c8c3d3630166a1243f24d52d581efe31_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c8c3d3630166a1243f24d52d581efe31_JaffaCakes118
Size

428KB
MD5

c8c3d3630166a1243f24d52d581efe31
SHA1

7f74616348eb32b8c29aca86b7d300b477691caa
SHA256

12ca658360410852808d5fd63774b8d4ec6ec5d683467af3c13a36ad693907bc
SHA512

6ba86803ff5a5d48148226376803e4dafd01ff09291107ddebb124ddce1733fd5b565b85288668cacadbfc99de406ee724bd44f8794330e299429e661e29840d
SSDEEP

3072:/pZZSxp81s14tsQq3GU4H+mow0uVIdp/jQ2uz3RHscSZbO44cVSKblekFF081NUl:/pOxqs1AkIH+mhCn/jQ2uTFJwXQ9

Score

1^/10

Malware Config

Signatures

Files

c8c3d3630166a1243f24d52d581efe31_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

1e38022dfb9ae9828e707ffe4998b994

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3f:75:b6:fa:72:b8:cd:e3:36:a6:15:50:c7:09:78:d2
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/03/2014, 00:00

Not After

09/06/2016, 23:59

Subject

CN=Reimage Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Reimage Limited,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:7a:78:88:aa:39:a0:2f:30:5f:34:72:e0:7b:2c:a1:f7:da:7e:35
Signer

Actual PE Digest

23:7a:78:88:aa:39:a0:2f:30:5f:34:72:e0:7b:2c:a1:f7:da:7e:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\REI_WS1\Production\Release\Win32\REI_AxControl.efix.pdb

Imports

rei_engine

get_REScanResults_exported_
RE_ExecuteRepair_exported_
get_RE_isActivated_exported_
get_isReimageRepairActivated_exported_
get_RE_isReimageRepairInstalled_exported_
RE_StartReimageRepair_exported_
RE_ActivateKey_exported_
reinstallUpdates_exported_
get_UsageStr_exported_
launchPostRebootScreenAfterReupdate_exported_
RE_SetActiveXLoaded_exported_
_getValue_exported_
_getStringValue_exported_
put_IsFirstRun_exported_
put_quickScanInterval_exported_
get_ShouldPay_exported_
readFromIni_exported_
writeToIni_exported_
measureLoadUpTime_exported_
get_IsFirstRun_exported_
setProperty_exported_
put_HWFreqSignal_exported_
stopQuickInit_exported_
pauseQuickInit_exported_
preCheck_exported_
ShowBoosterMsgs_exported_
StartBooster_exported_
SetAgent_exported_
RE_InitExpress_exported_
ExitContainer_exported_
get_IsInContainer_exported_
get_RunInTrayIcon_exported_
put_RunInTrayIcon_exported_
get_ExeName_exported_
showBalloon_exported_
_showBalloon_exported_
deleteMalwareList_exported_
SetMalewareComponent_exported_
PostReimageAntivirusScan_exported_
GetDocumentByUrl_exported_
GetFrameDocument_exported_
_registerUseWatchdogPing_exported_
_registerDownloadErrorsCheck_exported_
_dispatchCalls_exported_
get_NextCommand_exported_
setDriverEnabled_exported_
setIsBootCD_exported_
put_UpdateVerURL_exported_
get_RERepairResults_exported_
sendMsg_exported_
getMultiOS_exported_
setMultiOS_exported_
SetStartup_exported_
SetService_exported_
SetReiConfig_exported_
HideWindow_exported_
put_Username_exported_
get_Username_exported_
get_SystemDriveFreeSpaceStr_exported_
get_SystemDriveFreeSpace_exported_
get_SpeedKBSec_exported_
put_InstallAgent_exported_
put_MinorSessionID_exported_
get_MinorSessionID_exported_
get_LastRepairDate_exported_
get_SessionID_exported_
put_LoggerUrl_exported_
put_EventsUrl_exported_
get_EventsUrl_exported_
put_MainIniUrl_exported_
get_MainIniUrl_exported_
setUndo_exported_
Restore_exported_
RebootSafemode_exported_
Reboot_exported_
SimpleReboot_exported_
put_ShowConsole_exported_
get_ShowConsole_exported_
put_IsCleanupEnabled_exported_
get_IsCleanupEnabled_exported_
put_IsRepairEnabled_exported_
get_IsRepairEnabled_exported_
Fix_exported_
Resume_exported_
Pause_exported_
openPostPayDefaultBrowser_exported_
SignalClose_exported_
Stop_exported_
Analyze_exported_
QuickInit_exported_
CommandLine_exported_
_endUpdate_exported_
_beginUpdate_exported_
_setValueDouble_exported_
_setValueInt_exported_
_setValue_exported_
SetValue_exported_
GetValue_exported_
UnRegisterCallback_exported_
RegisterCallbackStr_exported_
RegisterCallback_exported_
FinalConstruct_exported_
InterfaceSupportsErrorInfo_exported_
RE_GetModuleRepairResults_exported_
RE_GetModuleScanResults_exported_
get_RERestorePointRemovalResults_exported_
get_REPreviousRepairResults_exported_
get_REPreviousScanResults_exported_
get_RERestorePointsInfo_exported_
get_RESysInfo_exported_
get_REModuleList_exported_
RE_StartRestorePointInfoScan_exported_
RE_ExecuteScan_exported_
RE_SetRepairParams_exported_
WriteToLog_exported_
RE_SetModuleRepairParams_exported_
RE_SetScanParams_exported_
RE_SetModuleScanParams_exported_
put_CampaignTrack_exported_
get_CampaignTrack_exported_
put_PostRebootPath_exported_
put_UsageStr_exported_
RE_InvokeLink_exported_
RE_RestoreSystem_exported_
RE_RemoveRestorePoints_exported_
RE_SetRestorePoint_exported_
RE_ScanHomePage_exported_
RE_ScanSearchEngine_exported_
RE_RepairToolbarInfo_exported_
RE_ScanToolbarInfo_exported_
RE_ScanStabilityInfo_exported_
RE_RepairStartupInfo_exported_
RE_ScanStartupInfo_exported_
RE_CollectSystemInfo_exported_
RE_ResetExpress_exported_
RE_ResumeExpress_exported_
RE_PauseExpress_exported_
RE_StopExpress_exported_

