fdcda338b28817afae8ce866bc608bb1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fdcda338b28817afae8ce866bc608bb1_JaffaCakes118
Size

1.2MB
MD5

fdcda338b28817afae8ce866bc608bb1
SHA1

e02935d637ac5d125903a09996911f40524aafaa
SHA256

aec0b92b3a80d1db7dae228704fcbc1c9ac4f5c644292049e9b706a89c6a6225
SHA512

64ab0fe461d72af87ba11976a18dcd1b6daafb6ea879f92c43aa758513630eedddd147db86336695226f0bbd9d13bfecce6e407828b7d33b703ced92b44aa290
SSDEEP

24576:FJoI/+ZSq8olVDZdteGRuizBHmI/TyYCOK3RUCrY76W8rhs:mZH8olfeGRHrJCOKDY76W8rhs

Score

1^/10

Malware Config

Signatures

Files

fdcda338b28817afae8ce866bc608bb1_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

1445fc2cac9426df8da3b550b7e409fd

Code Sign

33:00:00:b6:5a:6f:11:72:f8:4a:8a:ef:71:00:02:00:00:b6:5a
Certificate

Issuer

CN=Intel External Basic Issuing CA 3B,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Not Before

13/04/2015, 16:21

Not After

12/04/2016, 16:21

Subject

CN=Intel(R) Software Development Products,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:2c:ff:88:00:01:00:00:00:10
Certificate

Issuer

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Not Before

08/02/2013, 22:21

Not After

08/02/2018, 22:31

Subject

CN=Intel External Basic Issuing CA 3B,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:17:4a:a9:14:17:36:fe:15:a7:ca:9f:2c:ff:45:88
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

01/02/2013, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:b2:d1:cc:f0:2e:20:dc:c9:5c:62:89:4f:7f:9e:5f:5f:c0:57:bf
Certificate

Issuer

CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM

Not Before

30/05/2014, 16:35

Not After

17/03/2021, 18:33

Subject

CN=QuoVadis Issuing CA G4,O=QuoVadis Limited,C=BM

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:5d:cc:ec:5f:e1:4d:39:74:c9:59:1a:3a:b1:c2:ca:ad:18:8c:2d
Certificate

Issuer

CN=QuoVadis Issuing CA G4,O=QuoVadis Limited,C=BM

Not Before

09/12/2014, 21:30

Not After

09/12/2017, 21:30

Subject

CN=Timestamp.intel.com,OU=Authenticode+OU=Thales TSS ESN:A6A7-71B2-73F1,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ae:fd:79:b6:10:a9:12:a7:68:de:03:1d:2e:02:1e:25:17:bd:1f:38
Signer

Actual PE Digest

ae:fd:79:b6:10:a9:12:a7:68:de:03:1d:2e:02:1e:25:17:bd:1f:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\TCAgent\work\ad767f172b3724d7\mdp_msdk-mfts\samples\_build\Win32\Release\mfx_mft_mjpgvd_32.pdb

Imports

kernel32

WaitForSingleObject
SetEvent
InitializeCriticalSection
GetProcessTimes
FormatMessageW
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
ResetEvent
CreateEventW
GetSystemInfo
DeleteCriticalSection
ReleaseMutex
CloseHandle
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
CreateSemaphoreExW
GetStringTypeW
EncodePointer
DecodePointer
InterlockedExchange
GetCurrentDirectoryW
SetCurrentDirectoryW
TryEnterCriticalSection
CreateMutexW
GetLastError
VerifyVersionInfoW
VerSetConditionMask
Sleep
GetCurrentThreadId
GetCurrentProcess
K32GetProcessMemoryInfo
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameW
GetCommandLineW
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToSystemTime
GetDriveTypeW
FindFirstFileExW
FileTimeToLocalFileTime
SetFilePointer
SystemTimeToFileTime
SetFileTime
LocalFileTimeToFileTime
MultiByteToWideChar
InitializeCriticalSectionEx
HeapDestroy
CreateToolhelp32Snapshot
Module32First
Module32Next
VirtualQuery
VirtualFree
VirtualAlloc
CreateSemaphoreA
DeviceIoControl
CreateFileA
FormatMessageA
LoadLibraryA
GetModuleHandleA
GetSystemDirectoryA
VirtualUnlock
SetThreadErrorMode
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
SwitchToThread
SetEnvironmentVariableA
ReadConsoleW
RaiseException
RtlUnwind
GetCommandLineA
HeapFree
GetSystemTimeAsFileTime
HeapReAlloc
HeapAlloc
CreateThread
ExitThread
GetProcAddress
LoadLibraryExW
GetCPInfo
InitializeCriticalSectionAndSpinCount
FatalAppExitA
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
CreateSemaphoreW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapSize
IsDebuggerPresent
GetCurrentThread
GetProcessHeap
GetFileType
GetModuleFileNameA
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetConsoleCtrlHandler
OutputDebugStringW
LoadLibraryW
FreeLibrary
SetFilePointerEx
SetStdHandle
WriteConsoleW
CreateFileW
SetEndOfFile
ReadFile
GetFullPathNameA

