daf299dba1134139ec7e54776a5f2138_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

daf299dba1134139ec7e54776a5f2138_JaffaCakes118
Size

129KB
MD5

daf299dba1134139ec7e54776a5f2138
SHA1

ca4df809c02534ba611df446a9d530bcb8fc4537
SHA256

afdf9d8609d8bdbe82a0a91631a1e94f2912685ee4ab01ec6a5cd87fdc682956
SHA512

76f5439830628cd47a34445681a62c2d624bb29645e04a36e68c9340150200cc99c79814c758786014b23f85c44ca14ae9e9dd5954cc02896798c8463f71b41f
SSDEEP

3072:CNarWxkl/Pw62vohwLpTuL5B5xI3gpM5VpxOK:CJW/PwAEpO59f0POK

Score

1^/10

Malware Config

Signatures

Files

daf299dba1134139ec7e54776a5f2138_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

527768e59ffb26554f0e0a4d7a756f91

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

40:60:80:81:90:c7:c8:87:13:28:bc:48:53:fb:71:35
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

20/09/2019, 00:00

Not After

19/10/2022, 23:59

Subject

CN=Feitian Technologies Co.\, Ltd.,O=Feitian Technologies Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

40:60:80:81:90:c7:c8:87:13:28:bc:48:53:fb:71:35
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

20/09/2019, 00:00

Not After

19/10/2022, 23:59

Subject

CN=Feitian Technologies Co.\, Ltd.,O=Feitian Technologies Co.\, Ltd.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d5:18:58:b6:be:f1:b1:5d:8e:92:6a:eb:85:2c:a2:24:aa:77:3e:04:bd:24:89:a8:2c:36:c8:b9:14:e8:cc:63
Signer

Actual PE Digest

d5:18:58:b6:be:f1:b1:5d:8e:92:6a:eb:85:2c:a2:24:aa:77:3e:04:bd:24:89:a8:2c:36:c8:b9:14:e8:cc:63

Digest Algorithm

sha256

PE Digest Matches

true

df:67:f4:4e:f8:aa:40:d2:59:73:45:53:da:f1:4c:68:96:00:a1:d1
Signer

Actual PE Digest

df:67:f4:4e:f8:aa:40:d2:59:73:45:53:da:f1:4c:68:96:00:a1:d1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crypt32

CryptExportPublicKeyInfo
CertOpenSystemStoreW
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CertGetNameStringW
CertOpenStore
CertCreateCertificateContext
CertSetCertificateContextProperty
CertAddCertificateContextToStore
CertCloseStore
CertFreeCertificateContext

kernel32

MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
WideCharToMultiByte
GetModuleHandleW
InterlockedDecrement
DisableThreadLibraryCalls
GetModuleFileNameW
lstrcmpiW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
LoadLibraryW
GetProcAddress
FreeLibrary
lstrlenW
GetLastError
InterlockedIncrement
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LoadLibraryA
HeapFree
HeapAlloc
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount

user32

CharNextW

advapi32

CryptGetKeyParam
CryptGetUserKey
CryptReleaseContext
CryptAcquireContextW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CryptGetProvParam
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
CryptDestroyKey

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2

oleaut32

SysStringByteLen
SysAllocStringByteLen
CreateErrorInfo
SetErrorInfo
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
LoadRegTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

527768e59ffb26554f0e0a4d7a756f91

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

40:60:80:81:90:c7:c8:87:13:28:bc:48:53:fb:71:35Certificate

Extended Key Usages

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

40:60:80:81:90:c7:c8:87:13:28:bc:48:53:fb:71:35Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

d5:18:58:b6:be:f1:b1:5d:8e:92:6a:eb:85:2c:a2:24:aa:77:3e:04:bd:24:89:a8:2c:36:c8:b9:14:e8:cc:63Signer

df:67:f4:4e:f8:aa:40:d2:59:73:45:53:da:f1:4c:68:96:00:a1:d1Signer

Headers

File Characteristics

Imports

crypt32

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 69KB - Virtual size: 68KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 9KB - Virtual size: 12KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 8KB - Virtual size: 7KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

40:60:80:81:90:c7:c8:87:13:28:bc:48:53:fb:71:35
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

40:60:80:81:90:c7:c8:87:13:28:bc:48:53:fb:71:35
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

d5:18:58:b6:be:f1:b1:5d:8e:92:6a:eb:85:2c:a2:24:aa:77:3e:04:bd:24:89:a8:2c:36:c8:b9:14:e8:cc:63
Signer

df:67:f4:4e:f8:aa:40:d2:59:73:45:53:da:f1:4c:68:96:00:a1:d1
Signer

.text
Size: 69KB - Virtual size: 68KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 9KB - Virtual size: 12KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 8KB - Virtual size: 7KB