275608847fb7202cf48aab8324746bf7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

275608847fb7202cf48aab8324746bf7_JaffaCakes118
Size

119KB
MD5

275608847fb7202cf48aab8324746bf7
SHA1

03f2cd291975bdecb2e1d42ad628e766269e27b3
SHA256

04525c2620b0acf9cd440552d33135a2a0a6f441c33af87b218b890bc509759e
SHA512

560447136764bf1ac2ffa3ca08b07b774f59e4ef0adc8e947d261f15da2a7f0665974122bacb371a9765df0309aae58dcb8298d1cf1009cb389d3a665a34ac4f
SSDEEP

1536:xTLV+K0XfRcC4qOMf+6nTIt10gx1qi4p/Zf7bzHkLL3m72Sj9Ddc4K8IXcnzJ38s:WK0X5jXn3eO3Ho76DdA8IXcejaFp

Score

1^/10

Malware Config

Signatures

Files

275608847fb7202cf48aab8324746bf7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

dc33390e11f40d35aacb3b7595b60d08

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

68:69:75:35:e3:81:fe:1f:91:c1:15:35:28:14:6a:27
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24/11/2006, 00:00

Not After

24/11/2009, 23:59

Subject

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f0:80:be:b3:b8:0a:b8:b7:fa:a0:ce:f8:24:59:ee:89:ff:b0:0e:2a
Signer

Actual PE Digest

f0:80:be:b3:b8:0a:b8:b7:fa:a0:ce:f8:24:59:ee:89:ff:b0:0e:2a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

u:\p4clients\taylor_pubkeys\ThirdPartyCode\DebugNet\Release\BugslayerUtil.pdb

Imports

dbghelp

SymSetOptions
SymGetSymFromAddr
SymGetOptions
SymLoadModule64
SymGetModuleInfo64
SymGetLineFromAddr64
SymGetSymFromAddr64
SymGetModuleBase64
SymLoadModule
SymCleanup
SymInitialize
StackWalk64
UnDecorateSymbolName
SymFunctionTableAccess64

kernel32

GetThreadContext
OutputDebugStringW
WriteFile
IsDebuggerPresent
GetProfileIntW
SearchPathW
LoadLibraryW
GetProcAddress
MultiByteToWideChar
GetModuleFileNameA
CreateFileA
WideCharToMultiByte
GetACP
RaiseException
GetModuleHandleW
SetUnhandledExceptionFilter
IsBadCodePtr
IsBadReadPtr
FormatMessageW
lstrlenA
lstrcpynW
ReadProcessMemory
GlobalAlloc
GetCurrentProcess
GetCurrentThread
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
LocalFree
ExitProcess
OutputDebugStringA
VirtualQueryEx
GetVersionExW
DisableThreadLibraryCalls
VirtualQuery
VirtualProtect
IsBadStringPtrA
IsBadStringPtrW
CreateFileW
CloseHandle
GetCurrentThreadId
OpenProcess
GetThreadPriority
SetThreadPriority
OpenThread
SuspendThread
ResumeThread
FreeLibrary
GlobalLock
GlobalUnlock
GetLocaleInfoW
FindResourceExW
LoadResource
LockResource
GetProcessHeap
HeapFree
lstrlenW
GetLastError
HeapAlloc
GetCurrentProcessId
SetLastError
InterlockedExchange
LocalAlloc
IsBadWritePtr
GlobalFree
HeapReAlloc
TlsSetValue
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleA
TerminateProcess
HeapSize
TlsFree
TlsGetValue
TlsAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemInfo
LCMapStringA
LCMapStringW
InitializeCriticalSection
SetFilePointer
GetOEMCP
GetCPInfo
LoadLibraryA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
RtlUnwind
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
FlushFileBuffers

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyW
RegCloseKey

Exports

Exports

AddClientDV
AddCrashHandlerLimitModule
AddDiagAssertModule
AllocAndFillProcessModuleList
BSUAnsi2Wide
BSUGetModuleBaseNameA
BSUGetModuleBaseNameW
BSUGetModuleFileNameExA
BSUGetModuleFileNameExW
BSUIsInteractiveUser
BSUSetCurrentThreadNameA
BSUSetCurrentThreadNameW
BSUSetThreadNameA
BSUSetThreadNameW
BSUSymInitializeA
BSUSymInitializeW
BSUWide2Ansi
CreateCurrentProcessCrashDumpA
CreateCurrentProcessCrashDumpW
DiagAssertA
DiagAssertW
DiagOutputA
DiagOutputW
GetFaultReason
GetFirstStackTraceString
GetLimitModuleCount
GetLimitModulesArray
GetLoadedModules
GetNextStackTraceString
GetProcessThreadIds
GetRegisterString
GetSuperAssertionCount
HookImportedFunctionsByNameA
HookImportedFunctionsByNameW
HookOrdinalExportA
HookOrdinalExportW
IsMiniDumpFunctionAvailable
IsNT
IsNT4
IsServer2003
IsServer2003orBetter
IsW2K
IsW2KorBetter
IsXP
IsXPorBetter
MemStressInitializeA
MemStressInitializeW
MemStressTerminate
SetCrashHandlerFilter
SetDiagAssertFile
SetDiagAssertOptions
SetDiagOutputFile
SnapCurrentProcessMiniDumpA
SnapCurrentProcessMiniDumpW
SuperAssertionA
SuperAssertionW
ValidateAllBlocks

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc33390e11f40d35aacb3b7595b60d08

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

68:69:75:35:e3:81:fe:1f:91:c1:15:35:28:14:6a:27Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

f0:80:be:b3:b8:0a:b8:b7:fa:a0:ce:f8:24:59:ee:89:ff:b0:0e:2aSigner

Headers

File Characteristics

PDB Paths

Imports

dbghelp

kernel32

advapi32

Exports

Exports

Sections

.text Size: 73KB - Virtual size: 73KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 17KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

68:69:75:35:e3:81:fe:1f:91:c1:15:35:28:14:6a:27
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

f0:80:be:b3:b8:0a:b8:b7:fa:a0:ce:f8:24:59:ee:89:ff:b0:0e:2a
Signer

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 17KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB