38d2d04c967931b0806806d662f9bf2d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

38d2d04c967931b0806806d662f9bf2d_JaffaCakes118
Size

299KB
MD5

38d2d04c967931b0806806d662f9bf2d
SHA1

8b2ee3fbd5f211f92a12a0b3ae1df99d2e34b411
SHA256

f7eeaf8010ac1e040bcc30b991b8e62bcb18030bee474f00672bc86e97eaf71f
SHA512

c5e8f9c80fb2741ebcd1c61b7d3665dd127b97cc24d5b2bc545d52efb1f43b8494b4964f171cb02ad83cc1a2d0937c620d7d9ac59a882e5409be958b73a9832e
SSDEEP

3072:v18KVnqhg3Nq8ucV9N6TTroI8MWjmf3hrOlP2mS7OKFX:n6nEoW6fhrOlPWX

Score

1^/10

Malware Config

Signatures

Files

38d2d04c967931b0806806d662f9bf2d_JaffaCakes118
.dll windows:5 windows x64 arch:x64

117d53c54d2cf1db46366c7e1a0627f9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

21/04/2016, 10:04

Not After

22/04/2017, 10:04

Subject

CN=WinZip Computing LLC,OU=IT Infrastructure,O=WinZip Computing LLC,L=Mansfield,ST=CT,C=US,1.2.840.113549.1.9.1=#0c0f68656c704077696e7a69702e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

21/04/2016, 10:04

Not After

22/04/2017, 10:04

Subject

CN=WinZip Computing LLC,OU=IT Infrastructure,O=WinZip Computing LLC,L=Mansfield,ST=CT,C=US,1.2.840.113549.1.9.1=#0c0f68656c704077696e7a69702e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:34:6a:64:65:7e:b2:f7:b4:f1:2a:eb:0f:ec:f9:0a:0c:d2:ec:f1:b2:96:15:2e:da:b8:44:73:58:d4:77:be
Signer

Actual PE Digest

47:34:6a:64:65:7e:b2:f7:b4:f1:2a:eb:0f:ec:f9:0a:0c:d2:ec:f1:b2:96:15:2e:da:b8:44:73:58:d4:77:be

Digest Algorithm

sha256

PE Digest Matches

true

6d:77:7a:ac:ed:a3:cc:b6:c9:cb:ee:86:52:a2:73:9f:87:b0:a6:e7
Signer

Actual PE Digest

6d:77:7a:ac:ed:a3:cc:b6:c9:cb:ee:86:52:a2:73:9f:87:b0:a6:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\NMC\CURRENT205\Libraries\WzWXF\Providers\WzWXFCloud\w64prod\WzWXFssync64.pdb

Imports

msvcr90

_wcsicmp
wcsrchr
_wcsdup
_cexit
__FrameUnwindFilter
__CxxQueryExceptionSize
__CxxDetectRethrow
wcscpy_s
__CxxUnregisterExceptionObject
__CxxExceptionFilter
__CxxRegisterExceptionObject
__RTDynamicCast
wcsncpy_s
__CxxFrameHandler3
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_wtoi
_wsplitpath_s
_wcslwr_s
_wmakepath_s
wcsstr
wcscat_s
_wcsnicmp
wcsncmp
_vsnwprintf
memcpy
memset
bsearch
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
__CppXcptFilter
__C_specific_handler
_amsg_exit
_decode_pointer
_encoded_null
free
_initterm_e
_initterm
_malloc_crt
_encode_pointer
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_purecall

kernel32

SetLastError
GetVersionExW
MultiByteToWideChar
GetUserDefaultUILanguage
VerifyVersionInfoW
SetThreadUILanguage
VerSetConditionMask
LoadLibraryExW
FreeLibrary
LoadResource
GetProcAddress
DeactivateActCtx
ActivateActCtx
FindResourceExW
ReleaseActCtx
Sleep
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetSystemDefaultUILanguage
SearchPathW
FindResourceW
GetModuleFileNameW
CloseHandle
MapViewOfFile
GetModuleHandleW
GetCurrentProcess
GetLocaleInfoW
UnmapViewOfFile
CreateActCtxW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
CreateFileW
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateFileMappingW

user32

LoadBitmapW
IsWindow

ole32

StringFromGUID2

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegEnumValueW

shlwapi

PathFindFileNameW

msvcm90

?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXPE$AAVString@System@@PE$AAVException@3@@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXPE$AAVString@System@@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXPE$AAVException@System@@0@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6AJPEAX@Z0@Z
?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXPE$AAVEventHandler@System@@@Z

mscoree

_CorDllMain

Exports

Exports

CreateWzWXFProvider
GetInterfaceVersion

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

117d53c54d2cf1db46366c7e1a0627f9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:37:e8Certificate

Extended Key Usages

Key Usages

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:37:e8Certificate

Extended Key Usages

Key Usages

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41Certificate

Extended Key Usages

Key Usages

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80Certificate

Extended Key Usages

Key Usages

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9eCertificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

47:34:6a:64:65:7e:b2:f7:b4:f1:2a:eb:0f:ec:f9:0a:0c:d2:ec:f1:b2:96:15:2e:da:b8:44:73:58:d4:77:beSigner

6d:77:7a:ac:ed:a3:cc:b6:c9:cb:ee:86:52:a2:73:9f:87:b0:a6:e7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr90

kernel32

user32

ole32

advapi32

shlwapi

msvcm90

mscoree

Exports

Exports

Sections

.text Size: 55KB - Virtual size: 55KB

.nep Size: 4KB - Virtual size: 4KB

.rdata Size: 157KB - Virtual size: 157KB

.data Size: 13KB - Virtual size: 27KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 47KB - Virtual size: 46KB

.reloc Size: 4KB - Virtual size: 4KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

47:2c:cb:a9:49:bb:94:24:e9:8f:41:6f:ad:41
Certificate

11:21:ad:ec:c1:3b:23:21:78:af:9e:c4:d6:31:5a:dd:de:80
Certificate

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

47:34:6a:64:65:7e:b2:f7:b4:f1:2a:eb:0f:ec:f9:0a:0c:d2:ec:f1:b2:96:15:2e:da:b8:44:73:58:d4:77:be
Signer

6d:77:7a:ac:ed:a3:cc:b6:c9:cb:ee:86:52:a2:73:9f:87:b0:a6:e7
Signer

.text
Size: 55KB - Virtual size: 55KB

.nep
Size: 4KB - Virtual size: 4KB

.rdata
Size: 157KB - Virtual size: 157KB

.data
Size: 13KB - Virtual size: 27KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 47KB - Virtual size: 46KB

.reloc
Size: 4KB - Virtual size: 4KB