kernel32

HeapCreate
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStdHandle
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
WriteFile
ExitProcess
GetCommandLineA
VirtualQuery
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
RtlUnwind
EncodePointer
DecodePointer
VirtualProtect
IsDebuggerPresent
TlsFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LoadLibraryW
LCMapStringW
GetStringTypeW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
CreateFileW
FlushFileBuffers
GetCurrentThreadId
MulDiv
FlushInstructionCache
lstrcmpW
GetCurrentProcessId
GetThreadLocale
SetThreadLocale
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
lstrcmpiW
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
GetProcAddress
GetCurrentProcess
SetLastError
CloseHandle
GetSystemInfo

user32

PtInRect
CharNextW
DestroyWindow
DefWindowProcW
SetWindowLongW
GetWindowLongW
ShowWindow
GetClassInfoExW
LoadCursorW
ReleaseDC
CreateWindowExW
RegisterClassExW
GetKeyState
InvalidateRect
IsWindow
GetFocus
IsChild
SetFocus
UnionRect
UnregisterClassA
CallWindowProcW
BeginPaint
GetClientRect
EndPaint
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
GetDC

gdi32

SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
DeleteDC
RestoreDC
CreateDCW
CreateRectRgnIndirect
SetTextAlign
LPtoDP
GetDeviceCaps
TextOutW

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CreateOleAdviseHolder
OleRegEnumVerbs
OleRegGetUserType
OleRegGetMiscStatus
WriteClassStm
OleSaveToStream
ReadClassStm

oleaut32

LoadRegTypeLi
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
OleCreatePropertyFrame

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e38022dfb9ae9828e707ffe4998b994

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

3f:75:b6:fa:72:b8:cd:e3:36:a6:15:50:c7:09:78:d2Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

23:7a:78:88:aa:39:a0:2f:30:5f:34:72:e0:7b:2c:a1:f7:da:7e:35Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rei_engine

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 110KB - Virtual size: 109KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 9KB - Virtual size: 16KB

.rsrc Size: 248KB - Virtual size: 247KB

.reloc Size: 15KB - Virtual size: 14KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3f:75:b6:fa:72:b8:cd:e3:36:a6:15:50:c7:09:78:d2
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

23:7a:78:88:aa:39:a0:2f:30:5f:34:72:e0:7b:2c:a1:f7:da:7e:35
Signer

.text
Size: 110KB - Virtual size: 109KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 9KB - Virtual size: 16KB

.rsrc
Size: 248KB - Virtual size: 247KB

.reloc
Size: 15KB - Virtual size: 14KB