12f09ef5a8c9271a5b539b78905471d7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

12f09ef5a8c9271a5b539b78905471d7_JaffaCakes118
Size

63KB
MD5

12f09ef5a8c9271a5b539b78905471d7
SHA1

072e902389cd5b87fe348e6b7bb12a677db4b8d3
SHA256

71ad501f3307c7e60faf919fc0e5b4e6e166d35d784468d4b2f549112970ac68
SHA512

b372e15794ba0a92a69d7c9916591478a7d9b78458f3288f589afb6aab2ac1e5fe0e1e6e6ad43f323b759c947a680b0941ce267c9397ff268a87dab5d28007a1
SSDEEP

1536:U43uMSXexHfUa15rwfx2rd5o2OjkGN3i/:U43uJWUa15rOqbZOjkGN

Score

1^/10

Malware Config

Signatures

Files

12f09ef5a8c9271a5b539b78905471d7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

191aa3afb17ef5bee78dd3c77bb057ce

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:2e:9e:25:44:7f:ee:84:82:4f:33:94:6c:09:51:9f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30/04/2009, 00:00

Not After

07/05/2010, 23:59

Subject

CN=Panda Security S.L,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Panda Security S.L,L=Bilbao,ST=Bizkaia,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c3:5f:d7:7b:c5:fb:23:c2:0e:1e:1e:a3:3e:b2:b7:41:a0:84:b6:fc
Signer

Actual PE Digest

c3:5f:d7:7b:c5:fb:23:c2:0e:1e:1e:a3:3e:b2:b7:41:a0:84:b6:fc

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\firmar\pks\pks\platforms\bloquedisk\projectwin\release\pksdisk.pdb

Imports

pskutil

ord90

pskalloc

ord4

pskvfile

ord65
ord70
ord64
ord68
ord66
ord5
ord4
ord74
ord58
ord12
ord9
ord11
ord8
ord6
ord7
ord75
ord16
ord15

pksplg

?getOID@CPluginObject@@QBEHXZ
??1CPlugin@@UAE@XZ
?addPluginObject@CPlugin@@QAEIPAVCPluginObject@@@Z
?addConfigurationItem@CPluginObject@@QAEIH@Z
?addSampleType@CPluginObject@@QAEIW4_TSampleType@@@Z
?setInterfaceType@CPluginObject@@QAEIW4TInterfaceType@@@Z
?setInstanceType@CPluginObject@@QAEIW4TInstanceType@@@Z
??0CPlugin@@QAE@XZ
?Init@CPlugin@@UAEIXZ
?End@CPlugin@@UAEXXZ
?Plug@CPlugin@@UAEXPAVIPluginManager@@@Z
?GetInstance@CPlugin@@UAEPAVINanoInterface@@IAAW4TInstanceType@@@Z
?incReferenceCounter@CPluginObject@@IAEXXZ
??1CPluginObject@@UAE@XZ
?update@CPluginObject@@UAEIIAAVpwstring@@@Z
?endUpdate@CPluginObject@@UAEIIIIII@Z
?beginUpdate@CPluginObject@@UAEIIII@Z
??0CPluginObject@@QAE@H@Z

msvcp80

?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z

msvcr80

_amsg_exit
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
_decode_pointer
_purecall
??3@YAXPAX@Z
__RTDynamicCast
__CxxFrameHandler3
_invalid_parameter_noinfo
??2@YAPAXI@Z
wcschr
wcsrchr
wcsncmp
_CxxThrowException
??_V@YAXPAX@Z
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
__clean_type_info_names_internal

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
VirtualQuery
GetModuleFileNameW
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
GetProcAddress
FreeLibrary
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

191aa3afb17ef5bee78dd3c77bb057ce

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

61:2e:9e:25:44:7f:ee:84:82:4f:33:94:6c:09:51:9fCertificate

Extended Key Usages

Key Usages

c3:5f:d7:7b:c5:fb:23:c2:0e:1e:1e:a3:3e:b2:b7:41:a0:84:b6:fcSigner

Headers

File Characteristics

PDB Paths

Imports

pskutil

pskalloc

pskvfile

pksplg

msvcp80

msvcr80

kernel32

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

61:2e:9e:25:44:7f:ee:84:82:4f:33:94:6c:09:51:9f
Certificate

c3:5f:d7:7b:c5:fb:23:c2:0e:1e:1e:a3:3e:b2:b7:41:a0:84:b6:fc
Signer

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB