e0d58825dec608f128ac4dc21ed3b504_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e0d58825dec608f128ac4dc21ed3b504_JaffaCakes118
Size

731KB
MD5

e0d58825dec608f128ac4dc21ed3b504
SHA1

863da56cf61bbd284941fb86d9ff8941daa22153
SHA256

16b552e7963f9680927551ba1a89948387d1fa9233358110d005a25e59991867
SHA512

2aeb9c22a2193f4a3ff5070f9c29667099ecedf49a29600326d01cbbc79ce5dc80ec931c714349427d985511d2a9ccb4542e0444bed702512292f7f60dcaa1d4
SSDEEP

12288:2NVLccXJgMKOHWE9F2UhS6U/2BrJZl9hMrC7CMvtzX:2TLccXJvDWE9F2WSwNZl9h57H7

Score

1^/10

Malware Config

Signatures

Files

e0d58825dec608f128ac4dc21ed3b504_JaffaCakes118
.dll windows:5 windows x86 arch:x86

38d58ff440c5b5dd036617a5381d9cc4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

53:4a:be:d0:be:56:d9:84:0d:d1:2d:db:84:f8:b0:31
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31/07/2009, 00:00

Not After

01/09/2011, 23:59

Subject

CN=NVIDIA Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:69:f7:70:60:81:d1:f6:31:76:87:4b:af:7b:3a:ac:57:54:b9:1c
Signer

Actual PE Digest

48:69:f7:70:60:81:d1:f6:31:76:87:4b:af:7b:3a:ac:57:54:b9:1c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\bld_Installer2_0Core\rel\gpu_drv\r265\r265_00\installer2.0\Build\Core\Out\Win32\Release\NVPrxy32.pdb

Imports

kernel32

GetCurrentProcess
OutputDebugStringW
CloseHandle
CreateEventA
SetEvent
GetSystemTimeAsFileTime
WaitForSingleObject
GetCurrentThreadId
CreateMutexW
CreateFileW
GetModuleFileNameW
ExpandEnvironmentStringsW
WriteFile
GetFileSizeEx
ReleaseMutex
InterlockedIncrement
InterlockedCompareExchange
ResumeThread
InitializeCriticalSection
lstrlenW
GetSystemInfo
GetVersionExW
LocalFree
MultiByteToWideChar
UnmapViewOfFile
FindClose
GetFileAttributesW
GetCurrentDirectoryW
LoadLibraryW
GetSystemDirectoryW
DeleteFileW
MapViewOfFile
CreateFileMappingW
CreateDirectoryW
FindNextFileW
FindFirstFileW
RemoveDirectoryW
FormatMessageW
CreateMutexA
SetEnvironmentVariableA
GetProcAddress
FreeLibrary
QueryPerformanceFrequency
QueryPerformanceCounter
InterlockedDecrement
SetLastError
DeleteCriticalSection
InterlockedExchange
GetExitCodeThread
GetLastError
EnterCriticalSection
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
GetSystemWindowsDirectoryW
ExitProcess
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
SetFilePointer
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetModuleHandleA
GetCurrentProcessId
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetTimeZoneInformation
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
GetModuleHandleW
HeapCreate
VirtualAlloc
VirtualFree
CompareStringW
CompareStringA
GetStringTypeW
LCMapStringW
LCMapStringA
GetCPInfo
LoadLibraryA
RtlUnwind
GetCommandLineA
CreateThread
ExitThread
GetDateFormatA
GetTimeFormatA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
RaiseException
FormatMessageA
MoveFileW
CreateFileA
Sleep
GetLocaleInfoA

user32

SetTimer
PostQuitMessage
GetMessageW

advapi32

RegOpenCurrentUser
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegEnumValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
LsaNtStatusToWinError

ole32

CoUninitialize
CoInitializeEx

oleaut32

SafeArrayCreate
SysFreeString
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnlock
SafeArrayLock
VariantChangeType
SysAllocStringLen
VariantClear
VariantInit
SysStringLen
SafeArrayDestroy

shlwapi

PathFindFileNameW

rpcrt4

RpcServerUseProtseqEpW
RpcServerListen
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
RpcServerUnregisterIf
NdrServerCall2
RpcServerRegisterIfEx

setupapi

SetupDiGetDeviceInstallParamsW
SetupGetFieldCount
SetupGetStringFieldW
SetupDiSetDeviceInstallParamsW
SetupDiSetSelectedDriverW
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoList
CM_Get_DevNode_Status
CM_Get_Device_IDW
SetupDiDestroyDeviceInfoList
SetupDiDeleteDeviceInfo
SetupCopyOEMInfW
SetupUninstallOEMInfW
SetupDiGetDeviceRegistryPropertyW
SetupDiSetDeviceRegistryPropertyW
SetupDiBuildDriverInfoList
SetupDiGetClassInstallParamsW
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsW
SetupDiInstallDevice
SetupDiSetSelectedDevice
SetupDiGetDriverInfoDetailW
SetupDiEnumDeviceInfo
SetupDiGetSelectedDriverW
SetupDiEnumDriverInfoW
SetupDiOpenDevRegKey
SetupDiGetClassDevsW

Exports

Exports

GetNvidiaModuleFirstTimestamp
ProxyW

Sections

.text
Size: 545KB - Virtual size: 544KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38d58ff440c5b5dd036617a5381d9cc4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

53:4a:be:d0:be:56:d9:84:0d:d1:2d:db:84:f8:b0:31Certificate

Extended Key Usages

Key Usages

48:69:f7:70:60:81:d1:f6:31:76:87:4b:af:7b:3a:ac:57:54:b9:1cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

rpcrt4

setupapi

Exports

Exports

Sections

.text Size: 545KB - Virtual size: 544KB

.rdata Size: 105KB - Virtual size: 105KB

.data Size: 21KB - Virtual size: 29KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 50KB - Virtual size: 50KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

53:4a:be:d0:be:56:d9:84:0d:d1:2d:db:84:f8:b0:31
Certificate

48:69:f7:70:60:81:d1:f6:31:76:87:4b:af:7b:3a:ac:57:54:b9:1c
Signer

.text
Size: 545KB - Virtual size: 544KB

.rdata
Size: 105KB - Virtual size: 105KB

.data
Size: 21KB - Virtual size: 29KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 50KB - Virtual size: 50KB