ea1a1ab55cf2f50e09445c3ef50e4936_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ea1a1ab55cf2f50e09445c3ef50e4936_JaffaCakes118
Size

343KB
MD5

ea1a1ab55cf2f50e09445c3ef50e4936
SHA1

6b8368cb494ee88e50e80dc5d521db6e13ba8fc6
SHA256

854c621d12d346c33bc5375f44871da5d9d4211777b69747a8eb70e6039ad3ac
SHA512

72309b6a7c9a776e1e3c3cf519f94096a50af5427cc5ee60538805cc060b1441d79854821639d7ff401bcafe6c759c514d5f7fb6c941d82243b11e2ffe8cae8e
SSDEEP

6144:ppvCY/wcUnINl8/SSf51c3X0w9rclZH6qwSeBh2N+K5vkWc5gVvjDeSLIln:ppaY/wVnX/SSf51c3X00clZHiSo2Nn5Z

Score

1^/10

Malware Config

Signatures

Files

ea1a1ab55cf2f50e09445c3ef50e4936_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f8eb6b582627cf3b94a4a3d861652d5e

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/03/2013, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Qihoo 360 Software (Beijing) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Tech. Dev. Dept.,O=Qihoo 360 Software (Beijing) Company Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ff:3c:21:e8:20:d4:a9:d5:32:74:e7:bc:77:45:c7:0b:6b:49:4f:89
Signer

Actual PE Digest

ff:3c:21:e8:20:d4:a9:d5:32:74:e7:bc:77:45:c7:0b:6b:49:4f:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\vmagent_new\bin\joblist\27138\out\Release\Checkautorun2.pdb

Imports

kernel32

GetModuleHandleExW
FreeLibraryAndExitThread
GetPrivateProfileStringW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateEventW
SetEvent
WaitForSingleObject
FindFirstChangeNotificationW
WaitForMultipleObjects
FindNextChangeNotification
FindCloseChangeNotification
WritePrivateProfileStringW
GetLastError
LoadLibraryW
FreeLibrary
ExpandEnvironmentStringsW
GetCurrentProcess
FlushInstructionCache
SetLastError
GetCurrentThreadId
RaiseException
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
lstrlenW
lstrcmpiW
LoadLibraryExW
SetCurrentDirectoryW
TerminateThread
Sleep
GetModuleFileNameA
GetCurrentProcessId
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CloseHandle
GetDriveTypeA
GetStringTypeW
GetStringTypeA
LCMapStringA
FlushFileBuffers
GetTimeZoneInformation
SetFilePointer
GetConsoleMode
GetConsoleCP
SetStdHandle
DeviceIoControl
CreateFileW
GetProcAddress
GetModuleHandleW
GetPrivateProfileIntW
GetModuleFileNameW
FindResourceExW
FindResourceW
LoadResource
LockResource
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetModuleHandleA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
GetStdHandle
RtlUnwind
GetCommandLineA
CreateDirectoryW
FindFirstFileW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
IsDebuggerPresent
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
LCMapStringW
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
SetUnhandledExceptionFilter
GetCurrentDirectoryA
SizeofResource
GetFileType
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
CreateFileA
SystemTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
SetEndOfFile
SetFilePointerEx
WriteFile
ReadFile
GetFileSizeEx
OutputDebugStringW
FormatMessageW
LocalFree
GetSystemTime
CreateMutexW
TlsGetValue
TlsSetValue
GetAtomNameW
OpenThread
AddAtomW
ReleaseMutex
TlsAlloc
FindAtomW
DeleteAtom
TlsFree
ExitThread
CreateThread
TerminateProcess
UnhandledExceptionFilter
ExitProcess

user32

RegisterWindowMessageW
PostMessageW
DialogBoxParamW
SetWindowLongW
UnregisterClassA
SetTimer
KillTimer
SetRectEmpty
LoadCursorW
GetClientRect
CharNextW
GetWindowLongW
DestroyIcon
PrivateExtractIconsW
LoadImageW
DrawIconEx
EndDialog
SetFocus
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
MapWindowPoints
SetWindowPos
CopyRect

advapi32

RegQueryInfoKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryValueExA
RegDeleteKeyW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ExtractIconW
SHGetFileInfoW
SHGetFolderPathW

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize

oleaut32

DispCallFunc
VariantInit
VariantClear
SysStringLen
SysAllocString
VarUI4FromStr
SysFreeString

shlwapi

PathFileExistsW
PathAppendW
StrStrW
StrRStrIW
StrCmpNIW
PathIsDirectoryW
PathFindExtensionW
PathFindFileNameW
SHGetValueW
PathRemoveFileSpecW

Exports

Exports

CreatePlugin

Sections

.text
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8eb6b582627cf3b94a4a3d861652d5e

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

ff:3c:21:e8:20:d4:a9:d5:32:74:e7:bc:77:45:c7:0b:6b:49:4f:89Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 266KB - Virtual size: 265KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 17KB - Virtual size: 17KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

51:bd:5d:8e:45:b8:2a:02:10:f1:7f:e4:c5:23:34:68
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

ff:3c:21:e8:20:d4:a9:d5:32:74:e7:bc:77:45:c7:0b:6b:49:4f:89
Signer

.text
Size: 266KB - Virtual size: 265KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 17KB - Virtual size: 17KB