bebdabf77934f6fee447a2e6f4f373f9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bebdabf77934f6fee447a2e6f4f373f9_JaffaCakes118
Size

499KB
MD5

bebdabf77934f6fee447a2e6f4f373f9
SHA1

33f9a5520db2cac737a380bd4c4130352f6602be
SHA256

c3d6911bb94538f9902b963eabd01e71caf8444d718999f7dd236af474946c1a
SHA512

768802bef247c770cd0c6d6b5e662e20cc40ea9204411f873dc0aaff4b8cb98e01e13cd4394cc44e7b857d963571005677a68145f4f22a2e42cf8684675917ce
SSDEEP

12288:tQHYCWP/uOdZogMgVVJmXMf+zeveLdwqU7apt/XkwJT+NFz:tQ4CWPxTMgVPmXpewwqXpLgf

Score

1^/10

Malware Config

Signatures

Files

bebdabf77934f6fee447a2e6f4f373f9_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

513f588760a773d958ef9af263e97a09

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12-05-1997 00:00

Not After

07-01-2004 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28-02-2001 00:00

Not After

06-01-2004 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-12-2000 08:00

Not After

12-11-2005 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:11:43:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-05-2002 00:55

Not After

25-11-2003 01:05

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2002 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
GetCurrentProcess
GetCurrentThread
CreateDirectoryA
FindClose
GetLocaleInfoA
SetFilePointer
lstrcmpA
IsValidCodePage
GetThreadLocale
ExpandEnvironmentStringsA
WinExec
ExitProcess
GetFileType
SetLastError
CompareFileTime
TerminateProcess
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedExchange
CopyFileA
SetFileAttributesA
AreFileApisANSI
SetFileApisToOEM
FindNextFileA
SetFileApisToANSI
FindFirstFileA
GetDiskFreeSpaceA
MulDiv
GetTempFileNameA
IsBadWritePtr
DisableThreadLibraryCalls
lstrcpyA
GetModuleHandleA
HeapDestroy
VirtualQuery
GetSystemInfo
VirtualProtect
GetSystemDefaultLCID
GetVersion
IsBadReadPtr
GetVersionExA
GlobalUnlock
GlobalLock
GetUserDefaultLCID
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetThreadPriority
CreateFileMappingA
MapViewOfFile
SetErrorMode
GetVolumeInformationA
FormatMessageA
GetStringTypeA
IsDBCSLeadByteEx
GetSystemDefaultLangID
GetFullPathNameA
GetPrivateProfileStringA
VirtualAlloc
VirtualFree
_llseek
_lopen
CreateSemaphoreA
CreateThread
_lread
ExitThread
WaitForSingleObject
Sleep
GetTempPathA
_lcreat
GlobalFree
GlobalAlloc
GetFileSize
_lclose
GlobalReAlloc
_lwrite
lstrcpynA
WriteFile
GetDriveTypeA
DeleteFileA
CreateFileA
CloseHandle
ReadFile
CompareStringW
CompareStringA
GetLastError
GetACP
GetCPInfo
GetModuleFileNameA
lstrlenA
MultiByteToWideChar
ReleaseSemaphore
lstrcmpiA
GetFileAttributesA
LocalAlloc
InterlockedIncrement
WideCharToMultiByte
InterlockedDecrement
lstrlenW
GetTickCount
IsDBCSLeadByte
GetSystemDirectoryA
lstrcatA
LoadLibraryA
GetProcAddress
GetShortPathNameA
FreeLibrary
RaiseException

msvcrt

malloc
_strnset
strncat
__CxxFrameHandler
??2@YAPAXI@Z
_vsnwprintf
_vsnprintf
free
??3@YAXPAX@Z
_onexit
__dllonexit
?terminate@@YAXXZ
_adjust_fdiv
_initterm
_wcsdup
wcschr
wcsstr
_wcsnicmp
isdigit
mbstowcs
_getdcwd
realloc
_msize
memmove
_strupr
_strdup
strtoul
isxdigit
_except_handler3
strtol
_itow
iswdigit
_wtoi
wcstok

