d252ac6da833bf1f30a791030a09683a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d252ac6da833bf1f30a791030a09683a_JaffaCakes118
Size

172KB
MD5

d252ac6da833bf1f30a791030a09683a
SHA1

36d1c6e1780956f61ab85fe673943de3bb3a097b
SHA256

1444ba40ad7fb08f61ad4a14675f923199ef222fdcb50c1c9fcf88b919d5a27e
SHA512

340eb9ad6db57488d6ed4e7fce723b734fb226f01e121847213dd5b78f97dd4032d132ea7e3ccfd9e83203f0f5c25675af878349bf65aa8f5dd8b02785fa1b5c
SSDEEP

3072:KkhJB3sj+spvpeX5NWf+WQFH73GDU3vrKDh3kK+:Kkhr+pReNcyzGDh5kL

Score

1^/10

Malware Config

Signatures

Files

d252ac6da833bf1f30a791030a09683a_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

09e35056f30ffd9059910924ae6ee3ee

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:b1:54:e0:74:6b:42:4c:a2:8c:9c:31:0b:83:74:b2:4b
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

25/02/2015, 09:23

Not After

26/02/2016, 09:23

Subject

CN=Lucuma,O=Lucuma,L=Hod Hasharon,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f3:b1:de:7d:32:70:c7:2d:cb:06:bc:f0:94:8e:aa:99:03:55:91:7c
Signer

Actual PE Digest

f3:b1:de:7d:32:70:c7:2d:cb:06:bc:f0:94:8e:aa:99:03:55:91:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Toolbar2.0\injovo.newtoolbar\Rost.Fixed\ExtlessRELEASE_457\Output\sprz_DATE-2015-05-17\InProgress\Components\Binaries\Release\Extension32.pdb

Imports

rpcrt4

UuidToStringW
RpcStringFreeW

kernel32

InterlockedDecrement
DisableThreadLibraryCalls
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
InterlockedIncrement
MultiByteToWideChar
GetThreadLocale
SetThreadLocale
CloseHandle
GetVersionExW
LocalAlloc
SetStdHandle
CreateFileW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
FindResourceW
LocalFree
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleW
FindResourceExW
GetCurrentProcess
GetProcessHeap
HeapFree
HeapAlloc
FlushFileBuffers
WriteConsoleW
lstrcmpiW
SetEndOfFile
GetConsoleCP
GetStringTypeW
LCMapStringW
LoadLibraryW
OutputDebugStringW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
SetFilePointerEx
SetFilePointer
ReadConsoleW
HeapDestroy
HeapReAlloc
HeapSize
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
ReadFile
GetCommandLineA
GetCurrentThreadId
SetLastError
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetConsoleMode

user32

CharNextW

advapi32

IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegEnumValueW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyW
RegCloseKey
GetTokenInformation
OpenProcessToken
RegQueryValueExW

ole32

StringFromGUID2
CoCreateInstance
CoTaskMemFree
CLSIDFromProgID
CoTaskMemRealloc
CoCreateGuid
CoTaskMemAlloc

oleaut32

VariantCopy
DispCallFunc
LoadRegTypeLi
VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysAllocString
SysFreeString

shlwapi

PathRemoveFileSpecW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09e35056f30ffd9059910924ae6ee3ee

Code Sign

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

11:21:b1:54:e0:74:6b:42:4c:a2:8c:9c:31:0b:83:74:b2:4bCertificate

Extended Key Usages

Key Usages

f3:b1:de:7d:32:70:c7:2d:cb:06:bc:f0:94:8e:aa:99:03:55:91:7cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 109KB - Virtual size: 108KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 6KB - Virtual size: 17KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 12KB - Virtual size: 11KB

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:b1:54:e0:74:6b:42:4c:a2:8c:9c:31:0b:83:74:b2:4b
Certificate

f3:b1:de:7d:32:70:c7:2d:cb:06:bc:f0:94:8e:aa:99:03:55:91:7c
Signer

.text
Size: 109KB - Virtual size: 108KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 6KB - Virtual size: 17KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 11KB