f003835346e8755cf2eae4d821ef85ee_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f003835346e8755cf2eae4d821ef85ee_JaffaCakes118
Size

69KB
MD5

f003835346e8755cf2eae4d821ef85ee
SHA1

56f8b2e1918b71918d488349ea6d94b6fbb16542
SHA256

44fea02b1389fe518f58d7e38f3a5d883c5c32b5b8f93916c956dbee2fbd455b
SHA512

a454cbb6fb14d29a30838622b69d3095a2f68a626f914eb8a01359860b6a01504512fe1836b2e57e8ead5d2d6163829850eba175165bfa891b9432a28d3c99bd
SSDEEP

768:1oZFULg3nOjCxwSsSETZbu/C9QqE5S2nwag/fT3K2tJgrSjJfLIBH8ydFLRbd:C3nOjGw1Smn2ncja4gWjJzIBH8ydFld

Score

1^/10

Malware Config

Signatures

Files

f003835346e8755cf2eae4d821ef85ee_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

0e194b5e470386723c2205f781c944c5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:69:e9:79:07:f3:83:e4:ff:81:ae:9b:04:5c:64:aa
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18/12/2008, 00:00

Not After

20/01/2010, 23:59

Subject

CN=Fun Web Products,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Fun Web Products,L=White Plains,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA
RegFlushKey
RegQueryValueExA

kernel32

InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrlenW
lstrcpyW
WideCharToMultiByte
GetCurrentProcessId
VirtualProtect
VirtualQuery
FlushInstructionCache
GetCurrentProcess
lstrcatA
lstrlenA
lstrcpyA
SystemTimeToFileTime
lstrcmpiA
CompareFileTime
lstrcmpA
lstrcpynA
CreateThread
DisableThreadLibraryCalls
HeapAlloc
GetSystemInfo
GetVersionExA
HeapCreate
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
GetShortPathNameA
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
SizeofResource
GetLocalTime
FindResourceA
GetLastError
LoadLibraryExA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
DebugBreak
HeapReAlloc
HeapFree
GetSystemDirectoryA
GetUserDefaultLangID
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexA
LocalFree
GetDriveTypeA
GetFileAttributesA
GetCurrentThreadId
CreateEventA
ResumeThread
SetThreadPriority
ResetEvent
SetEvent
WaitForMultipleObjects
SetLastError
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
LoadResource

ole32

CoCreateGuid
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VariantChangeTypeEx
VariantInit
RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
VariantClear

user32

SetWindowLongA
SetWindowLongW
IsWindowUnicode
GetWindowLongA
CallWindowProcA
CharNextA
wsprintfA
CallWindowProcW
DefWindowProcW
GetWindowLongW
UnregisterClassA
GetKeyboardType
FindWindowExA
MapWindowPoints
GetClassInfoExA
LoadCursorA
EnumWindows
GetKeyState
GetWindowTextW
SetWindowTextW
SendMessageA
MapVirtualKeyA
SendMessageW
GetPropA
SetPropA
RemovePropA
PostMessageA
IsWindow
RegisterWindowMessageA
GetWindow
GetClassNameA
GetParent
RegisterClassExA
DefWindowProcA
CreateWindowExA
PeekMessageA
DestroyWindow
GetWindowThreadProcessId

ws2_32

WSACancelAsyncRequest
WSAAsyncGetHostByName
WSAStartup
WSACleanup

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

MyWebSea
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e194b5e470386723c2205f781c944c5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

74:69:e9:79:07:f3:83:e4:ff:81:ae:9b:04:5c:64:aaCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

advapi32

kernel32

ole32

oleaut32

user32

ws2_32

version

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 4KB

MyWebSea Size: 4KB - Virtual size: 24B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 2KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

74:69:e9:79:07:f3:83:e4:ff:81:ae:9b:04:5c:64:aa
Certificate

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 4KB

MyWebSea
Size: 4KB - Virtual size: 24B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 2KB