e1b1050019296f46ff1bb6786908471e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e1b1050019296f46ff1bb6786908471e_JaffaCakes118
Size

6.9MB
MD5

e1b1050019296f46ff1bb6786908471e
SHA1

2290f8c6ffd8df994b623d6610e2296722787bd2
SHA256

cb42fc8118ce35624de2779e9aa91f078a7c473b6d69c23cf41e1352c31da327
SHA512

3f233c5b020fd2e68e83fec71c81a13a131a7911b563c793a6efe7904ee6318c11723e4e3b2e55277499a4b994d3c1c641f28e16f91617b718fb6c2c302f8d0e
SSDEEP

49152:PbE1/4iYll93tUyWoPdXRN966/VjFzpzxngMq1khWOAxFKKUa3iY1u8xfjMCHD57:P+APBt/d1bQ1dIYEwD50nFfr1xlbru

Score

1^/10

Malware Config

Signatures

Files

e1b1050019296f46ff1bb6786908471e_JaffaCakes118
.dll regsvr32 windows:6 windows x64 arch:x64

fb673ca2a0aab785c0cf8e7925806079

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01-01-2014 07:00

Not After

30-05-2031 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03-05-2011 07:00

Not After

03-05-2031 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:ac:03:7a:a8:1d:63:fd
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

28-06-2017 23:20

Not After

25-08-2020 17:00

Subject

CN=Foxit Software Incorporated,O=Foxit Software Incorporated,L=Fremont,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bb:67:e3:94:64:68:ac:a9:b2:4c:a4:7b:41:47:26:e7:3e:fa:b0:82
Signer

Actual PE Digest

bb:67:e3:94:64:68:ac:a9:b2:4c:a4:7b:41:47:26:e7:3e:fa:b0:82

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\Jenkins\workspace\AutoArtiV9.2_3_Editor_Plugin\Creator\foxitnet-v9.2-creator\Addin\TempFiles\WordAddin_PH\PER_Release\x64\WordAddin_PH.pdb

Imports

winspool.drv

ClosePrinter
GetPrinterW
GetPrinterDriverDirectoryW
EnumFormsW
OpenPrinterW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

kernel32

LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetProcessHeap
HeapFree
HeapAlloc
IsDebuggerPresent
FormatMessageW
LocalAlloc
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
OpenEventW
SetLastError
OutputDebugStringA
lstrcmpiW
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
DisableThreadLibraryCalls
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
EncodePointer
GetPrivateProfileStringW
GlobalLock
GlobalUnlock
GlobalAlloc
FindResourceW
SizeofResource
LockResource
LoadResource
FreeResource
QueryPerformanceCounter
CreateDirectoryW
InitializeCriticalSection
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WideCharToMultiByte
MultiByteToWideChar
Sleep
CreateMutexW
WaitForSingleObject
ReleaseMutex
CopyFileW
LoadLibraryW
GetProcAddress
FreeLibrary
GetStartupInfoW
CreateProcessW
GetCurrentThreadId
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
CloseHandle
DecodePointer
OutputDebugStringW
GetTempPathW
FindFirstFileExA
GetOEMCP
IsValidCodePage
HeapSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
ReadConsoleW
GetConsoleMode
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
WriteConsoleW
GetModuleFileNameA
GetFileType
GetStdHandle
HeapReAlloc
GetModuleHandleExW
ResumeThread
MoveFileExW
GetFileAttributesExW
RtlUnwindEx
RtlPcToFileHeader
LocalFree
VirtualProtect
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
DuplicateHandle
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SwitchToThread
GetTempFileNameW
GetLongPathNameW
DeleteFileW
CreateFileW
SignalObjectAndWait
GetPrivateProfileIntW
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetProcessId
FindClose
FindFirstFileW
FindNextFileW
GetFileSize
ReadFile
SetFileAttributesW
GetExitCodeProcess
CreateThread
ExitThread
GetExitCodeThread
OpenProcess
GetSystemTime
GetLocalTime
GetSystemDirectoryW
GlobalFree
GetTimeZoneInformation
GetACP
CreateFileA
GetVolumeInformationA
DeviceIoControl
GetSystemInfo
GlobalMemoryStatus
GetLogicalDriveStringsA
GetComputerNameA
FlushFileBuffers
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
WriteFile
TryEnterCriticalSection
ReleaseSemaphore
SetThreadPriority
GetThreadPriority
LoadLibraryA
FindNextFileA
ExitProcess
GetVersionExA
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetVersionExW
SetEvent
TerminateThread
GetComputerNameW
TzSpecificLocalTimeToSystemTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter

