df7476bdc14f327a68e519bd42b47aeb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

df7476bdc14f327a68e519bd42b47aeb_JaffaCakes118
Size

77KB
MD5

df7476bdc14f327a68e519bd42b47aeb
SHA1

f69bac7a5969c4df61a40f8f794b16a26e8f3e7a
SHA256

46c8f1d2e31afa98975c337313baf224576c1d995bc4abdcad79cbb179d5bc97
SHA512

c00a24a890dccb8b95753a8216f52837cf878ba002a916f12e65759446d68f710a382d761918a92de06c0e87dba59d47aa244224a861fa87889b9cee1034bc65
SSDEEP

1536:Zt8N+9JQ6LsYaFBKKk/WeZCXqk0IOQIO+gnToIfvk4Sa:Zt8uJoYaPU6aHG+0TBfvk4Sa

Score

1^/10

Malware Config

Signatures

Files

df7476bdc14f327a68e519bd42b47aeb_JaffaCakes118
.dll windows:5 windows x64 arch:x64

19bf3619cdd301b72f22fe034bcdca20

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

12:f0:27:7e:0f:23:3b:39:f9:41:9b:06:e8:cd:e3:52
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14/04/2015, 00:00

Not After

13/04/2018, 23:59

Subject

CN=Oracle America\, Inc.,OU=Code Signing Bureau,O=Oracle America\, Inc.,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ca:51:87:33:5d:cd:ad:88:bf:5c:36:4d:40:7b:b5:19:cf:90:5f:8b
Signer

Actual PE Digest

ca:51:87:33:5d:cd:ad:88:bf:5c:36:4d:40:7b:b5:19:cf:90:5f:8b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u151\9699\build\windows-amd64\jdk\objs\libzip\zip.pdb

Imports

jvm

JVM_GetLastErrorString
JVM_RawMonitorDestroy
jio_fprintf
JVM_NativePath
JVM_RawMonitorEnter
JVM_RawMonitorExit
JVM_RawMonitorCreate

java

getErrorString
handleLseek
handleRead
JNU_ClassString
JNU_ThrowIOExceptionWithLastError
JNU_GetStringPlatformChars
winFileHandleOpen
JNU_ReleaseStringPlatformChars
JNU_NewStringPlatform
JNU_NewObjectByName
JNU_ThrowByName
JNU_ThrowInternalError
JNU_ThrowIllegalArgumentException
JNU_ThrowOutOfMemoryError

msvcr100

free
calloc
_errno
malloc
strlen
memcpy
memset
realloc
strcmp
strcpy
_strdup
_malloc_crt
_initterm
_initterm_e
_encoded_null
_amsg_exit
__C_specific_handler
__CppXcptFilter
__crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
sprintf
__iob_func

kernel32

CloseHandle
CreateFileA
EncodePointer
DecodePointer
Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

Exports

Exports

Java_java_util_jar_JarFile_getMetaInfEntryNames
Java_java_util_zip_Adler32_update
Java_java_util_zip_Adler32_updateByteBuffer
Java_java_util_zip_Adler32_updateBytes
Java_java_util_zip_CRC32_update
Java_java_util_zip_CRC32_updateByteBuffer
Java_java_util_zip_CRC32_updateBytes
Java_java_util_zip_Deflater_deflateBytes
Java_java_util_zip_Deflater_end
Java_java_util_zip_Deflater_getAdler
Java_java_util_zip_Deflater_init
Java_java_util_zip_Deflater_initIDs
Java_java_util_zip_Deflater_reset
Java_java_util_zip_Deflater_setDictionary
Java_java_util_zip_Inflater_end
Java_java_util_zip_Inflater_getAdler
Java_java_util_zip_Inflater_inflateBytes
Java_java_util_zip_Inflater_init
Java_java_util_zip_Inflater_initIDs
Java_java_util_zip_Inflater_reset
Java_java_util_zip_Inflater_setDictionary
Java_java_util_zip_ZipFile_close
Java_java_util_zip_ZipFile_freeEntry
Java_java_util_zip_ZipFile_getCommentBytes
Java_java_util_zip_ZipFile_getEntry
Java_java_util_zip_ZipFile_getEntryBytes
Java_java_util_zip_ZipFile_getEntryCSize
Java_java_util_zip_ZipFile_getEntryCrc
Java_java_util_zip_ZipFile_getEntryFlag
Java_java_util_zip_ZipFile_getEntryMethod
Java_java_util_zip_ZipFile_getEntrySize
Java_java_util_zip_ZipFile_getEntryTime
Java_java_util_zip_ZipFile_getNextEntry
Java_java_util_zip_ZipFile_getTotal
Java_java_util_zip_ZipFile_getZipMessage
Java_java_util_zip_ZipFile_initIDs
Java_java_util_zip_ZipFile_open
Java_java_util_zip_ZipFile_read
Java_java_util_zip_ZipFile_startsWithLOC
ZIP_CRC32
ZIP_Close
ZIP_FindEntry
ZIP_GetNextEntry
ZIP_Open
ZIP_ReadEntry

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19bf3619cdd301b72f22fe034bcdca20

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

12:f0:27:7e:0f:23:3b:39:f9:41:9b:06:e8:cd:e3:52Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

ca:51:87:33:5d:cd:ad:88:bf:5c:36:4d:40:7b:b5:19:cf:90:5f:8bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

jvm

java

msvcr100

kernel32

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 42KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 912B

.reloc Size: 512B - Virtual size: 256B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

12:f0:27:7e:0f:23:3b:39:f9:41:9b:06:e8:cd:e3:52
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

ca:51:87:33:5d:cd:ad:88:bf:5c:36:4d:40:7b:b5:19:cf:90:5f:8b
Signer

.text
Size: 43KB - Virtual size: 42KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 912B

.reloc
Size: 512B - Virtual size: 256B