d28f78cd41aa4e8e23024306573d91b1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d28f78cd41aa4e8e23024306573d91b1_JaffaCakes118
Size

259KB
MD5

d28f78cd41aa4e8e23024306573d91b1
SHA1

5c87b4ed3a187cf3c5bba4abd482a7b9e910c8d1
SHA256

e29b9140014742bab286300cf116232f526093ac90338b0866f4ed85437cf5a6
SHA512

94a52df1555a92f16ef5cf905540966cb3bbbee223fbcb95d9f452783a13209d6aa56fb06db656407a1ee31234694c8480bcaa1ac6dc6b686e72fab7bab18596
SSDEEP

6144:9ktpCGVckVM/SQ7k26AS7109xbWYvZP7qVmfcPiFUjGX:bGVof7k2071LGX

Score

1^/10

Malware Config

Signatures

Files

d28f78cd41aa4e8e23024306573d91b1_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

e942f6268129b3df7ddc8b41fb7555f1

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:e0:34:66:c4:b6:3e:a4:cb:67:1a:24:51:97:89:fd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

07/05/2008, 09:26

Not After

07/05/2009, 09:26

Subject

CN=Adyplus Co. Ltd,OU=Marketing Team,O=Adyplus Co. Ltd,L=Jungnang-gu\ ,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHQueryValueExA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

mfc42

ord818
ord3742
ord924
ord860
ord922
ord6930
ord2818
ord2764
ord926
ord4278
ord6928
ord6663
ord536
ord6648
ord668
ord1980
ord2770
ord356
ord923
ord2781
ord6883
ord3178
ord5861
ord6143
ord801
ord4204
ord541
ord3874
ord6880
ord941
ord940
ord1228
ord2393
ord690
ord5207
ord3229
ord6059
ord389
ord539
ord1601
ord2814
ord928
ord3810
ord5934
ord1567
ord268
ord2089
ord2860
ord6597
ord6650
ord6591
ord6807
ord6857
ord6823
ord6855
ord6832
ord6859
ord6867
ord6847
ord6814
ord6839
ord6846
ord6858
ord6816
ord6815
ord6812
ord6845
ord6856
ord6808
ord6835
ord4589
ord4588
ord4899
ord4370
ord4892
ord6817
ord5076
ord3402
ord4347
ord4720
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord5240
ord5281
ord3748
ord1725
ord5260
ord6750
ord6691
ord4432
ord6478
ord6514
ord6800
ord4463
ord4274
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord3953
ord2725
ord1131
ord3626
ord2414
ord795
ord609
ord6215
ord6242
ord5981
ord2575
ord4396
ord3574
ord3721
ord3619
ord1641
ord2078
ord2116
ord861
ord4398
ord2578
ord4218
ord2023
ord2411
ord2379
ord4275
ord656
ord825
ord567
ord3610
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord533
ord5194
ord5465
ord6874
ord1997
ord798
ord354
ord5186
ord5442
ord6385
ord2803
ord1979
ord665
ord2919
ord3021
ord4299
ord6605
ord1644
ord6270
ord2121
ord6612
ord4269
ord2438
ord3663
ord808
ord3654
ord2584
ord4220
ord3731
ord3396
ord2862
ord2864
ord6705
ord537
ord6199
ord6784
ord823
ord540
ord6877
ord535
ord6282
ord6283
ord5710
ord858
ord800
ord4202
ord2614
ord2915
ord5572
ord2096
ord1168
ord1146
ord6903
ord6467
ord686
ord384
ord6502
ord6614
ord6740
ord4078
ord6055
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord4340

msvcrt

wcslen
_CxxThrowException
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
_mbsrchr
_mbslwr
strcmp
_ftol
memcmp
_purecall
strcat
realloc
setlocale
calloc
atol
strncpy
tolower
isalnum
sprintf
ftell
_strnicmp
_stat
__CxxFrameHandler
_mbscmp
strlen
memset
div
fwrite
malloc
strcpy
_getcwd
_chdir
_splitpath
fread
fseek
fopen
abs
fclose
strchr
free
_mbschr
memcpy
time
srand
rand
atoi

