2b99a84d56af76e894eeb0a46e91cb18_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b99a84d56af76e894eeb0a46e91cb18_JaffaCakes118
Size

309KB
MD5

2b99a84d56af76e894eeb0a46e91cb18
SHA1

5fa0ab41328e61b2c268aed6cdeac6a5f01519f6
SHA256

ee528b4fd972c50d1332aa58b80057f05cfe0a1451f97a095a28c43631b95995
SHA512

45e1881d7235937d9355ab65b5ef8b45bdfc6db8b4a00c271d0d9f6936e8d8527017536485b33caeb0357321e365546fddb48086c883dd7d1c3a5564a0d80d27
SSDEEP

6144:cBoYpzk72NLpc8oVJJTDPiVP5+CLI+KQwoIXpSs:cB8Wdc88bDPiD+miFok

Score

1^/10

Malware Config

Signatures

Files

2b99a84d56af76e894eeb0a46e91cb18_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

6dd1429694b2b2965eeb7c2f2e1601a1

Code Sign

3d:52:6a
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

10/10/2003, 21:41

Not After

09/10/2004, 21:41

Subject

CN=NicTech Networks Inc.,OU=Secure Application Development,O=NicTech Networks Inc.,L=Minneapolis,ST=Minnesota,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f2:63:ea:be:61:8f:6c:0c:33:73:09:8b:6e:68:4f:7f:d0:bc:cd:42
Signer

Actual PE Digest

f2:63:ea:be:61:8f:6c:0c:33:73:09:8b:6e:68:4f:7f:d0:bc:cd:42

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

userenv

LoadUserProfileA
UnloadUserProfile

kernel32

GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GlobalFlags
GetCPInfo
GetOEMCP
WritePrivateProfileStringA
GetTickCount
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineA
ExitProcess
CreateThread
HeapReAlloc
HeapSize
HeapDestroy
LocalAlloc
VirtualFree
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
GetFileTime
GetFileAttributesA
SetFileAttributesA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetShortPathNameA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
SuspendThread
ResumeThread
SetThreadPriority
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
InterlockedDecrement
SetLastError
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
InterlockedIncrement
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
GetModuleHandleA
lstrcpynA
ExitThread
FindFirstFileA
FindNextFileA
CopyFileA
FindFirstChangeNotificationA
TerminateProcess
lstrcpyA
DeleteFileA
MoveFileExA
CreateEventA
ResetEvent
WaitForSingleObject
OpenEventA
SetEvent
LoadLibraryA
GetProcAddress
GetProcessHeap
HeapFree
HeapAlloc
OpenProcess
CloseHandle
FreeLibrary
GetTempPathA
Sleep
CreateProcessA
FindResourceA
LoadResource
LockResource
SizeofResource
CompareStringW
CompareStringA
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
lstrlenA
lstrlenW
lstrcmpiA
GetVersion
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapCreate

user32

CharNextA
IsRectEmpty
SetRect
CopyAcceleratorTableA
InvalidateRect
InvalidateRgn
SetCapture
ReleaseCapture
GetNextDlgGroupItem
GetNextDlgTabItem
MessageBeep
EndDialog
CreateDialogIndirectParamA
RegisterClipboardFormatA
PostThreadMessageA
TabbedTextOutA
DestroyMenu
ClientToScreen
GetDesktopWindow
SetWindowContextHelpId
MapDialogRect
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMessageA
TranslateMessage
GetActiveWindow
GetCursorPos
ValidateRect
IsWindowEnabled
PostQuitMessage
GetMenuState
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
IsWindow
SetFocus
IsChild
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
LoadIconA
PeekMessageA
MapWindowPoints
MessageBoxA
GetKeyState
SetForegroundWindow
IsWindowVisible
UpdateWindow
GetMenu
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
GetParent
EqualRect
GetClassInfoA
RegisterClassA
GetDlgCtrlID
CallWindowProcA
GetWindowLongA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
CopyRect
PtInRect
DestroyIcon
GetSysColorBrush
EndPaint
BeginPaint
GetWindow
KillTimer
GetWindowDC
ReleaseDC
GetDC
GrayStringA
DrawTextExA
GetPropA
DrawTextA
SetTimer
DdeConnectList
DdeQueryNextServer
DdeDisconnectList
DdeAccessData
DdeUnaccessData
DdeFreeDataHandle
DdeNameService
DdeQueryStringA
DdeInitializeA
DdeDisconnect
DdeUninitialize
DdeClientTransaction
DdeCreateStringHandleA
DdeConnect
DdeGetLastError
DdeFreeStringHandle
DefWindowProcA
LoadCursorA
UnregisterClassA
wsprintfA
EnableWindow
GetClientRect
SendMessageA
CharUpperA
GetDlgItem
SetCursor

gdi32

GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetStockObject
GetMapMode
GetWindowExtEx
GetViewportExtEx
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
SetTextColor
GetClipBox
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
DeleteObject
CreateBitmap
GetDeviceCaps
GetObjectA
SetBkColor

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

LsaAddAccountRights
RegDeleteValueA
RegQueryValueA
RegOpenKeyA
RegSetValueA
LsaOpenPolicy
LsaEnumerateAccountsWithUserRight
RegNotifyChangeKeyValue
RegEnumKeyA
RegDeleteKeyA
RegCloseKey
LsaRemoveAccountRights
RevertToSelf
ImpersonateLoggedOnUser
CreateProcessAsUserA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegFlushKey

shell32

DoEnvironmentSubstA
ExtractIconA

comctl32

ord17

shlwapi

SHDeleteKeyA
PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

ole32

CLSIDFromProgID
CoRegisterClassObject
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateGuid
StringFromGUID2
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CLSIDFromString
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
OleIsCurrentClipboard
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard

oleaut32

SysAllocStringLen
OleCreateFontIndirect
VariantInit
SysAllocString
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
SysAllocStringByteLen
SysStringLen
SysStringByteLen
VariantChangeType
VariantClear
SysFreeString

oledlg

ord8

urlmon

URLDownloadToFileA

wininet

InternetGetConnectedState

ws2_32

WSAStartup
connect
htons
socket
gethostbyname
send
recv
WSACleanup
closesocket

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
DllVersion
UMonitor
WinLogoff
WinLogon

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6dd1429694b2b2965eeb7c2f2e1601a1

Code Sign

3d:52:6aCertificate

Extended Key Usages

01Certificate

0aCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

f2:63:ea:be:61:8f:6c:0c:33:73:09:8b:6e:68:4f:7f:d0:bc:cd:42Signer

Headers

File Characteristics

Imports

userenv

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

urlmon

wininet

ws2_32

Exports

Exports

Sections

.text Size: 208KB - Virtual size: 207KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 12KB - Virtual size: 31KB

.reloc Size: 28KB - Virtual size: 24KB

3d:52:6a
Certificate

01
Certificate

0a
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

f2:63:ea:be:61:8f:6c:0c:33:73:09:8b:6e:68:4f:7f:d0:bc:cd:42
Signer

.text
Size: 208KB - Virtual size: 207KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 12KB - Virtual size: 31KB

.reloc
Size: 28KB - Virtual size: 24KB