0a2b901555dc3feee4d750b39a806798_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0a2b901555dc3feee4d750b39a806798_JaffaCakes118
Size

7.7MB
MD5

0a2b901555dc3feee4d750b39a806798
SHA1

7eec543b7c26cf6d35315fba09a8da29ae739a62
SHA256

a539d42c8143fb0ab3f38d353a3b9bc76f8e854073ad590878f2b591ffa08d2f
SHA512

6341950b558d3e6d9ce9cb03de20a6212e80297f93bdfd01dc3c79dfc7acd88b059973ead1dc980a663ca70629c26c8013ee3fe9c35afed99c4e2c89a0f1acac
SSDEEP

12288:z02srrt38TrTHXxjeBXlf98kr6Hr0uv6PGWGHPXGurQ+Xzf4Js1DZa:w2srr5cT3p2Fekr6L99fv/rTBDZa

Score

1^/10

Malware Config

Signatures

Files

0a2b901555dc3feee4d750b39a806798_JaffaCakes118
.dll windows:6 windows x64 arch:x64

67b55cd890aad0544778cff6811cf0dc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

21/04/2016, 10:04

Not After

22/04/2017, 10:04

Subject

CN=WinZip Computing LLC,OU=IT Infrastructure,O=WinZip Computing LLC,L=Mansfield,ST=CT,C=US,1.2.840.113549.1.9.1=#0c0f68656c704077696e7a69702e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

21/04/2016, 10:04

Not After

22/04/2017, 10:04

Subject

CN=WinZip Computing LLC,OU=IT Infrastructure,O=WinZip Computing LLC,L=Mansfield,ST=CT,C=US,1.2.840.113549.1.9.1=#0c0f68656c704077696e7a69702e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:c7:52:f9:35:26:af:c8:08:b8:d9:33:d5:72:83:f3:27:df:00:47:7f:15:50:9e:62:6c:67:eb:9a:08:35:fb
Signer

Actual PE Digest

79:c7:52:f9:35:26:af:c8:08:b8:d9:33:d5:72:83:f3:27:df:00:47:7f:15:50:9e:62:6c:67:eb:9a:08:35:fb

Digest Algorithm

sha256

PE Digest Matches

true

d2:f0:85:78:d8:d9:a9:0b:41:6f:34:1a:37:1b:04:4c:4e:dd:5c:ce
Signer

Actual PE Digest

d2:f0:85:78:d8:d9:a9:0b:41:6f:34:1a:37:1b:04:4c:4e:dd:5c:ce

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WzWXFwmrk64.pdb

Imports

comdlg32

ChooseFontW

comctl32

ImageList_GetIcon
ImageList_Destroy
ImageList_Create
_TrackMouseEvent
ord412
ord413
ord410

kernel32

QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
CreateFileW
FlushFileBuffers
GetFileType
ReadFile
SetFilePointerEx
WriteFile
OutputDebugStringW
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
SetLastError
GetLocaleInfoW
IsBadReadPtr
IsBadWritePtr
FreeResource
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalSize
ActivateActCtx
GlobalUnlock
TerminateProcess
FindResourceW
lstrcmpiW
GetACP
ReleaseActCtx
SetStdHandle
ReadConsoleW
GetConsoleMode
GetConsoleCP
HeapSize
HeapReAlloc
GetCommandLineW
GetCommandLineA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
GetStringTypeW
WriteConsoleW
GetStdHandle
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
RtlUnwindEx
EncodePointer
RtlPcToFileHeader
FormatMessageA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RaiseException
HeapFree
HeapAlloc
GetProcessHeap
OpenEventA
SearchPathW
MapViewOfFile
UnmapViewOfFile
GetSystemDefaultUILanguage
FindResourceExW
GetVersionExW
CreateFileMappingW
GetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW
CreateEventW
ResetEvent
LeaveCriticalSection
EnterCriticalSection
SetThreadUILanguage
GetUserDefaultUILanguage
VerifyVersionInfoW
LoadLibraryExW
FreeLibrary
VerSetConditionMask
lstrcpyW
MulDiv
WaitForSingleObjectEx
GlobalFree
DeactivateActCtx
DeleteCriticalSection
CreateEventA
CloseHandle
SetEvent
OpenEventW
GetModuleFileNameW
CreateActCtxW
GlobalLock