kernel32

GetVersionExA
GetCurrentThread
SetLastError
OpenProcess
GetExitCodeProcess
TerminateProcess
HeapReAlloc
GetVersion
GetModuleHandleA
GetCurrentProcess
FlushInstructionCache
lstrcpyW
GetCurrentThreadId
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DeleteFileA
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
FormatMessageA
LocalFree
GetProcessHeap
HeapAlloc
HeapFree
SizeofResource
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetLocalTime
CopyFileA
GetTempPathA
MoveFileA
GetFileAttributesA
CreateDirectoryA
CreateFileA
GetFileSize
CloseHandle
MultiByteToWideChar
GetModuleFileNameA
lstrlenA
lstrlenW
WideCharToMultiByte
GetSystemInfo
GetTickCount
FindResourceA
LoadResource
LockResource
GlobalLock
GlobalUnlock
GetLastError
LocalAlloc

user32

EnableWindow
LoadIconA
CloseClipboard
GetClipboardData
CreateWindowExA
wsprintfA
DestroyWindow
IsWindowVisible
CallNextHookEx
GetWindowThreadProcessId
SetWindowsHookExA
ShowWindow
DefWindowProcA
GetWindowLongA
CallWindowProcA
SetWindowLongA
GetActiveWindow
EnumChildWindows
RegisterWindowMessageA
SendMessageTimeoutA
GetParent
FindWindowExA
SetWindowTextA
IsWindow
GetMessageA
LoadBitmapA
SetMenuItemBitmaps
GetClassNameA
PeekMessageA
GetMenuStringA
GetSystemMetrics
GetDesktopWindow
GetDC
DestroyIcon
ReleaseDC
IsClipboardFormatAvailable
OpenClipboard
GetKeyState
InsertMenuA
CreatePopupMenu
CreateMenu
GetClientRect
GetFocus
SendMessageA
GetMenuItemCount
IsMenu
EqualRect
IntersectRect
AppendMenuA
ClientToScreen
CopyRect
DrawIconEx
TranslateMessage
DispatchMessageA

gdi32

CreateCompatibleBitmap
SelectObject
SetBkColor
ExtTextOutA
CreateSolidBrush
DeleteDC
CreateCompatibleDC
CreateFontA

advapi32

AdjustTokenPrivileges
RegCreateKeyA
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueA
SetNamedSecurityInfoA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
RegOpenKeyA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
RegQueryValueExA
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

comctl32

ImageList_ReplaceIcon
ImageList_GetIcon

ole32

CoCreateGuid
CoCreateInstance
ReleaseStgMedium
RegisterDragDrop
CoInitialize
CoUninitialize
StringFromGUID2

oleaut32

CreateErrorInfo
SysFreeString
VariantClear
SysAllocStringLen
LoadRegTypeLi
SysStringLen
VariantInit
SysAllocStringByteLen
SysStringByteLen
GetErrorInfo
SetErrorInfo
VariantChangeType
SysAllocString

atl

ord10
ord46
ord58
ord51
ord50
ord32
ord57
ord18
ord15
ord21
ord16
ord23
ord30
ord31
ord39
ord47
ord48
ord44
ord43
ord11

ws2_32

connect
setsockopt
select
recvfrom
sendto
socket
gethostbyname
closesocket
WSAStartup
WSACleanup
gethostname
htons
inet_ntoa
inet_addr

wininet

InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetErrorDlg
InternetOpenUrlA
InternetCloseHandle
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetGetCookieA
InternetOpenA
InternetSetCookieA
InternetSetStatusCallback

rpcrt4

UuidCreateSequential

imm32

ImmGetContext
ImmGetDefaultIMEWnd
ImmReleaseContext
ImmSetCompositionStringA
ImmGetCompositionStringA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e942f6268129b3df7ddc8b41fb7555f1

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

68:e0:34:66:c4:b6:3e:a4:cb:67:1a:24:51:97:89:fdCertificate

Extended Key Usages

Signer

Headers

File Characteristics

Imports

shlwapi

version

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

atl

ws2_32

wininet

rpcrt4

imm32

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 135KB

.rdata Size: 60KB - Virtual size: 58KB

.data Size: 12KB - Virtual size: 14KB

.rsrc Size: 28KB - Virtual size: 26KB

.reloc Size: 16KB - Virtual size: 13KB

01
Certificate

0a
Certificate

68:e0:34:66:c4:b6:3e:a4:cb:67:1a:24:51:97:89:fd
Certificate

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 60KB - Virtual size: 58KB

.data
Size: 12KB - Virtual size: 14KB

.rsrc
Size: 28KB - Virtual size: 26KB

.reloc
Size: 16KB - Virtual size: 13KB