c07cf25f77581a00644450cbf5d340d1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c07cf25f77581a00644450cbf5d340d1_JaffaCakes118
Size

404KB
MD5

c07cf25f77581a00644450cbf5d340d1
SHA1

5d506bfe0aaebc2533780a75fd8d9cf6d718f5ca
SHA256

c31735dd109b95da2ac19c887fda2e49c7f1f0dedd3f7366e68cfe661a10d52c
SHA512

449fc98b6218320046ac5431a5a0e8e8735242e50b61648673d8cc03808308730bd53edf900fd8d61ad5ae5a5de9673ed9ac8c8919d2b0b9e518f0d5a0553a85
SSDEEP

6144:HVGv/nxEVH1mxXbZO0BdPoTRhNou7vt8U7kTs2pvI2GNFMf5m:HVGv/xEVVL0IlXdA

Score

1^/10

Malware Config

Signatures

Files

c07cf25f77581a00644450cbf5d340d1_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

31f4ff25fa61f14776e18c185fbc2771

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:be:db:2a:9b:36:c8:6f:3c:c8:5a:24:9b:fb:d2:ec
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18/05/2009, 00:00

Not After

26/06/2011, 23:59

Subject

CN=Apple Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Apple Inc.,L=Cupertino,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

72:03:72:15:88:6c:cd:a4:50:b4:2e:f5:5d:46:a5:f3:c0:8a:da:9f
Signer

Actual PE Digest

72:03:72:15:88:6c:cd:a4:50:b4:2e:f5:5d:46:a5:f3:c0:8a:da:9f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\bwa\QuickTimeWin-1327.80\srcroot\BuildResults\NoSym\QTUIPanelControl.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

comctl32

ord17
ImageList_LoadImageW
ImageList_Destroy

kernel32

WaitForSingleObject
CreateMutexA
GetCurrentProcessId
LoadLibraryA
GetModuleHandleA
GetSystemDirectoryA
GetVersionExA
GetFileAttributesA
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
Sleep
GetDriveTypeA
GetStdHandle
WriteFile
ExitProcess
IsValidCodePage
GetOEMCP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
ReleaseMutex
HeapCreate
HeapDestroy
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualProtect
GetFullPathNameA
RtlUnwind
HeapReAlloc
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetACP
InterlockedExchange
GetSystemTimeAsFileTime
SetEnvironmentVariableA
SetEnvironmentVariableW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCurrentDirectoryA
CompareStringA
CompareStringW
CloseHandle
GetProcAddress
GetModuleFileNameA
GetThreadLocale
SetThreadLocale
GetModuleHandleW
LoadLibraryExW
SizeofResource
FreeLibrary
GetModuleFileNameW
lstrcmpW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
GlobalHandle
GlobalFree
LoadResource
LockResource
GlobalLock
GetTickCount
GlobalUnlock
GetCurrentThreadId
SetLastError
MulDiv
FindResourceW
GlobalAlloc
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
SetErrorMode
FindFirstFileA
FindNextFileA
FindClose
lstrcmpiW
DeleteCriticalSection
InitializeCriticalSection
GetLastError
WideCharToMultiByte
lstrlenA
OutputDebugStringW
DebugBreak
InterlockedIncrement
InterlockedDecrement
lstrlenW
MultiByteToWideChar
RaiseException
WriteConsoleW
CreateFileA
FlushFileBuffers

user32

GetSystemMetrics
GetMenuItemCount
DeleteMenu
AppendMenuW
EnableWindow
CharLowerW
CreateAcceleratorTableW
CopyAcceleratorTableW
IsDialogMessageW
GetNextDlgTabItem
UnionRect
PtInRect
IntersectRect
EqualRect
SetWindowRgn
EnumChildWindows
DestroyMenu
LoadIconW
GetDesktopWindow
BeginPaint
EndPaint
ReleaseCapture
GetClassNameW
SetCapture
RedrawWindow
InvalidateRgn
MoveWindow
CreateDialogIndirectParamW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
GetKeyState
GetWindowTextLengthW
GetWindowTextW
LoadBitmapW
wsprintfA
UnregisterClassA
DestroyAcceleratorTable
SetWindowTextW
SystemParametersInfoW
SetWindowContextHelpId
IsChild
GetWindow
SendDlgItemMessageW
ShowWindow
SetWindowPos
MapDialogRect
ClientToScreen
TrackPopupMenu
SetFocus
MessageBeep
GetActiveWindow
GetFocus
DrawFocusRect
CallWindowProcW
GetWindowLongW
SetWindowLongW
GetSysColor
DrawTextW
DefWindowProcW
PostMessageW
LoadStringW
IsWindow
GetDlgItem
GetParent
InvalidateRect
UpdateWindow
ReleaseDC
GetDC
ScreenToClient
GetClientRect
GetWindowRect
DestroyWindow
CreateWindowExW
SendMessageW
CreatePopupMenu
FillRect
InflateRect
OffsetRect
FrameRect
CharNextW
wvsprintfW
CopyRect
SetRect

gdi32

SetBkColor
CreatePen
SelectObject
RoundRect
GetTextColor
SetTextColor
DeleteObject
ExcludeClipRect
ExtTextOutW
SetBkMode
GetDeviceCaps
GetStockObject
RestoreDC
DeleteDC
CreateSolidBrush
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
CreateMetaFileW
CreateFontIndirectW
GetObjectW
SelectClipRgn
CreateRectRgn
SetViewportOrgEx
GetClipRgn
GetTextMetricsW
Rectangle
ExtSelectClipRgn
CreateDCW
GetTextExtentPoint32W
CreateRectRgnIndirect

comdlg32

CommDlgExtendedError
GetOpenFileNameW

advapi32

RegOpenKeyExA
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExA

ole32

OleRegEnumVerbs
CreateOleAdviseHolder
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleRegGetUserType
StringFromGUID2
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
OleRegGetMiscStatus
WriteClassStm
CreateDataAdviseHolder
OleSaveToStream
ReadClassStm
OleLockRunning

oleaut32

SysAllocStringLen
VarBstrCmp
RegisterTypeLi
UnRegisterTypeLi
OleCreatePropertyFrame
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysStringLen
VariantChangeType
OleTranslateColor
SysFreeString
VariantClear
VariantInit

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

31f4ff25fa61f14776e18c185fbc2771

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

1f:be:db:2a:9b:36:c8:6f:3c:c8:5a:24:9b:fb:d2:ecCertificate

Extended Key Usages

Key Usages

72:03:72:15:88:6c:cd:a4:50:b4:2e:f5:5d:46:a5:f3:c0:8a:da:9fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 232KB - Virtual size: 228KB

.rdata Size: 48KB - Virtual size: 46KB

.data Size: 16KB - Virtual size: 20KB

.rsrc Size: 24KB - Virtual size: 21KB

.reloc Size: 32KB - Virtual size: 29KB

.rsrc Size: 40KB - Virtual size: 40KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

1f:be:db:2a:9b:36:c8:6f:3c:c8:5a:24:9b:fb:d2:ec
Certificate

72:03:72:15:88:6c:cd:a4:50:b4:2e:f5:5d:46:a5:f3:c0:8a:da:9f
Signer

.text
Size: 232KB - Virtual size: 228KB

.rdata
Size: 48KB - Virtual size: 46KB

.data
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 24KB - Virtual size: 21KB

.reloc
Size: 32KB - Virtual size: 29KB

.rsrc
Size: 40KB - Virtual size: 40KB