user32

CheckDlgButton
GetDlgItem
EnableWindow
ScreenToClient
SetWindowPos
GetParent
GetWindow
GetSystemMetrics
SetWindowTextW
CharNextW
GetWindowRect
DispatchMessageW
PeekMessageW
IsWindow
DestroyWindow
CreateDialogParamW
DialogBoxParamW
SetDlgItemTextW
SetFocus
MsgWaitForMultipleObjects
SetForegroundWindow
EndDialog
GetDlgItemTextW
IsDlgButtonChecked
TranslateMessage
GetClientRect
MoveWindow
ShowWindow
UnhookWindowsHookEx
SetWindowsHookExW
GetDC
ReleaseDC
GetSysColor
FindWindowW
SystemParametersInfoW
PostMessageW
DefWindowProcW
PostQuitMessage
RegisterClassW
CreateWindowExW
IsWindowVisible
GetKeyState
SetTimer
KillTimer
DrawTextW
SetWindowRgn
InvalidateRect
GetCursorPos
ClientToScreen
FillRect
GetClassNameW
LoadCursorW
LoadIconW
DrawIconEx
MessageBoxW
LoadStringW
EnumChildWindows
GetDlgCtrlID
CallWindowProcW
GetDesktopWindow
SetWindowLongPtrW
GetWindowLongPtrW
GetWindowLongW
GetActiveWindow
UnregisterClassW
wsprintfW
CallNextHookEx
IsWindowEnabled
SetActiveWindow
BeginPaint
EndPaint
GetWindowTextW
GetWindowTextLengthW
SendMessageW

advapi32

InitializeSecurityDescriptor
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
SetSecurityDescriptorDacl
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
GetUserNameW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegOpenKeyW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CreateStreamOnHGlobal
CLSIDFromString
OleRun
CLSIDFromProgID
CoCreateGuid
CoSetProxyBlanket
CoInitialize
CoUninitialize
CoInitializeEx

shell32

ShellExecuteW
ord165
ShellExecuteExW
SHGetMalloc
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW

oleaut32

SysFreeString
SysAllocString
SysStringLen
GetErrorInfo
SysStringByteLen
UnRegisterTypeLi
SysAllocStringByteLen
VariantClear
OleCreatePictureIndirect
VariantInit
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
DispCallFunc
VariantCopy
VariantChangeType

shlwapi

wvnsprintfW
PathFindFileNameW
PathFileExistsW

gdi32

EnumFontsW
SelectObject
CombineRgn
CreatePen
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
SetTextColor
FrameRgn
GetDeviceCaps
GetStockObject
GetTextExtentPointW
GetTextExtentPoint32W
LineTo
RestoreDC
SaveDC
SetBkMode
SetBkColor
GetCurrentObject
CreateBrushIndirect
CreateDIBSection
FillRgn
DeleteObject
CreateFontW
MoveToEx
TextOutW
CreatePolygonRgn
GetTextMetricsA
CreateCompatibleDC
CreateFontIndirectA
CreateFontA
DeleteDC
EnumFontFamiliesExA
GetFontData
GetObjectW
EnumFontFamiliesExW
GetOutlineTextMetricsA
GetCharWidthA
CreateFontIndirectW
GetTextFaceA

ws2_32

socket
setsockopt
send
select
recv
listen
inet_addr
htons
ioctlsocket
connect
closesocket
WSAStartup
WSACleanup
bind

wininet

InternetOpenW
InternetCloseHandle
HttpSendRequestW
InternetConnectW
HttpOpenRequestW
InternetReadFile

gdiplus

GdipDrawImageI
GdipFillRectangleI
GdipScaleWorldTransform
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCreateTexture
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipCloneBrush
GdipDeleteBrush
GdipGetImageGraphicsContext
GdipLoadImageFromFileICM
GdipCloneImage
GdipDisposeImage

comctl32

PropertySheetW
InitCommonControlsEx
CreatePropertySheetPageW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

iphlpapi

GetAdaptersInfo
GetNetworkParams

Exports

Exports

?FCP_AddDrmPermission@ConnectedPDFSDK@ConnectedPDF@@QEAAKPEBDPEAPEAD@Z
?FCP_SendEmailNotification@ConnectedPDFSDK@ConnectedPDF@@QEAAKPEBDPEBG111@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb673ca2a0aab785c0cf8e7925806079

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:e7:15Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

07Certificate

Key Usages

36:ac:03:7a:a8:1d:63:fdCertificate

Extended Key Usages

Key Usages

bb:67:e3:94:64:68:ac:a9:b2:4c:a4:7b:41:47:26:e7:3e:fa:b0:82Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winspool.drv

comdlg32

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

gdi32

ws2_32

wininet

gdiplus

comctl32

version

iphlpapi

Exports

Exports

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.data Size: 103KB - Virtual size: 4.1MB

.pdata Size: 135KB - Virtual size: 134KB

_RDATA Size: 41KB - Virtual size: 40KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 25KB - Virtual size: 25KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:e7:15
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

07
Certificate

36:ac:03:7a:a8:1d:63:fd
Certificate

bb:67:e3:94:64:68:ac:a9:b2:4c:a4:7b:41:47:26:e7:3e:fa:b0:82
Signer

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 103KB - Virtual size: 4.1MB

.pdata
Size: 135KB - Virtual size: 134KB

_RDATA
Size: 41KB - Virtual size: 40KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 25KB - Virtual size: 25KB