d38c2152dce66702765b50210cceb8c7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d38c2152dce66702765b50210cceb8c7_JaffaCakes118
Size

54KB
MD5

d38c2152dce66702765b50210cceb8c7
SHA1

302b8cf39883c09b039e3887ad578a0021d1c155
SHA256

c003e3222f91c939747e636c554bd4d2d8090d88a38e77d539bdccb5a6d3ee65
SHA512

8db6eab00e4ea4007807a66fcecf16fa815a323512bbbcb21b5cc1c2639f9395b4460488ab6c13f0623cc99888d35cca00ac64e9b4e283258b7325277e789af9
SSDEEP

768:7WKzHupD1y1GRSEN/9QieY3Yn7AjKTeOdOhzN8ZRTTADOtruxeo9M2V:7RrD1ISEN11KTeuOhzN8ZRIsloeG

Score

1^/10

Malware Config

Signatures

Files

d38c2152dce66702765b50210cceb8c7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2fea3bc3db8904e1b65be34c6e6efd3c

Code Sign

01:a5
Certificate

Issuer

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Not Before

13/08/1998, 00:29

Not After

13/08/2018, 23:59

Subject

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

01:00:00:00:00:01:1f:71:6f:21:66
Certificate

Issuer

CN=Cybertrust SureServer CA,O=GlobalSign Inc

Not Before

13/02/2009, 19:59

Not After

13/02/2011, 19:59

Subject

CN=agreement.syniverse.com,OU=Crossroads,O=Syniverse Technologies Inc.,L=Tampa,ST=Florida,C=US,1.2.840.113549.1.9.1=#0c1f62656c696e64612e6a61626c6f6e736b694073796e6976657273652e636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

04:00:03:cb
Certificate

Issuer

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Not Before

16/02/2005, 19:14

Not After

16/02/2012, 23:59

Subject

CN=Cybertrust SureServer CA,O=GlobalSign Inc

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:c3:b9:93:8a:2b:37:e6:7d:6f:f4:b4:c3:f5:8a:0f:13:8b:d4:9f
Signer

Actual PE Digest

03:c3:b9:93:8a:2b:37:e6:7d:6f:f4:b4:c3:f5:8a:0f:13:8b:d4:9f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
CloseHandle
SetFileTime
GetFileTime
CreateFileA
LocalFree
LocalAlloc
GetComputerNameA
CreateThread
TerminateThread
WinExec
GetWindowsDirectoryA
GetEnvironmentVariableA
DeleteFileA
LoadLibraryA
OpenProcess
GetLastError
GetTempPathA
Sleep
TerminateProcess
GetTickCount
CreateMailslotA
WriteFile
GetMailslotInfo
ReadFile
WaitForMultipleObjects
WaitForSingleObject
CreateProcessA
ExpandEnvironmentStringsA
GetProcAddress
CopyFileA
FlushFileBuffers
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
HeapFree
HeapAlloc
SetFilePointer
GetFileType
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
VirtualAlloc
HeapReAlloc
SetStdHandle
SetHandleCount
GetStdHandle
GetStartupInfoA
SetEndOfFile
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings

dnsapi

DnsRecordListFree
DnsQuery_A

ws2_32

select
__WSAFDIsSet
recv
send
WSAStartup
htons
bind
connect
closesocket
gethostname
gethostbyname
inet_ntoa
inet_addr
socket

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2fea3bc3db8904e1b65be34c6e6efd3c

Code Sign

01:a5Certificate

01:00:00:00:00:01:1f:71:6f:21:66Certificate

Key Usages

04:00:03:cbCertificate

Key Usages

03:c3:b9:93:8a:2b:37:e6:7d:6f:f4:b4:c3:f5:8a:0f:13:8b:d4:9fSigner

Headers

File Characteristics

Imports

kernel32

dnsapi

ws2_32

psapi

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 13KB

.reloc Size: 4KB - Virtual size: 3KB

01:a5
Certificate

01:00:00:00:00:01:1f:71:6f:21:66
Certificate

04:00:03:cb
Certificate

03:c3:b9:93:8a:2b:37:e6:7d:6f:f4:b4:c3:f5:8a:0f:13:8b:d4:9f
Signer

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 13KB

.reloc
Size: 4KB - Virtual size: 3KB