46722e2becff3bd427bbb7ee7852b234_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

46722e2becff3bd427bbb7ee7852b234_JaffaCakes118
Size

793KB
MD5

46722e2becff3bd427bbb7ee7852b234
SHA1

b4f3be0d1ccbbfa7f567f3190d6c0a7aa76c42c6
SHA256

a1cac620b15156f5a0583f4e5ddc6597deed843cb4e4087551d77eb4e4153905
SHA512

03ed574b4ce624eb1718732d83c9f5a13c4493e5d35e409ee294982ddf8077071504a10b68a79341d379d64e1c454b968e5db24354c8baa5f3e52bd1e88876b8
SSDEEP

24576:m36bpC3pNhDy0Vv/w0jB3eyjugi3Vp1pz3w3xWi4Bn:6rRjB3Dj0pHn

Score

1^/10

Malware Config

Signatures

Files

46722e2becff3bd427bbb7ee7852b234_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

83ab175c3cf4965ca8f784da447abf02

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:27:94:66:33:d2:29:f3:ec:cc:f0:56:1c:80:75
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/06/2007, 00:00

Not After

21/06/2010, 23:59

Subject

CN=Alot.com,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Alot.com,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Projects\Alot\build\alot\bin\support\band.pdb

Imports

kernel32

MulDiv
LoadLibraryA
CreateFileMappingW
CopyFileW
DisableThreadLibraryCalls
DeleteFileW
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpW
GetTempFileNameW
UnmapViewOfFile
MapViewOfFile
GetWindowsDirectoryW
GetSystemDirectoryW
GetTempPathW
FindClose
FindFirstFileW
GetFileSize
SetFilePointer
ReadFile
WriteFile
CreateFileW
SetEndOfFile
SetFileAttributesW
GetVersionExA
GetSystemDefaultLangID
ResumeThread
ResetEvent
TerminateThread
SetCurrentDirectoryW
GetSystemTimeAsFileTime
LocalFree
FormatMessageW
GetModuleFileNameA
GetFileAttributesExW
GetLongPathNameW
CreateProcessW
lstrlenA
GetCurrentDirectoryW
FindNextFileW
CreateDirectoryW
TerminateProcess
GetExitCodeProcess
HeapReAlloc
SystemTimeToFileTime
GetSystemTime
TryEnterCriticalSection
GetExitCodeThread
SuspendThread
LockResource
GetTickCount
SignalObjectAndWait
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitThread
CreateThread
RtlUnwind
GetCommandLineA
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
ExitProcess
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
UnhandledExceptionFilter
HeapSize
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetCPInfo
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsBadReadPtr
IsBadCodePtr
QueryPerformanceCounter
SetStdHandle
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
FlushFileBuffers
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
lstrcpynW
LoadLibraryExW
lstrcmpiW
HeapFree
lstrcpyW
CreateMutexW
WaitForMultipleObjects
ReleaseMutex
CreateEventW
LocalAlloc
GetProcessHeap
HeapAlloc
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
SetEvent
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
VirtualFreeEx
CloseHandle
FreeLibrary
GetCurrentThreadId
Sleep
InterlockedIncrement
lstrlenW
InterlockedDecrement
GetCurrentProcessId
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetLastError
LoadLibraryW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WideCharToMultiByte
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
FindResourceExW
GetModuleHandleA

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegNotifyChangeKeyValue

user32

BroadcastSystemMessageW
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
EnumWindows
GetAncestor
EnumChildWindows
MessageBoxW
GetCapture
CharUpperW
CharLowerW
CreateDialogIndirectParamW
DialogBoxIndirectParamW
SendNotifyMessageW
GetMenuItemInfoW
GetSubMenu
GetMenuItemID
GetMenuItemRect
EqualRect
DrawFrameControl
WindowFromPoint
FrameRect
RegisterWindowMessageW
GetWindowTextLengthW
DrawTextExW
GetWindowDC
EndDialog
GetDesktopWindow
OffsetRect
SendDlgItemMessageW
SetFocus
IsDlgButtonChecked
GetDlgItemTextW
CheckRadioButton
CheckDlgButton
SetDlgItemTextW
LoadImageW
IsWindowVisible
DrawTextW
SetMenuItemInfoW
ClientToScreen
CopyRect
RedrawWindow
MoveWindow
InsertMenuW
AppendMenuW
FillRect
CopyImage
GetDC
ReleaseDC
TrackPopupMenu
DestroyMenu
GetMenuState
GetMenuItemCount
DeleteMenu
CreatePopupMenu
GetDlgItem
SendMessageW
PostMessageW
CharNextW
GetWindowPlacement
SetForegroundWindow
CallWindowProcW
DefWindowProcW
CreateWindowExW
SetWindowRgn
TrackMouseEvent
KillTimer
GetSysColor
SetTimer
GetSystemMenu
ModifyMenuW
RegisterClipboardFormatW
SetCursorPos
GetSysColorBrush
IsIconic
GetClassInfoExW
RegisterClassExW
wsprintfW
UnregisterClassW
IsWindow
GetActiveWindow
SetWinEventHook
mouse_event
GetCursorPos
GetCursor
GetFocus
SetWindowTextW
GetWindowTextW
DialogBoxParamW
DestroyCursor
DestroyIcon
SetCursor
PtInRect
UpdateWindow
ScreenToClient
GetSystemMetrics
GetAsyncKeyState
UnhookWinEvent
SendMessageTimeoutW
CreateAcceleratorTableW
DestroyAcceleratorTable
IsChild
BeginPaint
EndPaint
InvalidateRgn
SetCapture
ReleaseCapture
GetClassNameW
GetKeyState
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
GetWindowThreadProcessId
LoadStringW
PostThreadMessageW
DestroyWindow
EnableWindow
SetActiveWindow
LoadCursorW
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
ShowWindow
GetWindowLongW
SetWindowLongW
MsgWaitForMultipleObjects
IsWindowUnicode
GetMessageA
DispatchMessageA
InvalidateRect

