e1786cd629bbef005f56efac362f45f3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e1786cd629bbef005f56efac362f45f3_JaffaCakes118
Size

271KB
MD5

e1786cd629bbef005f56efac362f45f3
SHA1

578a124e8d9a21b7285779fbd2ddf411cc9324c0
SHA256

922fdca7872a3793341c985609bab2b952bc1c12c36d66ba8e8a08a98f09a6c7
SHA512

e3c76245027ef4ccf3216000da34680c18de291e7947682442f3d6fd4fa47833bd651dc1192fb0c1590ef15e0fe7ccc7582051bc24b5d65818492c7bd828544d
SSDEEP

3072:T6Qx2GP6vk38dSk+fv2BDz2W+sgfpJ2klFCTYkQN1NMW7SC9m4NGzCj1E4VpAvl:T6Qx3P39kLBdilFYGVIos4VpAN

Score

1^/10

Malware Config

Signatures

Files

e1786cd629bbef005f56efac362f45f3_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

a7a50cb06a6a74a8d856ae4014a64655

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:c2:c7:e0:2d:8c:61:58:73:b8:93:85:31:f3:0e:57
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/12/2006, 00:00

Not After

15/12/2007, 23:59

Subject

CN=INTER CHINA NETWORK SOFTWARE (BEIJING) CO.\, LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=PERSONAL SOFTWARE,O=INTER CHINA NETWORK SOFTWARE (BEIJING) CO.\, LTD.,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

shell32

SHGetMalloc
SHGetSpecialFolderPathA
ShellExecuteExA
SHGetSpecialFolderLocation
SHGetPathFromIDListA

kernel32

CreateDirectoryA
WritePrivateProfileSectionA
GetPrivateProfileSectionA
MoveFileExA
GetDriveTypeA
DeleteFileA
SetFileAttributesA
FreeLibrary
GetProcAddress
CloseHandle
GetCurrentProcess
TerminateProcess
OpenProcess
CreateProcessA
MoveFileA
WideCharToMultiByte
lstrlenW
HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryA
WritePrivateProfileStringA
DeviceIoControl
CreateFileA
IsBadReadPtr
GetLastError
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetTempFileNameA
lstrlenA
Sleep
GetWindowsDirectoryA
WaitForSingleObject
LockResource
SizeofResource
LoadResource
FindResourceA
WriteFile
GetPrivateProfileStringA
GetPrivateProfileIntA
ReadFile
IsBadWritePtr
FindNextFileA
MultiByteToWideChar
lstrcmpiA
GetACP
CreateFileMappingA
GetFileSize
FlushFileBuffers
InterlockedDecrement
LocalFree
LocalAlloc
GetTickCount
SearchPathA
GetVersionExA
GetFileAttributesA
FindClose
FindFirstFileA
GetShortPathNameA
GetLongPathNameA
GetCurrentDirectoryA
GetModuleFileNameA
VirtualQuery
ExpandEnvironmentStringsA
GetTempPathA
GetSystemDirectoryA
CreateThread

user32

wsprintfA
MessageBoxA
SendMessageTimeoutA
GetWindowTextA
SendMessageA
EnumWindows
DialogBoxParamA
EndDialog
SendDlgItemMessageA
GetDlgItem
PostMessageA
LoadStringA
GetTopWindow
EnumChildWindows
GetDesktopWindow

advapi32

ChangeServiceConfigA
RegEnumKeyExA
RegSetValueExA
GetTokenInformation
LookupAccountSidA
RegEnumKeyA
RegCreateKeyExA
RegQueryValueExA
QueryServiceStatus
OpenSCManagerA
OpenServiceA
ControlService
StartServiceA
CloseServiceHandle
RegOpenKeyExA
RegOpenKeyA
RegEnumValueA
RegDeleteValueA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

ole32

CoCreateInstance
CoInitialize
CoUninitialize
OleRun

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantChangeType
VariantClear
SysAllocStringByteLen
SysStringByteLen

shlwapi

SHGetValueA
SHSetValueA
SHDeleteValueA
SHDeleteKeyA
SHEnumValueA
SHEnumKeyExA

ws2_32

WSCGetProviderPath
WSCDeinstallProvider
WSCEnumProtocols

msvcrt

_read
_open
_tell
_lseek
time
isprint
strftime
localtime
_mbsstr
fwrite
_except_handler3
_local_unwind2
??1type_info@@UAE@XZ
__dllonexit
_initterm
_adjust_fdiv
_onexit
?terminate@@YAXXZ
_strnicmp
_strlwr
_CxxThrowException
_wcsicmp
_close
_stricmp
strcpy
realloc
_mbsicmp
_mbslwr
_strdup
fgets
atoi
memcmp
vsprintf
fputs
strcmp
memmove
_snprintf
_mbscmp
_mbsnbicmp
memcpy
_filelength
malloc
fread
free
_mbsrchr
__CxxFrameHandler
memset
strrchr
strchr
strlen
strstr
strncat
strcat
_mbsnbcpy
_mbschr
strncpy
fclose
ftell
fprintf
fseek
fopen
_vsnprintf
??2@YAPAXI@Z

iphlpapi

GetAdaptersInfo

comctl32

ord17

Exports

Exports

CheckIntegrity
CloseAllMessenger
DllRegisterServer
Events
ExecFunc
Invoke
Property
Rundll32

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7a50cb06a6a74a8d856ae4014a64655

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

20:c2:c7:e0:2d:8c:61:58:73:b8:93:85:31:f3:0e:57Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

version

shell32

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

ws2_32

msvcrt

iphlpapi

comctl32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 113KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 40KB - Virtual size: 50KB

.rsrc Size: 80KB - Virtual size: 78KB

.reloc Size: 12KB - Virtual size: 9KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

20:c2:c7:e0:2d:8c:61:58:73:b8:93:85:31:f3:0e:57
Certificate

.text
Size: 116KB - Virtual size: 113KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 40KB - Virtual size: 50KB

.rsrc
Size: 80KB - Virtual size: 78KB

.reloc
Size: 12KB - Virtual size: 9KB