06ca1d50b401467ec5bbea73e6b49360_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

06ca1d50b401467ec5bbea73e6b49360_JaffaCakes118
Size

556KB
MD5

06ca1d50b401467ec5bbea73e6b49360
SHA1

29b6e0cecf85fcfb09c38ff2e60e16749b25412e
SHA256

9fd8a73c5ec67b18b56d9ed06dbf865177f04db46652f84f165344f680c06a44
SHA512

8ae3427b5399b8eb618d8fc6e06bf73bb383d79a0b339d1ae7a091ab905b9a930dea90416d85badac2e250adc30df37b341cdb103527390046299742942725d8
SSDEEP

12288:H1uKLPv8XKSShYbpI0D9tsRwcZBU6zgYwt6:H1uKL38aH0I0DbsRTZBUMu6

Score

1^/10

Malware Config

Signatures

Files

06ca1d50b401467ec5bbea73e6b49360_JaffaCakes118
.dll windows:4 windows x86 arch:x86

bcf1663f63b8420c83af68c0642c1b73

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:9f:1e:2f:73:eb:9c:0f:7d:fa:ac:48:16:b2:92:d3
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

21/01/2009, 00:00

Not After

21/01/2010, 23:59

Subject

CN=DoubleD Advertising Limited,O=DoubleD Advertising Limited,POSTALCODE=N/A,STREET=COMMITTEE RD SHATIN NT+STREET=PLAZA 138 SHATIN RURAL+STREET=15/F TOWER 1 GRAND CENTRAL,L=HONG KONG,ST=HONG KONG,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ad:0e:2f:86:f6:46:14:53:c7:91:09:5f:f5:1c:3f:72:cc:64:9b:ac
Signer

Actual PE Digest

ad:0e:2f:86:f6:46:14:53:c7:91:09:5f:f5:1c:3f:72:cc:64:9b:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

x:\projects\productwisetoolbar\sources\vs_projects\smileyhookdll\release\bin\stbapp.pdb

Imports

kernel32

Sleep
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
GetCurrentProcessId
GetModuleFileNameW
lstrcmpiW
GetLastError
GetCurrentThreadId
ReleaseMutex
CloseHandle
CreateMutexW
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
LoadLibraryW
OpenProcess
GetProcAddress
FreeLibrary
OutputDebugStringW
DebugBreak
WideCharToMultiByte
GetTempPathW
GetTempFileNameW
lstrlenA
InterlockedIncrement
InterlockedDecrement
lstrlenW
MultiByteToWideChar
CreatePipe
CreateProcessA
SetHandleInformation
CreateFileMappingA
GetOverlappedResult
GetEnvironmentVariableA
GetSystemTimeAdjustment
GetProcessTimes
GetWindowsDirectoryA
GlobalMemoryStatus
GetThreadTimes
FindFirstFileA
TerminateThread
SetEvent
CreateFileW
CreateThread
CreateEventW
GetModuleHandleA
GetFileAttributesW
GetVersion
FlushInstructionCache
GetCurrentProcess
SetLastError
OutputDebugStringA
LoadLibraryA
FindClose
FindFirstFileW
GlobalFree
GlobalAlloc
GetLocalTime
MoveFileW
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
GetCommandLineA
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
HeapSize
GetOEMCP
IsValidCodePage
HeapDestroy
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetConsoleCP
GetConsoleMode
ReadFile
FlushFileBuffers
SetFilePointer
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
GetTimeZoneInformation
CreateFileA
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetVersionExW
GetSystemTime
MapViewOfFile
UnmapViewOfFile
SetConsoleMode
FindNextFileA
CreateEventA
DeleteFileA

user32

GetDesktopWindow
UnregisterClassA
CopyImage
GetClipboardOwner
GetCursorPos
GetForegroundWindow
GetCapture
FindWindowA
SendMessageA
SetWindowLongW
GetWindowLongW
GetQueueStatus
FindWindowExW
CharLowerW
LoadStringW
SystemParametersInfoW
wvsprintfW
CharNextW
UnhookWinEvent
UnhookWindowsHookEx
IsWindow
CallNextHookEx
GetActiveWindow
DialogBoxParamW
EndDialog
GetWindow
GetWindowRect
GetClientRect
MapWindowPoints
GetDlgItem
KillTimer
SetTimer
SetWindowTextW
PostMessageW
DestroyWindow
GetParent
SetWindowPos
GetWindowThreadProcessId
SetWindowsHookExW
SetWinEventHook
GetClassNameW
GetWindowTextW
GetKeyState
FindWindowW
SendMessageW

gdi32

DeleteDC
CreateDCW
DeleteObject
GetMapMode
GetDIBits
GetObjectW
CreateCompatibleDC
SelectObject
SetMapMode

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetTokenInformation
RegEnumValueW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegCreateKeyW
RegQueryValueExW
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
RegOpenKeyA
CryptGetKeyParam
CryptReleaseContext
CryptDestroyKey
CryptDecrypt
CryptDeriveKey
OpenProcessToken

ole32

CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
OleRun

oleaut32

SysAllocString
GetErrorInfo
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
SysFreeString
VariantClear
VariantInit
VarUI4FromStr
OleLoadPicture

productinfo

?Get_PRODUCT_BAND@CProductInfo@@SA?AVCString@WTL@@XZ
?Get_PRODUCT_NAME@CProductInfo@@SA?AVCString@WTL@@XZ
?Create@CProductInfo@@SA_NHPAH@Z
?Get_COMPANY_NAME@CProductInfo@@SA?AVCString@WTL@@XZ

shlwapi

PathSearchAndQualifyW

urlmon

URLDownloadToCacheFileW

oleacc

WindowFromAccessibleObject
AccessibleObjectFromWindow
AccessibleChildren

psapi

GetModuleFileNameExW
EnumProcesses
EnumProcessModules

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

iphlpapi

GetAdaptersInfo

shell32

SHGetFolderPathW

Exports

Exports

DLLDoAction
DLLHookMsn
DLLInstallHook
DLLSetAdvText
DLLSetTellFdMsg
DLLSetViralMsg
DLLUnHook

Sections

.text
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHAREDHW
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHAREDHO
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bcf1663f63b8420c83af68c0642c1b73

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

51:9f:1e:2f:73:eb:9c:0f:7d:fa:ac:48:16:b2:92:d3Certificate

Extended Key Usages

Key Usages

ad:0e:2f:86:f6:46:14:53:c7:91:09:5f:f5:1c:3f:72:cc:64:9b:acSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

productinfo

shlwapi

urlmon

oleacc

psapi

version

iphlpapi

shell32

Exports

Exports

Sections

.text Size: 364KB - Virtual size: 363KB

.rdata Size: 108KB - Virtual size: 104KB

.data Size: 8KB - Virtual size: 32KB

SHAREDHW Size: 20KB - Virtual size: 18KB

SHAREDHO Size: 4KB - Virtual size: 8B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 40KB - Virtual size: 37KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

51:9f:1e:2f:73:eb:9c:0f:7d:fa:ac:48:16:b2:92:d3
Certificate

ad:0e:2f:86:f6:46:14:53:c7:91:09:5f:f5:1c:3f:72:cc:64:9b:ac
Signer

.text
Size: 364KB - Virtual size: 363KB

.rdata
Size: 108KB - Virtual size: 104KB

.data
Size: 8KB - Virtual size: 32KB

SHAREDHW
Size: 20KB - Virtual size: 18KB

SHAREDHO
Size: 4KB - Virtual size: 8B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 40KB - Virtual size: 37KB