d5bdd8db92eecfd2cfd556e13899d89c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d5bdd8db92eecfd2cfd556e13899d89c_JaffaCakes118
Size

356KB
MD5

d5bdd8db92eecfd2cfd556e13899d89c
SHA1

68aa64f1b995bf5e059538e4f13a22df9ea6a017
SHA256

91cdc5281e533311da4a9f505a1ef85d35459ee1bbef7950239822f2e77bc5b8
SHA512

b77ebd334e0e485d2127e7f48bd029aff0177129d24a04331a804d4f888240f2e1d8ef4191004169ab897efe19a696caa65226b0849fc1652438052067625720
SSDEEP

6144:AqTcVEl7gTCxl/vfxFbuzsHtISCxv2pTBqONHRbh1d:AqTcVEl7Gi/vQzypTsKL

Score

1^/10

Malware Config

Signatures

Files

d5bdd8db92eecfd2cfd556e13899d89c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6f331329a32e2cc082fcef5a73db1df1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:e5:15:41:2e:c8:f5:d9:c5:e5:5c:1e:25:f6:7a:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

03/09/2009, 00:00

Not After

24/09/2012, 23:59

Subject

CN=Acronis\, Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarter,O=Acronis\, Inc,L=South San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a4:83:4b:2c:fc:30:27:fc:6c:2f:fc:c8:d1:bf:46:fe:c9:4e:ce:4e
Signer

Actual PE Digest

a4:83:4b:2c:fc:30:27:fc:6c:2f:fc:c8:d1:bf:46:fe:c9:4e:ce:4e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\bs_hudson\workspace\tif10_u3_ln_2\54\exe\vs\release\german\standard\mc_registry_clean_dll_enterprise.pdb

Imports

advapi32

SetFileSecurityW
GetSecurityDescriptorOwner
GetFileSecurityW
SetThreadToken
RevertToSelf
OpenThreadToken
ImpersonateLoggedOnUser
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryInfoKeyA
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
GetUserNameW
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegEnumValueA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
GetUserNameA

kernel32

GetModuleFileNameW
FindClose
GetDriveTypeA
GetLastError
GetLogicalDrives
CloseHandle
SetFileApisToANSI
SetErrorMode
GetWindowsDirectoryA
GetCurrentDirectoryA
GetWindowsDirectoryW
GetCurrentDirectoryW
ResetEvent
SetEvent
GetCurrentThreadId
WaitForSingleObject
WaitForMultipleObjects
CreateEventA
FindCloseChangeNotification
FindNextChangeNotification
GetProcAddress
GetModuleHandleA
ReadFile
WriteFile
FlushFileBuffers
SetFilePointer
SetEndOfFile
LockFileEx
UnlockFileEx
SetProcessWorkingSetSize
GetProcessWorkingSetSize
GetCurrentProcess
DeviceIoControl
SetFileTime
SetLastError
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
CompareStringW
CreateFileW
FindFirstChangeNotificationW
DeleteFileW
MoveFileW
RemoveDirectoryW
CreateDirectoryW
GetVolumeInformationW
SetFileAttributesW
FindNextFileW
GetTempPathW
GetDiskFreeSpaceW
GetDriveTypeW
FindFirstFileW
GetCompressedFileSizeW
GetFileInformationByHandle
MoveFileExW
GetModuleFileNameA
WideCharToMultiByte
CompareStringA
CreateFileA
FindFirstChangeNotificationA
DeleteFileA
MoveFileA
CreateDirectoryA
RemoveDirectoryA
GetDiskFreeSpaceA
GetVolumeInformationA
WritePrivateProfileStringA
GetShortPathNameA
FindNextFileA
GetTempPathA
FindFirstFileA
EnumResourceLanguagesW
LockResource
LoadResource
FindResourceExW
ExitThread
LoadLibraryA
GetCurrentThread
GetSystemDefaultLangID
EnumResourceNamesW
ExpandEnvironmentStringsW
GetSystemTimeAsFileTime
GetTimeZoneInformation
BackupRead
BackupSeek
BackupWrite
GetFileTime
GetFileAttributesW
LocalAlloc
FreeLibrary
SetCurrentDirectoryW
GetTempFileNameW
GetLogicalDriveStringsW
GetSystemDirectoryW
GetShortPathNameW
CopyFileW
GetFullPathNameW
OutputDebugStringW
LoadLibraryW
LoadLibraryExW
CreateProcessW
GetStartupInfoW
GetComputerNameW
SetComputerNameW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
WriteConsoleW
GetEnvironmentVariableW
SetEnvironmentVariableW
WriteConsoleA
GetConsoleOutputCP
SetCurrentDirectoryA
GetTempFileNameA
GetLogicalDriveStringsA
GetSystemDirectoryA
GetFileAttributesA
CopyFileA
GetFullPathNameA
OutputDebugStringA
ExpandEnvironmentStringsA
LoadLibraryExA
CreateProcessA
GetStartupInfoA
GetComputerNameA
SetComputerNameA
GetLocaleInfoA
GetTimeFormatA
GetDateFormatA
GetNumberFormatA
GetEnvironmentVariableA
SetEnvironmentVariableA
ReleaseSemaphore
CreateSemaphoreA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
HeapSize
Sleep
InterlockedDecrement
InterlockedIncrement
GetSystemInfo
GetVersion
FormatMessageA
MultiByteToWideChar
FormatMessageW
LocalFree
SetFileAttributesA
CreateThread
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
GetCommandLineA
RtlUnwind
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess

user32

DefWindowProcW
GetWindowLongW
SetWindowLongW
SendMessageW
RegisterClassExW
PostMessageW
CreateDialogIndirectParamW
PeekMessageW
DispatchMessageW
wsprintfW
CharUpperBuffW
CharUpperBuffA
DefWindowProcA
TranslateMessage
RegisterClassExA
CreateWindowExA
GetMessageA
SendNotifyMessageW
DispatchMessageA
VkKeyScanExA
VkKeyScanA
WinHelpA
GetClipboardFormatNameA
SystemParametersInfoA
SetWindowTextA
ModifyMenuA
AppendMenuA
RegisterClipboardFormatA
PeekMessageA
CreateDialogIndirectParamA
PostMessageA
SendNotifyMessageA
SendMessageA
SetWindowLongA
GetWindowLongA
WinHelpW
VkKeyScanExW
VkKeyScanW
SystemParametersInfoW
SetWindowTextW
ModifyMenuW
AppendMenuW
GetClipboardFormatNameW
RegisterClipboardFormatW

gdi32

EnumFontFamiliesExA
CreateFontIndirectA
GetTextMetricsA
EnumFontFamiliesExW
GetTextMetricsW
CreateFontIndirectW

shell32

SHGetPathFromIDListA
SHGetMalloc
ShellExecuteW
ShellExecuteExW
SHGetFileInfoA
Shell_NotifyIconA
ShellExecuteA
ShellExecuteExA
SHGetDesktopFolder

comdlg32

GetOpenFileNameW
GetSaveFileNameA
GetSaveFileNameW
GetOpenFileNameA

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetAddConnection3W
WNetGetUniversalNameW
WNetGetUniversalNameA
WNetAddConnection3A
WNetCloseEnum
WNetCancelConnection2W

ole32

CoUninitialize
OleUninitialize
CoCreateInstance
CoInitialize
OleInitialize

oleaut32

VariantInit
VariantChangeType
VariantClear

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

msi

ord103
ord125
ord17
ord8

Exports

Exports

MsiRegistryCleanup

Sections

.text
Size: 248KB - Virtual size: 246KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f331329a32e2cc082fcef5a73db1df1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

21:e5:15:41:2e:c8:f5:d9:c5:e5:5c:1e:25:f6:7a:3eCertificate

Extended Key Usages

Key Usages

a4:83:4b:2c:fc:30:27:fc:6c:2f:fc:c8:d1:bf:46:fe:c9:4e:ce:4eSigner

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

gdi32

shell32

comdlg32

mpr

ole32

oleaut32

version

msi

Exports

Exports

Sections

.text Size: 248KB - Virtual size: 246KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 24KB - Virtual size: 23KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

21:e5:15:41:2e:c8:f5:d9:c5:e5:5c:1e:25:f6:7a:3e
Certificate

a4:83:4b:2c:fc:30:27:fc:6c:2f:fc:c8:d1:bf:46:fe:c9:4e:ce:4e
Signer

.text
Size: 248KB - Virtual size: 246KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 24KB - Virtual size: 23KB