006c77d25308be2eb435c574b749bb83_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

006c77d25308be2eb435c574b749bb83_JaffaCakes118
Size

1.1MB
MD5

006c77d25308be2eb435c574b749bb83
SHA1

29a113334d5e57cb65f6c0569a1b511353666c37
SHA256

ceaa3e9c04cdecdf86ee5ce890c275e32ce5c37b046b660816ff0be4b26c4911
SHA512

6f88ccf020be780688a2677de32c512ede68c58459016ab0f82cd6b83210ac4e16b8da3f91cc2dee2c6c9c6d078a9b3f7bc1375e1d527a7c67de4f78bb941152
SSDEEP

12288:5EfRrhq8U4KSwrEEdjbXc45wh5LJKGbKyhaVqhib0FM:axTgSwPv30C

Score

1^/10

Malware Config

Signatures

Files

006c77d25308be2eb435c574b749bb83_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

ab3115b3b50b18106a6ddb5b1f79d5c9

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:25:ea:50:a8:57:c3:47:f8:67:93:cf:61:f6:6c:b3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/10/2005, 00:00

Not After

03/10/2006, 23:59

Subject

CN=Seekmo,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Seekmo,O=Seekmo,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5b:d4:df:05:49:58:a4:e7:a7:7f:d4:ca:3a:c4:92:3c:df:70:3c:b1
Signer

Actual PE Digest

5b:d4:df:05:49:58:a4:e7:a7:7f:d4:ca:3a:c4:92:3c:df:70:3c:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\060619_155516_build_cli\Client_Build_Sapporo_8_30_68\source\Bin\Release\ClientAX\ClientAX.pdb

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

rpcrt4

UuidCreate

kernel32

DeleteFileA
SetFileAttributesA
CreateDirectoryA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetSystemDirectoryA
GetWindowsDirectoryA
GetTempPathA
GetProcAddress
LoadLibraryA
GetTickCount
OutputDebugStringA
DosDateTimeToFileTime
GetComputerNameA
GetVolumeInformationA
GetDriveTypeA
SetErrorMode
CopyFileA
GetTempFileNameA
DisableThreadLibraryCalls
lstrcpyA
lstrcatA
LocalFree
FormatMessageA
GetCurrentProcessId
TerminateProcess
OpenProcess
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
ReadProcessMemory
ReadFile
SetFilePointer
GetFileSize
RemoveDirectoryA
GetFileAttributesA
OpenFile
GetShortPathNameA
GetSystemTimeAsFileTime
FileTimeToSystemTime
CreateFileA
GetOEMCP
GetUserDefaultLangID
GetSystemDefaultLangID
MoveFileExA
GetPrivateProfileStringA
CreateEventA
ReleaseMutex
CreateMutexA
MoveFileA
CreateThread
ResumeThread
SetHandleCount
QueryPerformanceCounter
VirtualFree
HeapCreate
RtlUnwind
GetCommandLineA
ExitProcess
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapSize
HeapReAlloc
HeapDestroy
WriteFile
CloseHandle
GlobalLock
GlobalUnlock
MulDiv
GetCurrentThreadId
FreeResource
SetLastError
GlobalAlloc
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
lstrcmpA
GetModuleHandleA
LoadLibraryExA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
GetCPInfo
IsBadCodePtr
LCMapStringA
LCMapStringW
FreeLibrary
GetModuleFileNameA
IsDBCSLeadByte
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
lstrcpynA
GetVersion
lstrcmpiA
lstrlenA
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetStdHandle
GetFileType
GetStartupInfoA

user32

ShowWindow
GetPropA
SetDlgItemTextA
GetWindowRect
ScreenToClient
LoadImageA
DestroyIcon
GetSystemMetrics
EnumChildWindows
FindWindowA
GetWindowThreadProcessId
PostMessageA
EndDialog
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
DrawIcon
IsIconic
SetPropA
MessageBoxA
RegisterClassExA
GetClassInfoExA
LoadCursorA
wsprintfA
CreateWindowExA
DialogBoxParamA
GetParent
GetClassNameA
SetWindowPos
RedrawWindow
GetDlgItem
IsWindow
SendMessageA
DestroyAcceleratorTable
GetFocus
IsChild
SetFocus
BeginPaint
EndPaint
CallWindowProcA
GetDesktopWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
GetClientRect
FillRect
SetWindowTextA
RemovePropA
SetCapture
ReleaseCapture
DestroyWindow
GetSysColor
DefWindowProcA
wvsprintfA
GetWindowLongA
SetWindowLongA
UnregisterClassA
CharLowerA
CharNextA
CreateAcceleratorTableA
GetWindow

gdi32

GetTextExtentPoint32A
CreateSolidBrush
DeleteObject
SelectObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
GetObjectA
GetStockObject

advapi32

IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegGetKeySecurity
RegOpenKeyA
RegSetKeySecurity
CryptHashData
CryptDecrypt
CryptDestroyHash
CryptCreateHash
CryptDestroyKey
CryptDeriveKey
CryptReleaseContext
CryptAcquireContextA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
GetSidSubAuthority

ole32

CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
CoCreateInstance
StringFromGUID2
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
OleInitialize
OleUninitialize
OleLockRunning

oleaut32

VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
SysStringLen
SysAllocStringLen
SysAllocString
SysStringByteLen
OleCreateFontIndirect
VariantClear
VariantInit
UnRegisterTypeLi
RegisterTypeLi
SysAllocStringByteLen
VariantChangeType
GetErrorInfo
SysFreeString

shlwapi

PathFindExtensionA

Exports

Exports

?StubLaunch@@YAHPBD0@Z
ClientDistributorId
ClientExeName
ClientInfo
ClientInstall
ClientIsRunning
ClientIsRunningEx
ClientPartnerId
ClientProductId
ClientUMT
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ExeName
Version

Sections

.text
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 892KB - Virtual size: 888KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab3115b3b50b18106a6ddb5b1f79d5c9

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

33:25:ea:50:a8:57:c3:47:f8:67:93:cf:61:f6:6c:b3Certificate

Extended Key Usages

Key Usages

5b:d4:df:05:49:58:a4:e7:a7:7f:d4:ca:3a:c4:92:3c:df:70:3c:b1Signer

Headers

File Characteristics

PDB Paths

Imports

version

rpcrt4

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 156KB - Virtual size: 152KB

.rdata Size: 48KB - Virtual size: 44KB

.data Size: 20KB - Virtual size: 27KB

.rsrc Size: 892KB - Virtual size: 888KB

.reloc Size: 20KB - Virtual size: 18KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

33:25:ea:50:a8:57:c3:47:f8:67:93:cf:61:f6:6c:b3
Certificate

5b:d4:df:05:49:58:a4:e7:a7:7f:d4:ca:3a:c4:92:3c:df:70:3c:b1
Signer

.text
Size: 156KB - Virtual size: 152KB

.rdata
Size: 48KB - Virtual size: 44KB

.data
Size: 20KB - Virtual size: 27KB

.rsrc
Size: 892KB - Virtual size: 888KB

.reloc
Size: 20KB - Virtual size: 18KB