bef24d75a262e3a9a62a6e49e5a56a86_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bef24d75a262e3a9a62a6e49e5a56a86_JaffaCakes118
Size

410KB
MD5

bef24d75a262e3a9a62a6e49e5a56a86
SHA1

7a0c76c6ee132e582e6339ea842a6bacb62c91a0
SHA256

2d0442fdb2091059ee3ed48b45f71ba3a46729eefc376faf9a9097944d291a67
SHA512

20317d9556068d0ca5d1f483302ba2e5975d9bbbe7360e4bf20e71e95f47b8229b962754aeac4c55e9b0c69016044939f577ac60e24628345424b9dcafccfaee
SSDEEP

12288:bxRL9YTVFU+sXJxQt8S1cs83sZj0iaM7B:DL+TVybZscN8ZjpaMV

Score

1^/10

Malware Config

Signatures

Files

bef24d75a262e3a9a62a6e49e5a56a86_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

571beaa1b9b388fcb5ef770a866714e0

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

46:24:1c:de:5c:7b:50:0b:51:c5:f1:32:82:28:f2:a9
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

28/01/2011, 00:00

Not After

27/01/2013, 23:59

Subject

CN=Zugo Ltd,O=Zugo Ltd,POSTALCODE=JE4 9NU,STREET=37 Broad St.+STREET=1st Floor+STREET=PO Box 36,L=St Helier,ST=Jersey,C=JE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2a:da:6b:ef:4f:f4:24:e3:f7:fb:38:89:31:b5:2c:5e:11:87:04:21
Signer

Actual PE Digest

2a:da:6b:ef:4f:f4:24:e3:f7:fb:38:89:31:b5:2c:5e:11:87:04:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdiplus

GdipFree
GdipAlloc
GdipCreateSolidFill
GdipReleaseDC
GdipFillRectangleI
GdipDeleteBrush
GdipCloneBrush
GdiplusStartup
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipCreateFromHDC
GdipDrawImageRect
GdipGetImageHeight
GdipGetImageWidth
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFile
GdipCloneImage
GdipDisposeImage
GdipDeleteGraphics

uxtheme

DrawThemeParentBackground

kernel32

FindResourceExW
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
SetLastError
lstrlenW
GetModuleFileNameW
DisableThreadLibraryCalls
MultiByteToWideChar
CloseHandle
ReadFile
GetFileSize
CreateFileW
WideCharToMultiByte
GetLastError
lstrlenA
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpW
MulDiv
GetTickCount
GetProcAddress
GetModuleHandleW
lstrcmpiW
FreeLibrary
LoadLibraryExW
SetThreadLocale
GetThreadLocale
GetVersionExW
ExpandEnvironmentStringsW
GetFileAttributesW
LocalFree
LocalAlloc
LoadLibraryW
HeapAlloc
GetProcessHeap
HeapFree
FindResourceW
SystemTimeToFileTime
FileTimeToSystemTime
InterlockedExchange
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
WriteFile
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualProtect
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetCPInfo
GetACP
SetStdHandle
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetConsoleMode
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
LCMapStringA
GetStringTypeA
GetStringTypeW
GetSystemTime
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetOEMCP
IsValidCodePage
GetModuleHandleA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
LCMapStringW
SetFilePointer
GetConsoleCP
CreateFileA
Sleep
ExitProcess

user32

GetForegroundWindow
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetCursorPos
ChildWindowFromPoint
TrackPopupMenu
DrawTextW
MonitorFromPoint
DestroyMenu
SetMenuItemBitmaps
InsertMenuW
SetMenuInfo
CreatePopupMenu
IsWindowVisible
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
GetUpdateRect
GetSystemMetrics
DispatchMessageW
PostMessageW
GetAsyncKeyState
DestroyCaret
SetCaretPos
CopyRect
ShowCaret
CreateCaret
GetAncestor
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
IsChild
SetCapture
RedrawWindow
InvalidateRgn
ReleaseDC
ScreenToClient
TranslateMessage
ClientToScreen
CharNextW
GetSysColor
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SendMessageW
GetParent
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
KillTimer
SetTimer
MoveWindow
SetWindowTextW
CharLowerBuffW
wsprintfW
DefWindowProcW
GetWindowLongW
CallWindowProcW
GetDC
SetWindowPos
TrackMouseEvent
SetCursor
ShowWindow
GetClientRect
CreateWindowExW
RegisterClassExW
GetFocus
GetWindow
LoadCursorW
GetClassInfoExW
SetFocus
InvalidateRect
SetWindowLongW
IsWindow
DestroyWindow
UnregisterClassA
CreateAcceleratorTableW

gdi32

BitBlt
GetDeviceCaps
CreateSolidBrush
GetObjectW
CreateCompatibleDC
SetBkMode
CreateDIBSection
CreateFontW
GetTextExtentPoint32W
SetTextColor
CreateCompatibleBitmap
DeleteDC
GetStockObject
DeleteObject
SelectObject

advapi32

RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegEnumValueW
GetTokenInformation
OpenProcessToken
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
IsValidSid

shell32

ShellExecuteW

ole32

CoCreateInstance
CLSIDFromProgID
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromString
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromIID
OleRun

oleaut32

SysStringLen
DispCallFunc
LoadRegTypeLi
LoadTypeLi
VarBstrCat
VarBstrCmp
SysAllocStringLen
SysAllocString
SysStringByteLen
OleCreateFontIndirect
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VariantCopy
VariantClear
VariantInit
SysAllocStringByteLen
GetErrorInfo
SysFreeString

comctl32

ImageList_GetImageCount
ImageList_Destroy
InitCommonControlsEx

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

571beaa1b9b388fcb5ef770a866714e0

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

46:24:1c:de:5c:7b:50:0b:51:c5:f1:32:82:28:f2:a9Certificate

Extended Key Usages

Key Usages

2a:da:6b:ef:4f:f4:24:e3:f7:fb:38:89:31:b5:2c:5e:11:87:04:21Signer

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

uxtheme

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

Exports

Exports

Sections

.text Size: 290KB - Virtual size: 290KB

.rdata Size: 64KB - Virtual size: 64KB

.data Size: 17KB - Virtual size: 25KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 29KB - Virtual size: 29KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

46:24:1c:de:5c:7b:50:0b:51:c5:f1:32:82:28:f2:a9
Certificate

2a:da:6b:ef:4f:f4:24:e3:f7:fb:38:89:31:b5:2c:5e:11:87:04:21
Signer

.text
Size: 290KB - Virtual size: 290KB

.rdata
Size: 64KB - Virtual size: 64KB

.data
Size: 17KB - Virtual size: 25KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 29KB - Virtual size: 29KB