user32

SetPropA
GetWindowDC
DispatchMessageA
TranslateMessage
IsDialogMessageA
PeekMessageA
SetClassLongA
LoadStringA
MapWindowPoints
SetParent
EndPaint
BeginPaint
SetRectEmpty
IntersectRect
SetCapture
GetCapture
CharLowerA
CharUpperA
SetDlgItemTextA
WaitMessage
DispatchMessageW
PeekMessageW
LoadImageA
SetWindowRgn
OffsetRect
EqualRect
GetCursor
PostQuitMessage
BringWindowToTop
UpdateWindow
IsIconic
SetForegroundWindow
GetWindowPlacement
RegisterWindowMessageA
GetWindowThreadProcessId
EnumWindows
DrawFocusRect
FindWindowA
GetForegroundWindow
IsZoomed
DrawTextA
FrameRect
DestroyAcceleratorTable
LoadAcceleratorsA
OemToCharBuffA
LoadStringW
ShowScrollBar
CharPrevA
CharToOemA
SetDlgItemTextW
MessageBoxW
InsertMenuItemA
InsertMenuItemW
TranslateAcceleratorA
CreateAcceleratorTableA
CopyAcceleratorTableA
DrawEdge
ReleaseCapture
KillTimer
SetTimer
GetDlgItemTextA
AppendMenuW
CharLowerW
GetClassInfoExA
SetScrollRange
RemovePropA
GetScrollInfo
SetScrollInfo
IsChild
IsRectEmpty
GetSysColor
GetSystemMenu
SetMenuItemInfoA
SetMenuItemInfoW
ModifyMenuA
ModifyMenuW
CheckMenuItem
GetCursorPos
ClientToScreen
DestroyMenu
PostMessageA
GetFocus
GetMenu
EnableMenuItem
GetActiveWindow
GetDesktopWindow
LoadIconA
RegisterClassW
GetDC
ReleaseDC
IsWindowVisible
CreateWindowExW
RegisterClassA
CreateWindowExA
UnregisterClassA
DefWindowProcW
DefWindowProcA
CreatePopupMenu
TrackPopupMenuEx
GetWindowTextLengthA
GetWindowTextA
CharNextA
CreateDialogParamW
CreateDialogParamA
LoadBitmapA
GetSystemMetrics
EnumChildWindows
SetWindowLongA
IsWindowEnabled
SetWindowTextW
SetWindowTextA
GetClassNameA
DestroyWindow
LoadCursorA
SetCursor
GetDlgCtrlID
GetWindowLongA
GetNextDlgGroupItem
GetKeyState
GetNextDlgTabItem
SendMessageA
EnableWindow
GetWindowRect
SetFocus
ShowWindow
GetParent
SetWindowPos
InvalidateRect
GetClientRect
GetDlgItem
IsWindow
GetPropA
FillRect
SendDlgItemMessageA
AppendMenuA
TrackPopupMenu
GetWindow
GetSubMenu
CopyRect
DialogBoxParamW
DialogBoxParamA
ScreenToClient
PtInRect
MessageBoxA
EndDialog
SendMessageW
GetWindowTextW
GetWindowTextLengthW
IsWindowUnicode
CallWindowProcW
CallWindowProcA
GetWindowLongW
SetWindowLongW
WinHelpA
SystemParametersInfoA
SetMenu
MoveWindow
SetScrollPos
LoadMenuA
InflateRect

gdi32

CreateRectRgnIndirect
OffsetWindowOrgEx
GetTextMetricsA
TranslateCharsetInfo
SetBkMode
SetROP2
CreatePatternBrush
CreateBitmap
SetBrushOrgEx
CreateDIBSection
CreateFontW
CreateFontIndirectA
ExtTextOutW
CreateFontIndirectW
GetTextExtentPointW
RestoreDC
SaveDC
LPtoDP
SetWindowOrgEx
SetViewportOrgEx
GetDeviceCaps
CreatePalette
CreateICA
CreateDCA
GetNearestColor
CreateSolidBrush
SelectPalette
RealizePalette
GetClipBox
SetMapMode
DPtoLP
SetTextColor
SetBkColor
ExtTextOutA
GetTextExtentPointA
CreateFontA
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
BitBlt
SetPixel
GetStockObject
GetTextExtentPoint32W
GetTextExtentPoint32A
DeleteDC
UnrealizeObject
DeleteObject
GetObjectA

advapi32

OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegSetValueA
RegEnumKeyExA
FreeSid
GetUserNameA
InitializeAcl
GetNamedSecurityInfoA
ImpersonateSelf
OpenThreadToken
RegCloseKey
MapGenericMask
AccessCheck
RevertToSelf
AllocateAndInitializeSid
SetEntriesInAclA
SetNamedSecurityInfoA

shell32

SHGetPathFromIDListA
ShellExecuteA
SHGetSpecialFolderLocation

comctl32

ImageList_Destroy
ImageList_LoadImageA
ImageList_GetImageCount
CreatePropertySheetPageA
PropertySheetA
ImageList_Draw
ImageList_GetIconSize
ImageList_Add
ImageList_Create
ord17

ole32

CoTaskMemAlloc
StringFromCLSID
CreateBindCtx
OleInitialize
OleUninitialize
CoGetMalloc
CoTaskMemFree
CoGetClassObject
CLSIDFromProgID
CreateOleAdviseHolder
StgCreateDocfile
OleCreate
OleSetContainedObject
CoCreateInstance

oleaut32

SysFreeString
DispGetParam
VariantInit
SetErrorInfo
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
VariantChangeType
SysAllocString
SysStringLen
SysAllocStringLen
VariantClear

shlwapi

StrChrA
StrCpyNW
StrCmpNIW
StrCmpNIA
StrCmpW
StrPBrkA
StrChrW
StrChrIA
StrCmpNA
StrCmpIW
StrStrA

Exports

Exports

AuthorMsg
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
HhWindowThread
HtmlHelpA
HtmlHelpW
LoadHHA
doWinMain

Sections

.text
Size: 383KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

513f588760a773d958ef9af263e97a09

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

61:07:11:43:00:00:00:00:00:34Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 383KB - Virtual size: 383KB

.data Size: 1024B - Virtual size: 6KB

.rsrc Size: 85KB - Virtual size: 84KB

.reloc Size: 22KB - Virtual size: 22KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

61:07:11:43:00:00:00:00:00:34
Certificate

.text
Size: 383KB - Virtual size: 383KB

.data
Size: 1024B - Virtual size: 6KB

.rsrc
Size: 85KB - Virtual size: 84KB

.reloc
Size: 22KB - Virtual size: 22KB