0a72ceccacb5b4afadcc699944116c0c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0a72ceccacb5b4afadcc699944116c0c_JaffaCakes118
Size

95KB
MD5

0a72ceccacb5b4afadcc699944116c0c
SHA1

03b6be6ab380260673b56f275403f449e9f1d261
SHA256

fe1c3d0d1709128590d6dd88bfe1929b6d2c13fb8a0b21b2fc5aa89811fecdd3
SHA512

2832b0331676115af07d71fda6d8abf92c4d5c5ba1f3807f21c5eb7a9a581f8400d7ad7975a3405cfd51ff40ef01e877781da3b9f85733390e87b230c94eff87
SSDEEP

1536:geLQ39d41JwswTLA4OCiJQeQ8Nsk1U5/JDto0p:geLQ39d4srTc4OjQeQVfp

Score

1^/10

Malware Config

Signatures

Files

0a72ceccacb5b4afadcc699944116c0c_JaffaCakes118
.dll windows:6 windows x86 arch:x86

20f3897b52194f3b71594423ecff8e9e

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:10:55:95:fd:14:5f:c9:f8:e0:59:4c:7f:02:49:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/12/2011, 00:00

Not After

13/12/2012, 23:59

Subject

CN=Bitdefender SRL,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=PD,O=Bitdefender SRL,L=Bucharest,ST=Romania,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:48:8d:90:25:17:32:1f:61:46:ca:50:64:84:64:d8:c5:6a:a1:e1
Signer

Actual PE Digest

3b:48:8d:90:25:17:32:1f:61:46:ca:50:64:84:64:d8:c5:6a:a1:e1

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

\\pdfs01.bd.local\Components\Bitdefender\bdchidori\Internal\Current\bin\Win32\Release\win8ui.pdb

Imports

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

kernel32

HeapSize
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
SetThreadErrorMode
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
InterlockedCompareExchange
SetEvent
InitializeCriticalSection
Sleep
LeaveCriticalSection
GetFileAttributesW
RaiseException
InterlockedExchange
EnterCriticalSection
CreateEventW
DeleteCriticalSection
CloseHandle
CreateThread
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GetSystemInfo
GetConsoleCP
FlushFileBuffers
GetStringTypeW
LCMapStringEx
LoadLibraryW
OutputDebugStringW
GetLastError
EncodePointer
DecodePointer
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcessHeap
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
CreateFileW
HeapReAlloc
GetStdHandle
WriteFile
GetModuleFileNameW
RtlUnwind
SetLastError
GetFileType
InitializeCriticalSectionAndSpinCount
InitOnceExecuteOnce
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetModuleHandleW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo

user32

EnumDisplayMonitors
PostQuitMessage
PeekMessageW
GetMessageW
PostThreadMessageW

shell32

GetCurrentProcessExplicitAppUserModelID

ole32

CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoUninitialize

Exports

Exports

AddMetroCallback
CloseAllToasts
CloseToast
DiscardToast
DisplayToast
IdentifyDLL
Init
IsMetro
MakeToast
RemoveMetroCallback
UnInit

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20f3897b52194f3b71594423ecff8e9e

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

08:10:55:95:fd:14:5f:c9:f8:e0:59:4c:7f:02:49:b0Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

3b:48:8d:90:25:17:32:1f:61:46:ca:50:64:84:64:d8:c5:6a:a1:e1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

kernel32

user32

shell32

ole32

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 12KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

08:10:55:95:fd:14:5f:c9:f8:e0:59:4c:7f:02:49:b0
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

3b:48:8d:90:25:17:32:1f:61:46:ca:50:64:84:64:d8:c5:6a:a1:e1
Signer

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB