fc40952dce023a45f09d1fb82c4dc110_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fc40952dce023a45f09d1fb82c4dc110_JaffaCakes118
Size

501KB
MD5

fc40952dce023a45f09d1fb82c4dc110
SHA1

c064e86e7e8e92f01b1cb45c23f3690fc2ee7d03
SHA256

4e81bb3532d5a7bff20c906be5f75915d8a01608be57fbf03da4654ecad7afd1
SHA512

657f3ebf4bca8042d8ef040a0b20d35f8a4ccb84911d20e17a5701c0693c0a81aeb39e2d0dff3544c46dd4ee4fbb65787c3f990219a3bf6eade034a57f110c2a
SSDEEP

3072:9LyF3LzbMgXE8wFO3ZfZ7nTSuDDls1N2BE26tfrej/7Xs1Z3Re3GLthhZwX04fQ7:0993HJPieBE26tYc1Z7Ifkmqbi46HI

Score

1^/10

Malware Config

Signatures

Files

fc40952dce023a45f09d1fb82c4dc110_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

d65fd0c4a62211f2f243b8ff7f4a6780

Code Sign

03:01
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

16/11/2006, 01:54

Not After

16/11/2026, 01:54

Subject

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:79:d7:71:2d:db:cb
Certificate

Issuer

SERIALNUMBER=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

06/04/2010, 17:30

Not After

06/04/2013, 17:30

Subject

CN=eGrabber Inc.,O=eGrabber Inc.,L=San Jose,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

20:03
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

06/05/2010, 19:34

Not After

06/05/2015, 19:34

Subject

CN=Starfield Services Timestamp Authority,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1a:6f:89:a0:13:3f:0c:ff:8e:2a:c7:2e:01:85:dc:60:65:e9:3d:dc
Signer

Actual PE Digest

1a:6f:89:a0:13:3f:0c:ff:8e:2a:c7:2e:01:85:dc:60:65:e9:3d:dc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WritePrivateProfileStringA
GetCurrentDirectoryA
GetProcessVersion
GetCPInfo
GetOEMCP
GetPrivateProfileStringA
GlobalSize
CopyFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
GlobalFlags
GetPrivateProfileIntA
SetFileAttributesA
MulDiv
RaiseException
ExitProcess
TerminateProcess
CreateThread
ExitThread
SetStdHandle
GetFileType
HeapSize
GetACP
FatalAppExitA
GetEnvironmentVariableA
GetVersionExA
GetTimeZoneInformation
GetCommandLineA
GetLocalTime
IsBadWritePtr
SetHandleCount
GetStdHandle
LocalFileTimeToFileTime
GetSystemTime
SetFileTime
GetEnvironmentStrings
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
IsBadReadPtr
IsBadCodePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
InterlockedIncrement
InitializeCriticalSection
InterlockedDecrement
LocalFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
lstrcatA
GetDriveTypeA
SetCurrentDirectoryA
SystemTimeToFileTime
GetFileAttributesA
GetFileTime
GetFileSize
LocalReAlloc
SetErrorMode
TlsGetValue
TlsFree
TlsSetValue
GlobalReAlloc
GetVersion
GlobalHandle
TlsAlloc
GlobalFindAtomA
GlobalGetAtomNameA
GlobalAddAtomA
SetThreadPriority
CreateEventA
SuspendThread
WaitForSingleObject
ResumeThread
SetEvent
lstrcmpA
GlobalAlloc
GlobalDeleteAtom
GlobalLock
GetCurrentThread
GetCurrentThreadId
LockResource
GlobalUnlock
GlobalFree
GetStringTypeExA
SetLastError
GetThreadLocale
DeleteFileA
GetFullPathNameA
GetVolumeInformationA
UnlockFile
MoveFileA
SetEndOfFile
FlushFileBuffers
LockFile
CloseHandle
ReadFile
SetFilePointer
WriteFile
DuplicateHandle
CreateFileA
GetCurrentProcess
FormatMessageA
FindFirstFileA
FindClose
LoadLibraryA
LocalAlloc
lstrcpyA
lstrcpynA
GetProcAddress
IsDBCSLeadByte
GetLastError
lstrcmpiA
LoadLibraryExA
GetStartupInfoA
SizeofResource
GetTempPathA
FindResourceA
LoadResource
FreeEnvironmentStringsA
FreeLibrary
FreeEnvironmentStringsW
HeapCreate
VirtualFree
VirtualAlloc

user32

IsChild
DrawTextA
GrayStringA
InsertMenuA
DeleteMenu
GetMenuStringA
LoadCursorA
GetSysColorBrush
AppendMenuA
RemoveMenu
wvsprintfA
GetClientRect
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
EndPaint
TabbedTextOutA
GetCapture
WinHelpA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
GetTopWindow
GetDC
GetWindowDC
BeginPaint
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetLastActivePopup
SetCursor
ShowOwnedPopups
PostMessageA
PostQuitMessage
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
ReleaseDC
ClientToScreen
PtInRect
GetClassNameA
CreateDialogIndirectParamA
DestroyWindow
GetParent
GetWindowLongA
GetDlgItem
IsWindowEnabled
SendMessageA
GetSystemMetrics
CharUpperA
OemToCharA
CharToOemA
MessageBoxA
LoadStringA
wsprintfA
CharNextA
EnableWindow
GetDialogBaseUnits
UnregisterClassA
SetWindowPos
RegisterWindowMessageA
BringWindowToTop
GetClassInfoA
RegisterClassA
InvalidateRect
UnpackDDElParam
ReuseDDElParam
SetMenu
LoadMenuA
DestroyMenu
GetDesktopWindow
ReleaseCapture
TranslateAcceleratorA
LoadAcceleratorsA
SetRectEmpty
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
LoadIconA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
OffsetRect
IntersectRect
DefWindowProcA
GetDlgCtrlID
SetScrollPos

gdi32

SetBkColor
GetTextExtentPoint32A
GetTextMetricsA
DeleteObject
GetDeviceCaps
GetStockObject
CreateFontIndirectA
StartDocA
SaveDC
DeleteDC
SelectPalette
SetBkMode
RestoreDC
SetROP2
SetStretchBltMode
SetPolyFillMode
GetClipBox
GetDCOrgEx
SetMapMode
OffsetViewportOrgEx
SetViewportExtEx
SetViewportOrgEx
SetWindowOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
SelectClipRgn
SetWindowExtEx
IntersectClipRect
OffsetClipRgn
ExcludeClipRect
LineTo
SetTextAlign
MoveToEx
SetTextCharacterExtra
SetMapperFlags
SetTextJustification
ArcTo
SetArcDirection
GetCurrentPositionEx
PolylineTo
SetColorAdjustment
PolyDraw
GetClipRgn
CreateRectRgn
PolyBezierTo
ExtSelectClipRgn
PlayMetaFileRecord
SelectClipPath
EnumMetaFile
PlayMetaFile
GetObjectType
GetWindowExtEx
CreatePen
GetViewportExtEx
CreateSolidBrush
CreateHatchBrush
ExtCreatePen
CreateDIBPatternBrushPt
PtVisible
CreatePatternBrush
TextOutA
ExtTextOutA
RectVisible
CopyMetaFileA
CreateDCA
Escape
SelectObject
CreateBitmap
SetTextColor
GetObjectA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegCreateKeyA
RegOpenKeyA
RegSetValueA

shell32

DragQueryFileA
DragAcceptFiles
SHGetFileInfoA
DragFinish

comctl32

ord17

ole32

WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CreateBindCtx
OleDuplicateData
OleRegGetUserType
CLSIDFromString
ReadFmtUserTypeStg
CLSIDFromProgID
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
ReadClassStg
StringFromCLSID
CoTreatAsClass
ReleaseStgMedium
CoDisconnectObject
OleRun

oleaut32

SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringByteLen
SysReAllocStringLen
SysAllocStringLen
VariantCopy
VariantClear
VariantChangeType
LoadRegTypeLi
SysStringLen
RegisterTypeLi
LoadTypeLi
SysAllocString
VarUI4FromStr
SysFreeString
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
SysStringByteLen
VarCyFromStr
VarBstrFromCy
VarDateFromStr
VarBstrFromDate
SafeArrayCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayGetElement
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
GetErrorInfo
SetErrorInfo
CreateErrorInfo
VariantInit

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 372KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d65fd0c4a62211f2f243b8ff7f4a6780

Code Sign

03:01Certificate

Key Usages

04:79:d7:71:2d:db:cbCertificate

Extended Key Usages

Key Usages

20:03Certificate

Extended Key Usages

Key Usages

1a:6f:89:a0:13:3f:0c:ff:8e:2a:c7:2e:01:85:dc:60:65:e9:3d:dcSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 372KB - Virtual size: 368KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 32KB - Virtual size: 44KB

.idata Size: 16KB - Virtual size: 13KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 24KB - Virtual size: 21KB

03:01
Certificate

04:79:d7:71:2d:db:cb
Certificate

20:03
Certificate

1a:6f:89:a0:13:3f:0c:ff:8e:2a:c7:2e:01:85:dc:60:65:e9:3d:dc
Signer

.text
Size: 372KB - Virtual size: 368KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 32KB - Virtual size: 44KB

.idata
Size: 16KB - Virtual size: 13KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 24KB - Virtual size: 21KB