d6fc570e51288b4fbceb59d1ad69db00_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d6fc570e51288b4fbceb59d1ad69db00_JaffaCakes118
Size

145KB
MD5

d6fc570e51288b4fbceb59d1ad69db00
SHA1

055b5d8642b18878d7022362a3df6a92152f10ff
SHA256

36d7791de38d4cd065c8204c26aa2faf370bbe11037711e15086ed165bce2f7e
SHA512

2e47e89f6ed2964ee0866652f9fdb6eff711598dd6aa898f5f78c361ee179863452610f6c9f8a0d5d5d4d4134b948c694f6c48dc177afb839dacfe512b7f90c9
SSDEEP

3072:R8N/zm3S5ZtLgKtBxiouRFA7Uk+ef8O45b1iHAjcrLsegI:R8N/zoS5Z2KGnAQk+Fb1w

Score

1^/10

Malware Config

Signatures

Files

d6fc570e51288b4fbceb59d1ad69db00_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

4be8f032f6025418ed175fba6cb185fa

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:06:2a:8d:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

29/03/2001, 21:27

Not After

29/05/2002, 21:37

Subject

CN=Microsoft Corporation,OU=Copyright (c) 2001 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

vfprintf
abort
fflush
fprintf
_adjust_fdiv
malloc
_initterm
free
sprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
_purecall

user32

IsRectEmpty

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LocalFree
LocalAlloc
GetSystemInfo
GetVersionExA
GetModuleHandleW
GetProcAddress
LoadLibraryA
DeviceIoControl
GetProcessHeap
HeapAlloc
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
QueryPerformanceCounter
GlobalMemoryStatus
GetDiskFreeSpaceA
GetComputerNameA
HeapFree
CloseHandle
GetTickCount

ole32

CoTaskMemAlloc
CoTaskMemFree

advapi32

RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegCreateKeyA
RegSetValueExA
RegSetValueA
GetUserNameA

msdmo

MoFreeMediaType
MoCopyMediaType
MoInitMediaType
DMOUnregister
DMORegister

wsock32

htonl
ntohl

Exports

Exports

CreateInstance
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4be8f032f6025418ed175fba6cb185fa

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

61:06:2a:8d:00:00:00:00:00:0bCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

msvcrt

user32

kernel32

ole32

advapi32

msdmo

wsock32

Exports

Exports

Sections

.text Size: 89KB - Virtual size: 88KB

.data Size: 6KB - Virtual size: 7KB

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 3KB - Virtual size: 2KB

.rsrc Size: 38KB - Virtual size: 40KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

61:06:2a:8d:00:00:00:00:00:0b
Certificate

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

.text
Size: 89KB - Virtual size: 88KB

.data
Size: 6KB - Virtual size: 7KB

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 38KB - Virtual size: 40KB