f0033ad9b3fa45fef10fd95d7e5cfe10_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f0033ad9b3fa45fef10fd95d7e5cfe10_JaffaCakes118
Size

203KB
MD5

f0033ad9b3fa45fef10fd95d7e5cfe10
SHA1

c9d0e4c902f76ba87f9aa1d59cd184f22577af1a
SHA256

5b79731f16c701522b4915b8bdad530e52e4974576b61d542274f926f5245417
SHA512

c6608683dd053ec9d80d65ec10f99ea9fa2ea5fca2d4d1e78b5ea6f6026546f5fc66a37778f2a8f9e7fbe230b047e352e22da9d0a369269b3bbb9e7a1bc4fd49
SSDEEP

3072:FutYmSM2s8tMxFLGkXDWmo0KQ7cQCpt1qAtS65B9Dl/YiLel7:FOYmSxIFLG8UPQ7hCpvqAdDl/YJ7

Score

1^/10

Malware Config

Signatures

Files

f0033ad9b3fa45fef10fd95d7e5cfe10_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

cca486139227dc42f5e1fad2075aad54

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:8f:ea:32:f9:31:a6:05:5d:d3:a6:fb:d2:ef:a4:32
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/03/2012, 00:00

Not After

13/04/2013, 23:59

Subject

CN=torangcommunications,O=torangcommunications,L=kangnam,ST=seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\WoojaeWork\torangcomz.com\torangcomz\Release\torangcomz.pdb

Imports

kernel32

SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
WideCharToMultiByte
lstrlenA
lstrcatA
GetTempPathA
GetLocalTime
GetModuleFileNameA
FlushInstructionCache
GetCurrentProcess
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentThreadId
SetLastError
SetThreadLocale
GetThreadLocale
CloseHandle
ReadFile
GetFileSize
CreateFileA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
MultiByteToWideChar
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
SetStdHandle
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
GetConsoleMode
GetConsoleCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStdHandle
WriteFile
ExitProcess
FreeLibrary
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetLastError
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
Sleep
HeapReAlloc
HeapDestroy
HeapCreate
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
InitializeCriticalSection
RaiseException
CreateThread
WaitForSingleObject
ExpandEnvironmentStringsA
GetVersionExW
lstrcpyW
lstrcatW
lstrlenW

user32

GetClientRect
GetWindow
CharNextW
ShowWindow
EndPaint
BeginPaint
DefWindowProcW
GetWindowLongW
SetWindowLongW
CreateWindowExW
IsWindow
GetFocus
RegisterClassW
LoadCursorW
GetClassInfoW
wsprintfA
SendMessageW
GetSysColor
MoveWindow
SetWindowPos
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
DestroyWindow
InvalidateRect
InvalidateRgn
UnregisterClassA
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateAcceleratorTableW
RegisterClassExW
GetClassInfoExW
SetFocus
DestroyAcceleratorTable
GetDesktopWindow
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow

advapi32

RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExA
RegOpenKeyA
RegCloseKey

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoTaskMemRealloc
OleLockRunning

shell32

ShellExecuteA

oleaut32

SysAllocStringLen
DispCallFunc
VariantInit
RegisterTypeLi
OleCreateFontIndirect
UnRegisterTypeLi
VariantClear
SysFreeString
SysStringLen
VarUI4FromStr
SysAllocStringByteLen
SysAllocString
LoadTypeLi
LoadRegTypeLi
SysStringByteLen

shlwapi

StrStrIW
UrlIsA
UrlUnescapeA

gdi32

GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
DeleteObject
SelectObject

urlmon

URLDownloadToFileA

ws2_32

recv
closesocket
send
__WSAFDIsSet
select
connect
ioctlsocket
htons
socket
gethostbyname

netapi32

Netbios

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cca486139227dc42f5e1fad2075aad54

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

4b:8f:ea:32:f9:31:a6:05:5d:d3:a6:fb:d2:ef:a4:32Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

gdi32

urlmon

ws2_32

netapi32

version

Exports

Exports

Sections

.text Size: 133KB - Virtual size: 132KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 10KB - Virtual size: 17KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 13KB - Virtual size: 13KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

4b:8f:ea:32:f9:31:a6:05:5d:d3:a6:fb:d2:ef:a4:32
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

.text
Size: 133KB - Virtual size: 132KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 10KB - Virtual size: 17KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 13KB - Virtual size: 13KB