436fdd1ba0ba89d767dfbea71fba7950_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

436fdd1ba0ba89d767dfbea71fba7950_JaffaCakes118
Size

236KB
MD5

436fdd1ba0ba89d767dfbea71fba7950
SHA1

8ba5eab89fcc144bb12cc9a478961ff7a47f753f
SHA256

19c91d1af68e58ec018876b08b2bbbdcdc5bdc75a417b73a6e52654bfc75ddf8
SHA512

dc5b4edd83fdcaa731fc17a79fe92063f62705b86d456979f17ef63f4c85bfc9ade3211cb2eb7df52887562b3088d0d1f232a6dfc1bfc59301e79d1e69a63414
SSDEEP

3072:PWS/jl98HAUqFJmlA4GcuLQ6LmdsZaltQ9kh51ikcfOgeXyOsQp1Chxw/rXxGW/p:PWS/TRPIYgh51iLeLk41GW/Ia

Score

1^/10

Malware Config

Signatures

Files

436fdd1ba0ba89d767dfbea71fba7950_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

8d1971725de79b76e812c321dff2b898

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:31:97:50:e8:54:09:f9:45:69:40:14:a4:ed:26:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10-05-2011 00:00

Not After

29-05-2014 23:59

Subject

CN=Awareness Technologies\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Awareness Technologies\, Inc.,L=Marina del Rey,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:15:73:f9:2f:27:6a:32:5b:8c:84:f7:58:ed:6f:83:16:ab:bc:73
Signer

Actual PE Digest

7e:15:73:f9:2f:27:6a:32:5b:8c:84:f7:58:ed:6f:83:16:ab:bc:73

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mcmsg.pdb

Imports

kernel32

GetThreadPriority
GetCurrentThread
TerminateThread
DuplicateHandle
IsBadReadPtr
VirtualProtect
VirtualAlloc
IsBadCodePtr
VirtualFree
Thread32Next
Thread32First
CreateToolhelp32Snapshot
HeapFree
HeapAlloc
GetProcessHeap
SetLastError
OpenThread
CreateThread
ResetEvent
CreateEventW
SetEvent
SetThreadPriority
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
FreeLibraryAndExitThread
LoadLibraryW
GetProcAddress
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
ProcessIdToSessionId
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
GetModuleHandleW
LoadLibraryExW
FreeLibrary
lstrcmpiW
GetLastError
DisableThreadLibraryCalls
UnmapViewOfFile
InterlockedExchangeAdd
GetComputerNameW
LocalFree
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetModuleFileNameW
InterlockedExchange
DeleteCriticalSection
LocalFileTimeToFileTime
FileTimeToSystemTime
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
ReleaseMutex
WaitForSingleObject
IsValidCodePage
GetOEMCP
HeapCreate
ExitProcess
GetModuleHandleA
GetCPInfo
QueryPerformanceCounter
LCMapStringW
LCMapStringA
GetCommandLineA
RtlUnwind
CloseHandle
CreateMutexW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrlenW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
GetStringTypeW
GetStringTypeA
IsDebuggerPresent
FlushFileBuffers
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
GetConsoleMode
GetConsoleCP
lstrcpynW
WriteFile
CreateFileW
DeleteFileW
ReadFile
GetFileSize
GetTempFileNameW
CreateMutexA
lstrcpynA
lstrlenA
GetTickCount
WideCharToMultiByte
GetSystemTime
GlobalUnlock
GlobalLock
GlobalSize
GetTempPathW
CreateSemaphoreW
CreateDirectoryW
lstrcatW
lstrcpyW
GetSystemTimeAsFileTime
ReleaseSemaphore
Sleep
GetTimeZoneInformation
SetFilePointer
GlobalAlloc
GlobalFree
GlobalReAlloc
CreateFileA
GetSystemDefaultLangID
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA

user32

CharLowerBuffW
UnregisterClassA
GetDesktopWindow
CharLowerW
SetTimer
KillTimer
PostThreadMessageW
PeekMessageW
MsgWaitForMultipleObjects
FindWindowExW
GetParent
GetClassNameW
IsWindow
CharNextW
DispatchMessageW

advapi32

AdjustTokenPrivileges
OpenProcessToken
RevertToSelf
OpenThreadToken
ImpersonateLoggedOnUser
SetNamedSecurityInfoW
ConvertStringSidToSidW
CryptDestroyKey
CryptEncrypt
CryptDecrypt
CryptDeriveKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
RegQueryValueExW
LookupAccountNameW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExW
RegCreateKeyW
RegSetValueExW
RegCloseKey
LookupPrivilegeValueW

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoUnmarshalInterface
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromCLSID
CoMarshalInterThreadInterfaceInStream

oleaut32

VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
SystemTimeToVariantTime
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
VarBstrCat
SysFreeString
SysStringLen
SafeArrayUnaccessData
SafeArrayAccessData
VarBstrCmp
SafeArrayDestroy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayCreate
SysAllocString

shlwapi

PathStripPathW
SHCreateStreamOnFileW
PathFileExistsW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wtsapi32

WTSCloseServer
WTSQuerySessionInformationW
WTSOpenServerW
WTSFreeMemory

netapi32

NetWkstaUserEnum
NetApiBufferFree

oleacc

AccessibleChildren
AccessibleObjectFromWindow

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d1971725de79b76e812c321dff2b898

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

26:31:97:50:e8:54:09:f9:45:69:40:14:a4:ed:26:5aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7e:15:73:f9:2f:27:6a:32:5b:8c:84:f7:58:ed:6f:83:16:ab:bc:73Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

version

wtsapi32

netapi32

oleacc

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 128KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 20KB - Virtual size: 18KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

26:31:97:50:e8:54:09:f9:45:69:40:14:a4:ed:26:5a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7e:15:73:f9:2f:27:6a:32:5b:8c:84:f7:58:ed:6f:83:16:ab:bc:73
Signer

.text
Size: 132KB - Virtual size: 128KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 20KB - Virtual size: 18KB