28fae644d7054cb5c509724b88ac58af_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

28fae644d7054cb5c509724b88ac58af_JaffaCakes118
Size

1.2MB
MD5

28fae644d7054cb5c509724b88ac58af
SHA1

c5931d9dbd0605c5ca7656ad9a2841e73eb3e21c
SHA256

7747e57ff49ed2a42190d1f5ca4cda3f8b49a129545068530ce4e15a6eae0049
SHA512

1cf8a730ec637c2f9a10811eb9f7f2f27cefb721f107cb0e2add8752dc37c9644f52f9e5eab282d19704d7d9cfcca854c559f78614b2de801cfb6ae84eea0907
SSDEEP

24576:6pgTAkDram3NDbPAZ9r8XSi8I0EOlXKQF9MAyRuC3B77PRP9HBeL1jJCxDZp93V+:IgkYBibFY3x7lFheNA9ZzgGVIC5tKUkn

Score

1^/10

Malware Config

Signatures

Files

28fae644d7054cb5c509724b88ac58af_JaffaCakes118
.dll windows:5 windows x86 arch:x86

41513b9cbd22aaf7b6b715db3038fd7a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:8f:5e:e8:26:3b:66:94:71:9d:84:34:eb:99:86:08
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

31/10/2007, 00:00

Not After

24/11/2010, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4f:a6:ff:3d:e1:32:c3:7d:e4:52:62:aa:d3:a0:36:44:ce:7e:2e:e0
Signer

Actual PE Digest

4f:a6:ff:3d:e1:32:c3:7d:e4:52:62:aa:d3:a0:36:44:ce:7e:2e:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\bld_area\sa_r2.1_NTT\src\BIN\BIN.IRU\Crt_Static\cc_Static\SAUpdt.pdb

Imports

user32

PeekMessageW
KillTimer
RegisterClassExW
PostMessageW
DestroyWindow
SetWindowLongW
CharToOemBuffA
OemToCharBuffA
CreateWindowExW
DispatchMessageW
PostQuitMessage
DefWindowProcW
GetWindowLongW
GetActiveWindow
GetCapture
GetClipboardOwner
GetClipboardViewer
GetFocus
GetOpenClipboardWindow
GetMessagePos
GetCaretPos
GetCursorPos
GetQueueStatus
GetMessageTime
wsprintfA
UnregisterClassW
SetTimer

wininet

DeleteUrlCacheEntryW

urlmon

URLOpenStreamW

kernel32

lstrlenA
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
DeleteFileW
Sleep
GetDiskFreeSpaceExW
SetLastError
ResetEvent
SetEvent
WaitForMultipleObjects
WaitForSingleObject
GetLocalTime
CreateEventW
RaiseException
DisableThreadLibraryCalls
GetTickCount
GetCurrentProcess
WideCharToMultiByte
GetTempPathW
GetModuleFileNameW
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
CreateDirectoryW
GetCurrentThreadId
LocalFree
LocalAlloc
FormatMessageA
MultiByteToWideChar
CreateFileA
FreeLibrary
GetProcAddress
LoadLibraryA
QueryPerformanceCounter
GetProcessTimes
GetThreadTimes
GetCurrentThread
GlobalMemoryStatus
GetProcessWorkingSetSize
GetVersionExA
GetModuleHandleA
GetCurrentProcessId
GetStartupInfoA
DeviceIoControl
ReleaseMutex
CreateMutexA
HeapFree
GetProcessHeap
lstrlenW
CompareStringA
GetDriveTypeA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
SystemTimeToFileTime
LocalFileTimeToFileTime
GetLastError
CloseHandle
ReadFile
WriteFile
SetEnvironmentVariableA
GetFileSize
CreateFileW
TlsFree
GetACP
FreeEnvironmentStringsA
GetOEMCP
IsValidCodePage
ExitProcess
GetStdHandle
GetModuleFileNameA
SetHandleCount
RemoveDirectoryW
TlsSetValue
TlsAlloc
SetFileTime
GetTimeZoneInformation
CompareStringW
WriteConsoleW
GetConsoleOutputCP
TlsGetValue
HeapCreate
GetStringTypeW
LCMapStringW
LCMapStringA
SetStdHandle
GetFileType
SetCurrentDirectoryW
SetEnvironmentVariableW
GetConsoleMode
WriteConsoleA
GetConsoleCP
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetCurrentDirectoryA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameW
GetStringTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetTempFileNameW
GetCurrentDirectoryW
SetFileAttributesW
GetFileAttributesW
GetDriveTypeW
SetVolumeLabelW
MoveFileW
FormatMessageW
QueryPerformanceFrequency
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
FlushFileBuffers
SetEndOfFile
OutputDebugStringW
GetSystemInfo
GetVersionExW
TerminateProcess
GetSystemDirectoryW
GetModuleHandleW
LoadLibraryExW
VirtualFree
VirtualAlloc
SetUnhandledExceptionFilter
RtlUnwind
UnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetCommandLineA
GetCPInfo
FileTimeToSystemTime

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegEnumValueW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage

shell32

SHCreateDirectoryExW

ole32

CoInitializeEx
CoUninitialize
CLSIDFromProgID
CoCreateInstance
OleRun

oleaut32

SysAllocStringByteLen
SysFreeString
SysStringByteLen
SysAllocString
GetErrorInfo
VariantChangeType
VariantClear
VariantInit
SysStringLen

shlwapi

PathAppendW
PathIsUNCServerW
PathRemoveFileSpecW
SHDeleteKeyW

Exports

Exports

GetFactory
GetObjectCount
IsdGetCapability
IsdGetRandomNumber
IsdGetStatistic
IsdTestRandomGenerator

Sections

.text
Size: 1023KB - Virtual size: 1023KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41513b9cbd22aaf7b6b715db3038fd7a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

75:8f:5e:e8:26:3b:66:94:71:9d:84:34:eb:99:86:08Certificate

Extended Key Usages

Key Usages

4f:a6:ff:3d:e1:32:c3:7d:e4:52:62:aa:d3:a0:36:44:ce:7e:2e:e0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

wininet

urlmon

kernel32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 1023KB - Virtual size: 1023KB

.rdata Size: 97KB - Virtual size: 97KB

.data Size: 38KB - Virtual size: 69KB

.data1 Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 41KB - Virtual size: 40KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:8f:5e:e8:26:3b:66:94:71:9d:84:34:eb:99:86:08
Certificate

4f:a6:ff:3d:e1:32:c3:7d:e4:52:62:aa:d3:a0:36:44:ce:7e:2e:e0
Signer

.text
Size: 1023KB - Virtual size: 1023KB

.rdata
Size: 97KB - Virtual size: 97KB

.data
Size: 38KB - Virtual size: 69KB

.data1
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 41KB - Virtual size: 40KB