3be54cf9b7e4516cb7a4dda8f21c042a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3be54cf9b7e4516cb7a4dda8f21c042a_JaffaCakes118
Size

65KB
MD5

3be54cf9b7e4516cb7a4dda8f21c042a
SHA1

1b0053226f57202c310c5b9c773d378bcdd4fdff
SHA256

e2dd56a7c3f9604277f614bafcda14f6b72329e1a87d17620a3bd725eee7253e
SHA512

4522760258db78da87036dc7a44ba77fa98b9d6cdcdb46f5aa5b536699b5e39daae1bc1b3e449980dcdd0e7a7b8ae259c0f5167798a19428da37211f0b9d60ff
SSDEEP

1536:73AgC3nMt2VB0Iyymbejz8FaOSyDthEJrSE0NFWfaLw:7wb3kmqIqbV9SyDnEJ0NMfaLw

Score

1^/10

Malware Config

Signatures

Files

3be54cf9b7e4516cb7a4dda8f21c042a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

a6977a9c6530bcf5d9d981711e6b1e7a

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

12/05/1997, 00:00

Not After

07/01/2004, 23:59

Subject

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

4a:29:3e:9d:1d:8c:40:7f:17:49:ff:7d:61:5f:8e:75
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

12/12/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2001-4 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

Issuer

OU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network

Not Before

28/02/2001, 00:00

Not After

06/01/2004, 23:59

Subject

CN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5d:d9:37:37:ff:1a:88:d3:75:a0:4e:f8:9b:3b:33:e8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2001-4 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.

Not Before

22/07/2002, 00:00

Not After

22/07/2003, 23:59

Subject

CN=DialXS,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=DialXS,O=DialXS,L=Oss,ST=NB,C=NL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

ShellExecuteA

oleaut32

SysAllocStringLen
OleCreatePropertyFrame
VariantClear
LoadRegTypeLi
LoadTypeLi
SetErrorInfo
RegisterTypeLi
LHashValOfNameSys
VariantCopy
SysFreeString
SysAllocString
OleTranslateColor
VariantInit
VariantChangeType

kernel32

GlobalAlloc
MultiByteToWideChar
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
GetLocaleInfoA
HeapReAlloc
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
DeleteCriticalSection
GetProcessHeap
InitializeCriticalSection
GetVersion
GlobalLock
GetTempPathA
CreateFileA
GlobalUnlock
CloseHandle
lstrcatA
lstrcmpA
WriteFile
lstrlenA
SetFilePointer
lstrcpyA
GlobalFree
HeapFree
HeapAlloc
WideCharToMultiByte
lstrlenW
MulDiv

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegCloseKey

user32

UnregisterClassA
GetKeyState
PtInRect
SendMessageA
SetFocus
DefWindowProcA
BeginPaint
GetClientRect
EndPaint
SetParent
IsWindowVisible
CreateWindowExA
GetWindowLongA
ShowWindow
EqualRect
OffsetRect
GetSysColor
RegisterClassA
LoadCursorA
IntersectRect
UpdateWindow
InvalidateRect
SetWindowRgn
SetWindowLongA
DestroyWindow
GetWindowRect
MapWindowPoints
SetWindowPos
GetSystemMetrics
GetActiveWindow
CharNextA
MessageBoxA
GetParent
LoadStringA
GetDC
ReleaseDC
wsprintfA

gdi32

CreateRectRgnIndirect
DeleteDC
SetMapMode
LPtoDP
SetWindowOrgEx
GetDeviceCaps
CreateDCA
CreatePen
CreateSolidBrush
SelectObject
Rectangle
DeleteObject
TextOutA
SetViewportOrgEx

ole32

CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CreateBindCtx
CreateOleAdviseHolder

msvcrt

_stricmp
_adjust_fdiv
malloc
_initterm
free
wcslen
wcsncpy

urlmon

RegisterBindStatusCallback
CreateURLMoniker

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6977a9c6530bcf5d9d981711e6b1e7a

Code Sign

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate

4a:29:3e:9d:1d:8c:40:7f:17:49:ff:7d:61:5f:8e:75Certificate

Extended Key Usages

Key Usages

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate

Extended Key Usages

Key Usages

5d:d9:37:37:ff:1a:88:d3:75:a0:4e:f8:9b:3b:33:e8Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

shell32

oleaut32

kernel32

advapi32

user32

gdi32

ole32

msvcrt

urlmon

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3
Certificate

4a:29:3e:9d:1d:8c:40:7f:17:49:ff:7d:61:5f:8e:75
Certificate

08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9d
Certificate

5d:d9:37:37:ff:1a:88:d3:75:a0:4e:f8:9b:3b:33:e8
Certificate

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB