f6c8ca7aaed405f4e81be6b95279ac05_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f6c8ca7aaed405f4e81be6b95279ac05_JaffaCakes118
Size

277KB
MD5

f6c8ca7aaed405f4e81be6b95279ac05
SHA1

51f90f5cd2f5b3cc6b104d4bfa53647071ebdedc
SHA256

39f2f39933e27320054a6472d9b65f6a57344f2e36c586b726dc1c06255c5d26
SHA512

ba7668a12c5055c3332b53492998cceed825c8da9a7768c028784f3bfab750410f45ac54a227566438356a64b85e15071ee8d3b20c88ec91210f76ba3400a1e7
SSDEEP

3072:lE9eFjoN+609R1NBFs0Zxc07smuLuUuz2bawJoIyEbeHsVJuzfFPJLcQyEEI4Y:9oNH09R1K0ZsVxyEXzuzvLi+

Score

1^/10

Malware Config

Signatures

Files

f6c8ca7aaed405f4e81be6b95279ac05_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

b6ccce536b44f36c14aba372b6b774b4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:31:97:50:e8:54:09:f9:45:69:40:14:a4:ed:26:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/05/2011, 00:00

Not After

29/05/2014, 23:59

Subject

CN=Awareness Technologies\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Awareness Technologies\, Inc.,L=Marina del Rey,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7d:a3:fe:a5:2a:fc:2b:26:25:54:b6:8e:f8:bd:b9:80:d0:dd:b8:50
Signer

Actual PE Digest

7d:a3:fe:a5:2a:fc:2b:26:25:54:b6:8e:f8:bd:b9:80:d0:dd:b8:50

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dprx.pdb

Imports

kernel32

CancelIo
WaitForMultipleObjects
CreateEventW
DuplicateHandle
TerminateThread
GetExitCodeThread
Sleep
FindClose
FindNextFileW
CreateFileW
FindFirstFileW
lstrcpyW
GetSystemTimeAsFileTime
GetTempPathW
FileTimeToSystemTime
GetTickCount
SetThreadPriority
GetCurrentThreadId
GetFileAttributesExW
GetFileTime
CompareFileTime
DeleteFileW
GetTempFileNameW
SetLastError
ReadFile
GetFileSize
MoveFileExW
FlushFileBuffers
WriteFile
SetFileAttributesW
LoadLibraryA
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
InterlockedExchange
SetFileTime
ProcessIdToSessionId
GetProcessHeap
HeapFree
HeapAlloc
GetCurrentThread
ReleaseMutex
CreateMutexW
FindResourceExW
LockResource
DisableThreadLibraryCalls
SetEndOfFile
lstrlenA
LoadLibraryW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
GetLastError
GetModuleFileNameW
GetSystemDirectoryW
lstrcmpiW
WaitForSingleObject
lstrcatA
CreateEventA
LocalAlloc
InterlockedDecrement
InterlockedIncrement
GetCurrentProcessId
ResetEvent
Process32FirstW
Process32NextW
CloseHandle
FreeLibrary
GetVersionExW
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
GetCurrentProcess
GetComputerNameW
lstrlenW
LocalFree
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
WideCharToMultiByte
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GlobalSize
CreateMutexA
CreateDirectoryW
GetACP
GetSystemTime
lstrcpynA
OpenFileMappingW
CreateFileMappingW
CreateFileA
lstrcpynW
GetStringTypeW
CreateSemaphoreW
GetStringTypeA
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapCreate
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
VirtualQuery
GetSystemInfo
GetModuleHandleA
VirtualProtect
SetEvent
SetSystemTime
CreateToolhelp32Snapshot
OpenProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
ExitThread
RtlUnwind
GlobalLock
GlobalUnlock
GlobalReAlloc
VirtualAlloc
VirtualFree
ReleaseSemaphore
InterlockedExchangeAdd
UnmapViewOfFile
MapViewOfFile
lstrcatW
SetFilePointer
GlobalAlloc
GlobalFree

user32

CharNextW
KillTimer
SetTimer
GetWindowThreadProcessId
IsWindow
RegisterWindowMessageW
PostMessageW
CharLowerW
GetDesktopWindow
CharLowerBuffW
UnregisterClassA
SendMessageW

advapi32

GetTokenInformation
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
IsValidSid
DuplicateTokenEx
SetTokenInformation
ImpersonateLoggedOnUser
OpenThreadToken
RevertToSelf
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountNameW
ConvertSidToStringSidW
RegOpenKeyExW
RegCloseKey
CryptDestroyKey
GetSidSubAuthority
GetSidSubAuthorityCount
CryptEncrypt
CryptDecrypt
CryptDeriveKey
SetNamedSecurityInfoW
ConvertStringSidToSidW

shell32

SHCreateDirectoryExW
SHGetFolderPathW

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoInitializeEx
CoTaskMemRealloc
StringFromCLSID

oleaut32

VarBstrCmp
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
VarBstrFromI4
SysAllocString
SysAllocStringLen
SysStringLen
VarBstrCat
SysFreeString
SafeArrayRedim
SafeArrayDestroy
SafeArrayPutElement
SafeArrayGetElement
VarI4FromStr
SafeArrayCreate
VarBstrFromR8

proxy

?SynchronizeTime@CProxy@@QAEJPAG@Z
?GeoLocate@CProxy@@QAEJXZ
?Close@CProxy@@QAEXXZ
?SendRemoteHttpRequest@CProxy@@QAEJPAGJPAUtagVARIANT@@1J10@Z
??1CProxy@@QAE@XZ
??0CProxy@@QAE@H@Z
?LoadDll@CProxy@@QAEJPBG@Z
?Open@CProxy@@QAEJHPAX@Z

shlwapi

SHCreateStreamOnFileW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW

rpcrt4

UuidCreate

iphlpapi

NotifyAddrChange

wtsapi32

WTSCloseServer
WTSFreeMemory
WTSQuerySessionInformationW
WTSOpenServerW

netapi32

NetWkstaUserEnum
NetApiBufferFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6ccce536b44f36c14aba372b6b774b4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

26:31:97:50:e8:54:09:f9:45:69:40:14:a4:ed:26:5aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7d:a3:fe:a5:2a:fc:2b:26:25:54:b6:8e:f8:bd:b9:80:d0:dd:b8:50Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

proxy

shlwapi

rpcrt4

iphlpapi

wtsapi32

netapi32

Exports

Exports

Sections

.text Size: 192KB - Virtual size: 188KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 24KB - Virtual size: 20KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

26:31:97:50:e8:54:09:f9:45:69:40:14:a4:ed:26:5a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7d:a3:fe:a5:2a:fc:2b:26:25:54:b6:8e:f8:bd:b9:80:d0:dd:b8:50
Signer

.text
Size: 192KB - Virtual size: 188KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 20KB