e03b7a8b0506443cc5f827e1368b8f3d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e03b7a8b0506443cc5f827e1368b8f3d_JaffaCakes118
Size

1.1MB
MD5

e03b7a8b0506443cc5f827e1368b8f3d
SHA1

cd2721bfbd9146efadb50b14b13785fc334bc322
SHA256

3c725523941b9d03944ebe592f87323dd4a2c92104f16d00df5d18a1bd099980
SHA512

9ecf0a119eac07817ee309b9d63c59d7a94a64fdc7f459d45906a361b63475894cd15d0624bf5e583d8ba9cba1a59f773126ab5f5e19496dccefccf7ea626c00
SSDEEP

24576:PePJN5stJfLNAjbR8RlUIN+hQp4baz4Cn95Yzq45fAI1:PwN5gJ5obRhbaz4CjYO45fAq

Score

1^/10

Malware Config

Signatures

Files

e03b7a8b0506443cc5f827e1368b8f3d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9228a6271a2839abbeb54c2d72a5c6e5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:f1:88:8d:bb:6b:c3:54:e3:0c:a0:84:bc:fe:e3:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/07/2006, 00:00

Not After

16/07/2009, 23:59

Subject

CN=SPSS Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=SPSS Inc.,L=Chicago,ST=Illinois,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Y:\cs_work2\release\etc\spssstat.pdb

Imports

platdep

??0ExtNameStr@@QAE@XZ
?GetGeneric@ExtNameStr@@QBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??1ExtNameStr@@QAE@XZ
?SetU8@ExtNameStr@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

kernel32

GetVersion
LocalFree
lstrlenA
lstrcmpA
LocalAlloc
CreateEventA
ResetEvent
SetEvent
CreateFileA
DeviceIoControl
GetVersionExA
GetTickCount
GetLastError
GetPrivateProfileStringA
GetPrivateProfileIntA
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
LoadLibraryA
DefineDosDeviceA
QueryDosDeviceA
UnmapViewOfFile
GetFileSize
MapViewOfFile
CreateFileMappingA
GetTempPathA
GetFullPathNameA
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentVariableA
GetSystemDirectoryA
GetCurrentDirectoryA
DeleteFileA
GetVolumeInformationA
GetDriveTypeA
GetLogicalDriveStringsA
FindClose
CreateDirectoryA
FindFirstFileA
SetFileTime
GetFileTime
FindNextFileA
FormatMessageA
SetLastError
WinExec
SetFileAttributesA
CreateProcessA
GetCurrentProcessId
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
GetOEMCP
IsValidCodePage
GetFileAttributesA
MoveFileA
SetEndOfFile
ReadFile
WriteFile
GetConsoleCP
GetConsoleMode
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
SetEnvironmentVariableW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeZoneInformation
HeapSize
FatalAppExitA
VirtualAlloc
HeapReAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetCurrentDirectoryA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetFilePointer
SetStdHandle
InterlockedExchange
LocalFileTimeToFileTime
SystemTimeToFileTime
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetConsoleCtrlHandler
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProcAddress
ReleaseMutex
CreateMutexA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
InitializeCriticalSection
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
GetCurrentProcess
GetProcessAffinityMask
CloseHandle
TerminateThread
WaitForSingleObject
WaitForMultipleObjects
ResumeThread
SuspendThread
CreateThread
GetCurrentThread
GetModuleFileNameA
GetACP
TlsFree

user32

CharNextA
MessageBoxA
SetTimer
KillTimer
GetSystemMetrics

advapi32

AdjustTokenPrivileges
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
GetUserNameA
RegQueryInfoKeyA
RegEnumValueA
RegSetValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityA
RegEnumKeyExA
RegOpenKeyExA
RegSetKeySecurity
RegQueryValueA
RegCreateKeyExA
RegSetValueA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
LookupPrivilegeValueA
FreeSid
OpenProcessToken
SetNamedSecurityInfoA
SetEntriesInAclA
AllocateAndInitializeSid
RegCreateKeyA

ws2_32

closesocket
WSAStartup
getsockname
bind
socket
inet_addr
WSAGetLastError
getpeername
recv
send
connect

netapi32

Netbios

rpcrt4

UuidCreate

Exports

Exports

_Java_com_spss_java_1client_B_A_G@8
_Java_com_spss_java_1client_B_A_H@12
_Java_com_spss_java_1client_B_A_I@12
_Java_com_spss_java_1client_B_A_J@8
_Java_com_spss_java_1client_B_A_K@8
_Java_com_spss_java_1client_B_A_L@12
_Java_com_spss_java_1client_B_A_M@20
_Java_com_spss_java_1client_B_A_N@12
_Java_com_spss_java_1client_B_A_O@12
_Java_com_spss_java_1client_B_A_P@12
_Java_com_spss_java_1client_B_A_Q@8
_Java_com_spss_java_1client_B_A_R@20
_Java_com_spss_java_1client_B_A_S@8
_Java_com_spss_java_1client_core_common_M_P@8

Sections

.text
Size: 844KB - Virtual size: 842KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 184KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9228a6271a2839abbeb54c2d72a5c6e5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

68:f1:88:8d:bb:6b:c3:54:e3:0c:a0:84:bc:fe:e3:b7Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

platdep

kernel32

user32

advapi32

ws2_32

netapi32

rpcrt4

Exports

Exports

Sections

.text Size: 844KB - Virtual size: 842KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 184KB - Virtual size: 303KB

.rsrc Size: 4KB - Virtual size: 688B

.reloc Size: 36KB - Virtual size: 32KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

68:f1:88:8d:bb:6b:c3:54:e3:0c:a0:84:bc:fe:e3:b7
Certificate

.text
Size: 844KB - Virtual size: 842KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 184KB - Virtual size: 303KB

.rsrc
Size: 4KB - Virtual size: 688B

.reloc
Size: 36KB - Virtual size: 32KB