gdi32

StretchDIBits
StretchBlt
CreateDIBSection
FrameRgn
SetDIBColorTable
CreateRoundRectRgn
CreatePolygonRgn
CreateRectRgn
CombineRgn
GetStockObject
GetTextMetricsW
GetDeviceCaps
SetBkMode
SetTextColor
GetDIBColorTable
PatBlt
CreateFontIndirectW
CreateSolidBrush
GetPixel
CreateCompatibleDC
SelectObject
GetObjectW
DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
BitBlt
SetBkColor
DeleteObject
DeleteDC
ExtTextOutW
MoveToEx
LineTo
CreatePen
Rectangle
Ellipse
SetDIBitsToDevice
CreateRectRgnIndirect
GetTextExtentPoint32W
CreateFontW
CreatePatternBrush

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
ord92
SHFileOperationA
SHGetDesktopFolder
SHGetSpecialFolderLocation
ord165
SHFileOperationW
SHGetMalloc

oleacc

ObjectFromLresult

psapi

EnumProcessModules
GetModuleBaseNameW
EnumProcesses

ws2_32

WSAGetLastError
inet_ntoa
gethostname
gethostbyname

uxtheme

OpenThemeData
DrawThemeBackground
CloseThemeData

ole32

CreateStreamOnHGlobal
CLSIDFromString
StringFromCLSID
CoCreateInstance
CLSIDFromProgID
CoTaskMemFree
OleInitialize
CoUninitialize
CoInitializeEx
OleDuplicateData
ReleaseStgMedium
RegisterDragDrop
DoDragDrop
OleUninitialize
StringFromGUID2
OleLockRunning
CoTaskMemAlloc
CoGetClassObject
CoInitialize
CoTaskMemRealloc

oleaut32

VariantChangeType
VariantCopyInd
VarUI4FromStr
SysAllocString
SysAllocStringLen
SysStringLen
SysStringByteLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysFreeString
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocStringByteLen
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreateVector
SafeArrayGetVartype
SafeArrayCopy
VarBstrCmp
VariantInit
DispCallFunc
VariantClear
GetErrorInfo
VariantCopy

shlwapi

UrlGetPartW
SHDeleteKeyW
StrCmpIW
UrlIsW
SHDeleteValueW
PathFileExistsW
PathAppendW
SHRegCreateUSKeyW
SHRegWriteUSValueW
SHGetValueW
PathCreateFromUrlW
PathIsRelativeW
PathFindFileNameW
UrlCanonicalizeW
UrlUnescapeW
StrRetToStrW
SHCopyKeyW
PathFindExtensionW
PathIsURLW

msimg32

TransparentBlt
AlphaBlend

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 630KB - Virtual size: 629KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83ab175c3cf4965ca8f784da447abf02

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

10:27:94:66:33:d2:29:f3:ec:cc:f0:56:1c:80:75Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

gdi32

shell32

oleacc

psapi

ws2_32

uxtheme

ole32

oleaut32

shlwapi

msimg32

Exports

Exports

Sections

.text Size: 630KB - Virtual size: 629KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 16KB - Virtual size: 38KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 43KB - Virtual size: 42KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

10:27:94:66:33:d2:29:f3:ec:cc:f0:56:1c:80:75
Certificate

.text
Size: 630KB - Virtual size: 629KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 16KB - Virtual size: 38KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 43KB - Virtual size: 42KB