctl32

urlmon

Exports

Exports

Sections

.text Size: 526KB - Virtual size: 526KB

.itext Size: 2KB - Virtual size: 2KB

.data Size: 9KB - Virtual size: 8KB

.bss Size: - Virtual size: 20KB

.idata Size: 10KB - Virtual size: 10KB

.edata Size: 512B - Virtual size: 305B

.reloc Size: 28KB - Virtual size: 27KB

.rsrc Size: 270KB - Virtual size: 269KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

26:3a:9e:a3:5e:e9:21:7f:92:33:ab:d6:4f:c3:88:c0
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

.text
Size: 526KB - Virtual size: 526KB

.itext
Size: 2KB - Virtual size: 2KB

.data
Size: 9KB - Virtual size: 8KB

.bss
Size: - Virtual size: 20KB

.idata
Size: 10KB - Virtual size: 10KB

.edata
Size: 512B - Virtual size: 305B

.reloc
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 270KB - Virtual size: 269KB