user32

SetClassLongPtrW
GetComboBoxInfo
DrawTextExW
DestroyIcon
TranslateMessage
DispatchMessageW
PeekMessageW
SendMessageW
PostMessageW
WaitMessage
DestroyWindow
GetClassLongPtrW
GetScrollInfo
SetScrollInfo
LoadCursorW
SetParent
SetWindowLongW
GetWindowLongW
TrackPopupMenu
DrawIconEx
DestroyMenu
CreatePopupMenu
AnimateWindow
GetClassInfoExW
RegisterClassExW
DefWindowProcW
DrawFocusRect
SetPropW
GetWindowDC
UpdateWindow
KillTimer
SetTimer
GetKeyState
GetFocus
GetMonitorInfoW
MonitorFromRect
MonitorFromPoint
SystemParametersInfoW
GetDesktopWindow
PtInRect
IsRectEmpty
SetRectEmpty
IsIconic
CharNextW
AppendMenuW
GetPropW
MapDialogRect
InflateRect
FrameRect
FillRect
GetClientRect
EndPaint
BeginPaint
IsWindowEnabled
SetCapture
IsDlgButtonChecked
TrackMouseEvent
DialogBoxIndirectParamW
DialogBoxParamW
CreateDialogIndirectParamW
GetWindow
GetClassNameW
SetWindowLongPtrW
GetWindowLongPtrW
GetSysColor
InvalidateRect
DrawTextW
EndDialog
CreateDialogParamW
SetWindowPos
IsWindow
CreateWindowExW
LoadStringW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
IsDialogMessageW
LoadImageW
EnumChildWindows
ScreenToClient
GetCursorPos
MessageBoxW
GetWindowRect
ReleaseDC
GetDC
GetSystemMetrics
EnableWindow
ReleaseCapture
SetFocus
GetDlgCtrlID
SendDlgItemMessageW
CheckRadioButton
CheckDlgButton
GetDlgItem
IsWindowVisible
MoveWindow
ShowWindow
GetParent

advapi32

RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegCloseKey
RegOpenKeyW
RegCreateKeyExW
RegOpenKeyExW
RegEnumValueW
RegSetValueExW
RegQueryValueExW
SystemFunction036

ole32

OleRun
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoInitialize

oleaut32

SysAllocStringByteLen
VarUI4FromStr
SysStringByteLen
SysFreeString
GetErrorInfo
SysAllocString

gdi32

GetDeviceCaps
DeleteObject
GetStockObject
SetBkMode
SetTextColor
GetObjectW
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreatePen
DeleteDC
Ellipse
GetBkColor
LineTo
SelectObject
SetBkColor
MoveToEx
TextOutW
CreateFontIndirectW
GetDIBits
SetDIBits
GetTextExtentPoint32W
SetDCBrushColor
CreateSolidBrush

msimg32

AlphaBlend

Exports

Exports

CreateWzWXFProvider
DllMain
GetInterfaceVersion

Sections

.text
Size: 391KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67b55cd890aad0544778cff6811cf0dc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:37:e8Certificate

Extended Key Usages

Key Usages

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:37:e8Certificate

Extended Key Usages

Key Usages

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41Certificate

Extended Key Usages

Key Usages

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80Certificate

Extended Key Usages

Key Usages

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9eCertificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

79:c7:52:f9:35:26:af:c8:08:b8:d9:33:d5:72:83:f3:27:df:00:47:7f:15:50:9e:62:6c:67:eb:9a:08:35:fbSigner

d2:f0:85:78:d8:d9:a9:0b:41:6f:34:1a:37:1b:04:4c:4e:dd:5c:ceSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comdlg32

comctl32

kernel32

user32

advapi32

ole32

oleaut32

gdi32

msimg32

Exports

Exports

Sections

.text Size: 391KB - Virtual size: 391KB

.rdata Size: 204KB - Virtual size: 204KB

.data Size: 13KB - Virtual size: 80KB

.pdata Size: 32KB - Virtual size: 31KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 236B

.rsrc Size: 7.1MB - Virtual size: 7.1MB

.reloc Size: 7KB - Virtual size: 7KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

79:c7:52:f9:35:26:af:c8:08:b8:d9:33:d5:72:83:f3:27:df:00:47:7f:15:50:9e:62:6c:67:eb:9a:08:35:fb
Signer

d2:f0:85:78:d8:d9:a9:0b:41:6f:34:1a:37:1b:04:4c:4e:dd:5c:ce
Signer

.text
Size: 391KB - Virtual size: 391KB

.rdata
Size: 204KB - Virtual size: 204KB

.data
Size: 13KB - Virtual size: 80KB

.pdata
Size: 32KB - Virtual size: 31KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 236B

.rsrc
Size: 7.1MB - Virtual size: 7.1MB

.reloc
Size: 7KB - Virtual size: 7KB