JaffaCakes118_4925287f17af3365afdff81f4c4293ed

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_4925287f17af3365afdff81f4c4293ed
Size

334KB
MD5

4925287f17af3365afdff81f4c4293ed
SHA1

2bd237e2ad01d9592ef0186d635b0ba075a36089
SHA256

22c434e5629f0efd1dc735d0ffa672254413d06e30425a8684582faa773d03c6
SHA512

6dbc95bd5ce454670f96ffe6e8abdac496eef250d72d1230c79aba3c8796246e2f734f3c38e0da6b54ad5dcedb714fae56a139ff7d7feadb0b6c0b65dbfa808e
SSDEEP

6144:SDeto6DuwGaWlT25Zatw6eMUkJ3DopwfwTLGiyKy8TmqnTgJXZr0pnyEqma5a:0XllT2IfJ3DaDnGiyKjTmKvpimaY

Score

1^/10

Malware Config

Signatures

Files

JaffaCakes118_4925287f17af3365afdff81f4c4293ed
.dll windows:4 windows x86 arch:x86

2ca925da25999bfb16e561289ce4a585

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8c:35:94:3b:f1:59:c7:dc:5d:3a:3d:2c:b5:14:86:3a:db:24:ed:e3
Signer

Actual PE Digest

8c:35:94:3b:f1:59:c7:dc:5d:3a:3d:2c:b5:14:86:3a:db:24:ed:e3

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
OutputDebugStringW
GetTickCount
GetCurrentThreadId
QueryPerformanceCounter
GetPrivateProfileIntA
GetPrivateProfileStringA
GetModuleFileNameA
QueryPerformanceFrequency
TerminateProcess
Sleep
CloseHandle
TerminateThread
WaitForSingleObject
ResumeThread
CreateProcessA
OpenMutexA
CreateMutexA
ReleaseMutex
GetModuleHandleA
CreateNamedPipeA
GetOverlappedResult
WaitForMultipleObjectsEx
CreateEventA
WaitNamedPipeA
CreateFileA
SetNamedPipeHandleState
WriteFile
ReadFile
DisconnectNamedPipe
SetEvent
ConnectNamedPipe
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryW
GetWindowsDirectoryW
GetSystemDirectoryW
GetModuleFileNameW
VirtualQuery
MultiByteToWideChar
SetFileAttributesW
GetFileAttributesW
CreateFileW
CreateDirectoryW
GetCurrentProcessId
FindClose
MoveFileW
DeleteFileW
FindFirstFileW
GetSystemTimeAsFileTime
GetProcessTimes
GetCurrentProcess
WaitForMultipleObjects
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
lstrlenA
FlushInstructionCache
SetLastError
Process32Next
SetEndOfFile
SleepEx
CreateToolhelp32Snapshot
GetSystemInfo
OpenProcess
GetVersionExA
GetLocalTime
Module32First
LockFile
LockFileEx
UnlockFile
UnlockFileEx
DeleteFileA
FlushFileBuffers
GetFileSize
GetFileAttributesA
CreateDirectoryA
CopyFileA
GenerateConsoleCtrlEvent
ExitProcess
LocalFree
lstrlenW
WideCharToMultiByte
InterlockedExchange
SetFilePointer
InitializeCriticalSection
Process32First

user32

FindWindowA
CreateWindowExW
RegisterClassExW
SendMessageA
UnregisterClassA
DispatchMessageA
TranslateMessage
FindWindowExA
DestroyWindow
CreateWindowExA
GetClientRect
ShowWindow
SetWindowLongA
DefWindowProcA
PostMessageA
IsWindow
GetClassInfoExW
PeekMessageA
RegisterClassExA
KillTimer
RegisterClassA
SetTimer
GetWindowLongA

msvcrt

_snwprintf
??3@YAXPAX@Z
_vsnprintf
_snprintf
_splitpath
strncpy
wcsncpy
wcslen
strncat
wcsncat
strchr
wcschr
_vsnwprintf
memmove
clock
_mbsrchr
_mbschr
_beginthreadex
_except_handler3
strrchr
isspace
iswspace
wcsrchr
malloc
free
swprintf
_wsplitpath
wcscpy
_ftol
_endthreadex
_strdup
__dllonexit
_onexit
_initterm
_adjust_fdiv
fclose
signal
toupper
_fullpath
_get_osfhandle
getenv
_pclose
_popen
_pipe
_lseeki64
localtime
gmtime
asctime
__CxxFrameHandler
??2@YAPAXI@Z
_purecall
fflush
fprintf
fopen
??0exception@@QAE@ABV0@@Z
strlen
_EH_prolog
_CxxThrowException
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
memcpy
rand
srand
calloc
_strlwr
_wcslwr
??1type_info@@UAE@XZ
_errno
strstr
memchr
atoi
strspn
__mb_cur_max
_isctype
_pctype
tolower
fscanf
_mkdir
_getcwd
_chdir
_stat
_fstat
_iob
sprintf
strtol
strtod
atof
mbstowcs
setlocale
wcstombs
mktime
vfprintf
_utime
_close
_open
_stricmp
_strnicmp
time

oleaut32

SysFreeString
GetErrorInfo
SetErrorInfo
VariantChangeType
CreateErrorInfo
VariantInit
SysAllocStringLen
SysAllocString
VariantClear

winmm

timeGetTime
timeKillEvent
timeBeginPeriod
timeGetDevCaps
timeSetEvent

ws2_32

htons
inet_ntoa
gethostbyname
inet_addr
WSAStartup
WSACleanup
ntohs
__WSAFDIsSet
select
htonl
ntohl
socket
setsockopt
ioctlsocket
listen
bind
connect
accept
closesocket
send
recv
getsockopt
WSAGetLastError

gdi32

GetStockObject

ole32

CoCreateInstance
CoInitialize
CoUninitialize

Exports

Exports

CreateObject
InitCrossContext
ReleaseObject
UnInitCrossContext

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ca925da25999bfb16e561289ce4a585

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

8c:35:94:3b:f1:59:c7:dc:5d:3a:3d:2c:b5:14:86:3a:db:24:ed:e3Signer

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

oleaut32

winmm

ws2_32

gdi32

ole32

Exports

Exports

Sections

.text Size: 160KB - Virtual size: 156KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 56KB - Virtual size: 68KB

.rsrc Size: 4KB - Virtual size: 920B

.reloc Size: 12KB - Virtual size: 9KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

8c:35:94:3b:f1:59:c7:dc:5d:3a:3d:2c:b5:14:86:3a:db:24:ed:e3
Signer

.text
Size: 160KB - Virtual size: 156KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 56KB - Virtual size: 68KB

.rsrc
Size: 4KB - Virtual size: 920B

.reloc
Size: 12KB - Virtual size: 9KB