0c256fe3871e2a2236c6ea204b87dee7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0c256fe3871e2a2236c6ea204b87dee7_JaffaCakes118
Size

283KB
MD5

0c256fe3871e2a2236c6ea204b87dee7
SHA1

f67a88121865154bbb298802230d1a46767afaf0
SHA256

a6d4f5c60429a0afcffb8bc512c948a20be354704382ca78f3beeb1e58b4e711
SHA512

a8e08489d980d79b7b56dba71985817062990eb3c8357bd53db760a92e9c4af8c153be4bfbdbe6f14af6451ca3ed1b7b4168e23c44e72d3d06e6c910f0c52b95
SSDEEP

6144:5Hjt83Qhwq//GXfjv98K0YeS3H0KVIMBPoYExhYKgY:jiQ2DemP7Y

Score

1^/10

Malware Config

Signatures

Files

0c256fe3871e2a2236c6ea204b87dee7_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

c34ca06d841742f1b10de78469d5d704

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:29:23:61:30:8d:9a:b6:26:35:b4:dc:de:2a:7a:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

13/12/2007, 00:00

Not After

12/12/2008, 23:59

Subject

CN=INTER CHINA NETWORK SOFTWARE (BEIJING) CO.\, LTD,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Security,O=INTER CHINA NETWORK SOFTWARE (BEIJING) CO.\, LTD,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imagehlp

ImageDirectoryEntryToData

kernel32

IsBadCodePtr
TerminateThread
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
IsBadReadPtr
VirtualProtect
SetLastError
FindClose
FindNextFileA
FindFirstFileA
OpenProcess
GlobalFree
GlobalAlloc
WriteFile
GetFileSize
Process32Next
Process32First
CreateToolhelp32Snapshot
GetVolumeInformationA
MoveFileExA
SetFileAttributesA
LocalFree
LocalAlloc
GetCurrentThread
Module32Next
GetLocalTime
SetErrorMode
VirtualFreeEx
GetExitCodeThread
WinExec
GetCommandLineA
CreateDirectoryA
GetFileAttributesA
RemoveDirectoryA
TerminateProcess
IsBadWritePtr
GetShortPathNameA
RaiseException
CloseHandle
GetLastError
CreateMutexA
WaitForSingleObject
GetPrivateProfileStringA
CopyFileA
GetPrivateProfileSectionA
GetTickCount
ReleaseMutex
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
ReadFile
CreateFileA
lstrcatA
lstrcpyA
SizeofResource
LoadResource
FindResourceA
Sleep
InterlockedDecrement
lstrlenA
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
FreeLibrary
LoadLibraryA
InterlockedExchange
WritePrivateProfileStringA
GetVersionExA
DeviceIoControl
SetFilePointer
GetTempPathA
DeleteFileA
GetCurrentProcessId
GetACP
GetTempFileNameA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
HeapDestroy
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
GetEnvironmentVariableA
GetWindowsDirectoryA
GetSystemDirectoryA
VirtualQuery
GetSystemDefaultLangID

user32

UpdateWindow
SetCursor
SetCapture
ReleaseCapture
IsWindowVisible
SystemParametersInfoA
GetSysColor
DrawEdge
InflateRect
CopyRect
DrawTextA
SetRect
FillRect
PeekMessageA
SetWindowLongW
DefWindowProcW
CallWindowProcW
GetAncestor
GetKeyState
SetPropA
ReplyMessage
InSendMessage
GetMessageA
TranslateMessage
DispatchMessageA
KillTimer
PtInRect
SetTimer
GetPropA
RemovePropA
GetWindowThreadProcessId
IsWindowUnicode
CharUpperA
GetWindowTextW
SetWindowTextA
GetWindowTextLengthA
GetWindowTextA
IsWindowEnabled
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
UnregisterClassA
CharUpperBuffA
GetDesktopWindow
GetClassNameA
GetMenu
GetClientRect
GetDC
ReleaseDC
InvalidateRect
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
IsWindow
GetParent
SetFocus
GetFocus
IsChild
DestroyWindow
GetClassInfoExA
LoadCursorA
wsprintfA
RegisterClassExA
CreateWindowExA
CallWindowProcA
GetWindowLongA
SetWindowLongA
DefWindowProcA
CharNextA
GetForegroundWindow
DialogBoxParamA
MessageBoxA
IsDlgButtonChecked
EndDialog
BeginPaint
EndPaint
LoadIconA
DrawIcon
GetSystemMetrics
SetForegroundWindow
ShowWindow
CharLowerA
PostMessageA
GetClassNameW
GetWindowTextLengthW
LoadStringA
SendMessageA

gdi32

CreateRectRgnIndirect
RestoreDC
DeleteDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
GetDeviceCaps
CreateDCA
DeleteObject
SelectObject
SetTextColor
SetBkMode
Rectangle
CreateSolidBrush
LineTo
MoveToEx
CreatePen
GetStockObject
GetTextMetricsA

advapi32

RegDeleteValueA
CloseServiceHandle
OpenSCManagerA
RegSetValueA
RegQueryValueA
RegCreateKeyA
OpenThreadToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegFlushKey
ControlService
StartServiceA
OpenServiceA
DeleteService
CreateServiceA
RegOpenKeyA
RegEnumKeyA
RegQueryValueExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA

shlwapi

UrlGetPartA
SHEnumValueA
StrStrA
SHEnumKeyExA
PathFindFileNameA
StrStrIA
SHDeleteEmptyKeyA
SHDeleteKeyA
SHSetValueA
SHGetValueA
SHDeleteValueA
StrCatBuffA

msvcrt

memset
_snprintf
strncpy
strrchr
strcpy
strlen
strcat
__CxxFrameHandler
fopen
_vsnprintf
fprintf
fclose
malloc
_beginthreadex
free
strcmp
sscanf
_except_handler3
sprintf
time
strstr
isalnum
??3@YAXPAX@Z
memcpy
fwrite
_mbsstr
wcscpy
atoi
_mbspbrk
strchr
_strnicmp
memmove
memcmp
strncmp
realloc
??2@YAPAXI@Z
_purecall
atol
localtime
strncat
fgets
fseek
_mbsnbcpy
strtok
abs
_ftol
_strlwr
_mbsrchr
rewind
_tempnam
_onexit
?terminate@@YAXXZ
_initterm
_adjust_fdiv
_stricmp
_CxxThrowException
__dllonexit
??1type_info@@UAE@XZ

netapi32

Netbios

Exports

Exports

ControlPanel
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Rundll32

Sections

.text
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cnsdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c34ca06d841742f1b10de78469d5d704

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

2a:29:23:61:30:8d:9a:b6:26:35:b4:dc:de:2a:7a:3eCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

imagehlp

kernel32

user32

gdi32

advapi32

shlwapi

msvcrt

netapi32

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 129KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 64KB - Virtual size: 340KB

.cnsdata Size: 4KB - Virtual size: 1KB

.rsrc Size: 28KB - Virtual size: 25KB

.reloc Size: 20KB - Virtual size: 18KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

2a:29:23:61:30:8d:9a:b6:26:35:b4:dc:de:2a:7a:3e
Certificate

.text
Size: 132KB - Virtual size: 129KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 64KB - Virtual size: 340KB

.cnsdata
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 28KB - Virtual size: 25KB

.reloc
Size: 20KB - Virtual size: 18KB