2949d7d5b2a8debb3ae7a1fa9885d6e6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2949d7d5b2a8debb3ae7a1fa9885d6e6_JaffaCakes118
Size

1.1MB
MD5

2949d7d5b2a8debb3ae7a1fa9885d6e6
SHA1

9029922468f1e08199d02fabd974f771cb6a31cb
SHA256

a342ed0fdc042f6726d458fd12eb41265e9901daf9fa781a9d200975c5b313e6
SHA512

181cc1dcf45fb7bd9adc14998496f98db229defedf1d8dd9006dc8916449180a8a61ce7f948089db7c8b32e679038a4bb039213efa978e9ac75fd7b65b3e0d8b
SSDEEP

12288:wfco1f0ejixYt9fpMOOcxIiF9soePN1agaPTKueJYf+eRE7wO/U4:2c8f0e2W9fp/ONinso4zbaPZoYmIE79

Score

1^/10

Malware Config

Signatures

Files

2949d7d5b2a8debb3ae7a1fa9885d6e6_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

37aeb879ddf6c3057dbab4b8c5cf875a

Code Sign

01
Certificate

Issuer

CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c177365727665722d6365727473407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c177365727665722d6365727473407468617774652e636f6d

1e:f4:2d
Certificate

Issuer

CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c177365727665722d6365727473407468617774652e636f6d

Not Before

29/08/2003, 16:19

Not After

28/08/2004, 16:19

Subject

CN=Aurigma Inc.,OU=Secure Application Development,O=Aurigma Inc.,L=Tomsk,ST=Tomsk,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

cf:ac:6c:68:50:ce:61:49:7f:f8:a1:61:e9:b2:1b:26:a4:be:9f:fe
Signer

Actual PE Digest

cf:ac:6c:68:50:ce:61:49:7f:f8:a1:61:e9:b2:1b:26:a4:be:9f:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetStdHandle
GetStartupInfoA
GetStdHandle
SetHandleCount
TerminateProcess
LCMapStringA
GetSystemInfo
VirtualProtect
IsBadWritePtr
VirtualAlloc
VirtualFree
GetStringTypeA
FreeEnvironmentStringsA
GetEnvironmentStrings
IsBadReadPtr
IsBadCodePtr
GetOEMCP
SetLastError
GetVersion
VirtualQuery
LoadLibraryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
CompareStringA
UnlockFile
LockFile
CancelIo
FlushFileBuffers
SetFilePointer
GetFileSize
ReadFile
Sleep
WriteFile
LocalFree
HeapCreate
HeapDestroy
FindClose
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
GetProcessHeap
lstrlenA
FreeLibrary
GetUserDefaultLCID
HeapAlloc
CloseHandle
HeapFree
WaitForSingleObject
SetEvent
ResetEvent
InterlockedDecrement
InterlockedIncrement
GetLastError
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
GetThreadLocale
GetLocaleInfoA
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsFree
GetCurrentProcessId
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCommandLineA
TlsSetValue
GetFileType
RaiseException
RtlUnwind
ExitProcess
HeapSize
HeapReAlloc
GetVersionExA
GetTickCount
GetACP
LocalAlloc

advapi32

RegCloseKey
GetFileSecurityW
SetFileSecurityW

user32

UnregisterClassA
ReleaseDC
GetDC
GetSysColor
DrawIcon
DestroyWindow
PtInRect
UnionRect
SetWindowPos
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
GetKeyState
IsWindow
InvalidateRect
EndPaint
GetClientRect
BeginPaint
GetParent
SetFocus
ShowWindow
GetFocus
IsChild

gdi32

SetStretchBltMode
StretchBlt
CreateDIBitmap
CreateCompatibleBitmap
GetDIBits
BitBlt
CreateDIBSection
GdiFlush
SelectPalette
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
LPtoDP
SetWindowOrgEx
SetViewportOrgEx
GetDeviceCaps
SaveDC
FillPath
RestoreDC
StrokePath
BeginPath
EndPath
AbortPath
GetFontLanguageInfo
GetTextAlign
TextOutA
PolyBezier
Polygon
Polyline
Ellipse
GetGraphicsMode
Rectangle
MoveToEx
LineTo
CreatePen
GetStockObject
CreateHatchBrush
CreateSolidBrush
SetTextAlign
SetTextColor
SetPolyFillMode
GetPath
SetBkMode
SetBkColor
DeleteObject
ModifyWorldTransform
GetPixel
SetPixel
CreatePalette
CreateCompatibleDC
SelectObject
DeleteDC
SetMapMode
SetGraphicsMode

rpcrt4

CStdStubBuffer_Invoke
RpcStringFreeW
UuidToStringW
UuidCreate
NdrStubCall2
NdrStubForwardingFunction
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
NdrCStdStubBuffer2_Release
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrDllGetClassObject

ddraw

DirectDrawCreate

ole32

OleSaveToStream
WriteClassStm
OleLoadFromStream
CreateOleAdviseHolder
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
StringFromGUID2
StringFromCLSID
CLSIDFromString
CreateStreamOnHGlobal
ProgIDFromCLSID
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler

oleaut32

GetErrorInfo
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
VARIANT_UserSize
VARIANT_UserMarshal
VARIANT_UserUnmarshal
VARIANT_UserFree
OleCreatePropertyFrame
RegisterTypeLi
UnRegisterTypeLi
VariantCopy
LHashValOfNameSys
LoadTypeLi
LoadRegTypeLi
SafeArrayGetElemsize
VariantChangeType
SafeArrayUnlock
SafeArrayGetElement
SafeArrayDestroyData
SafeArrayCopy
SafeArrayCreateVector
VarUI4FromStr
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VarBstrCat
VariantInit
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
OleCreatePictureIndirect
SafeArrayDestroy
SetErrorInfo
CreateErrorInfo
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayGetVartype

shlwapi

PathFindExtensionW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 761KB - Virtual size: 761KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37aeb879ddf6c3057dbab4b8c5cf875a

Code Sign

01Certificate

1e:f4:2dCertificate

Extended Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

cf:ac:6c:68:50:ce:61:49:7f:f8:a1:61:e9:b2:1b:26:a4:be:9f:feSigner

Headers

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

rpcrt4

ddraw

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 761KB - Virtual size: 761KB

.orpc Size: 512B - Virtual size: 288B

.rdata Size: 170KB - Virtual size: 169KB

.data Size: 15KB - Virtual size: 23KB

.rsrc Size: 145KB - Virtual size: 145KB

.reloc Size: 70KB - Virtual size: 69KB

01
Certificate

1e:f4:2d
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

cf:ac:6c:68:50:ce:61:49:7f:f8:a1:61:e9:b2:1b:26:a4:be:9f:fe
Signer

.text
Size: 761KB - Virtual size: 761KB

.orpc
Size: 512B - Virtual size: 288B

.rdata
Size: 170KB - Virtual size: 169KB

.data
Size: 15KB - Virtual size: 23KB

.rsrc
Size: 145KB - Virtual size: 145KB

.reloc
Size: 70KB - Virtual size: 69KB