user32

GetWindowRect

advapi32

RegEnumValueW
RegEnumKeyExW
RegDeleteTreeW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
EventRegister
EventUnregister
EventWrite
RegQueryInfoKeyW

ole32

CoSetProxyBlanket
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoTaskMemFree
PropVariantClear
StringFromCLSID
CoInitializeEx
CoInitializeSecurity

oleaut32

SysAllocString
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysFreeString

dxgi

CreateDXGIFactory

mfplat

MFCreateMediaType
MFCreateDXGISurfaceBuffer
MFCreateEventQueue
MFCreateMediaEvent
MFTUnregister
MFTRegister
MFCreateDXGIDeviceManager
MFCreateDXSurfaceBuffer
MFCreateTrackedSample
MFCreateAttributes

propsys

PropVariantCompareEx
PSCreateMemoryPropertyStore

d3d11

D3D11CreateDevice

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 892KB - Virtual size: 892KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1445fc2cac9426df8da3b550b7e409fd

Code Sign

33:00:00:b6:5a:6f:11:72:f8:4a:8a:ef:71:00:02:00:00:b6:5aCertificate

Extended Key Usages

Key Usages

61:2c:ff:88:00:01:00:00:00:10Certificate

Key Usages

79:17:4a:a9:14:17:36:fe:15:a7:ca:9f:2c:ff:45:88Certificate

Extended Key Usages

Key Usages

69:b2:d1:cc:f0:2e:20:dc:c9:5c:62:89:4f:7f:9e:5f:5f:c0:57:bfCertificate

Key Usages

38:5d:cc:ec:5f:e1:4d:39:74:c9:59:1a:3a:b1:c2:ca:ad:18:8c:2dCertificate

Extended Key Usages

Key Usages

ae:fd:79:b6:10:a9:12:a7:68:de:03:1d:2e:02:1e:25:17:bd:1f:38Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

dxgi

mfplat

propsys

d3d11

api-ms-win-core-path-l1-1-0

Exports

Exports

Sections

.text Size: 892KB - Virtual size: 892KB

.rdata Size: 250KB - Virtual size: 250KB

.data Size: 26KB - Virtual size: 46KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 70KB - Virtual size: 70KB

33:00:00:b6:5a:6f:11:72:f8:4a:8a:ef:71:00:02:00:00:b6:5a
Certificate

61:2c:ff:88:00:01:00:00:00:10
Certificate

79:17:4a:a9:14:17:36:fe:15:a7:ca:9f:2c:ff:45:88
Certificate

69:b2:d1:cc:f0:2e:20:dc:c9:5c:62:89:4f:7f:9e:5f:5f:c0:57:bf
Certificate

38:5d:cc:ec:5f:e1:4d:39:74:c9:59:1a:3a:b1:c2:ca:ad:18:8c:2d
Certificate

ae:fd:79:b6:10:a9:12:a7:68:de:03:1d:2e:02:1e:25:17:bd:1f:38
Signer

.text
Size: 892KB - Virtual size: 892KB

.rdata
Size: 250KB - Virtual size: 250KB

.data
Size: 26KB - Virtual size: 46KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 70KB - Virtual size: 70KB