ecf324050662aa8e28818292d76100c6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ecf324050662aa8e28818292d76100c6_JaffaCakes118
Size

3.3MB
MD5

ecf324050662aa8e28818292d76100c6
SHA1

4455bf0627c521224e081e4dc2c090288909032d
SHA256

fdfd02f02155e31a7e0f5fbe64fa20cf24d217b7ce7a8aa1e2ca7076533db1cf
SHA512

8ac5d5cf0eb4e8791739e6fc264c0d2559c0fa22ee44ae626f9016c303248ffe200fbdd69b521f2100e22f97aa2435a0661ad714e6ea9398d9eb22a6839a8f56
SSDEEP

49152:3QY0QN72/LE52e6FDctLKt26EYkmgx+dTMRba:3Q7QNsLE52e6FotLKvEyRTF

Score

1^/10

Malware Config

Signatures

Files

ecf324050662aa8e28818292d76100c6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d55aa0511b5d502fa0b3649bbff5c55d

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

70:be:6a:74:33:1f:1a:a1:b8:4c:33:cd:90:c6:cf:62
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

10/09/2019, 00:00

Not After

09/09/2020, 23:59

Subject

CN=Baidu Japan Inc.,OU=BD,O=Baidu Japan Inc.,L=minato-ku,ST=tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d4:a7:7d:bf:ea:b8:80:ef:6b:6c:fc:39:a4:7a:c2:a9:b3:24:3c:eb
Signer

Actual PE Digest

d4:a7:7d:bf:ea:b8:80:ef:6b:6c:fc:39:a4:7a:c2:a9:b3:24:3c:eb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\tools_svn\hao123PCClient\Release\hao123Main.pdb

Imports

kernel32

GlobalUnlock
GlobalFree
GetTempPathW
FindResourceExW
GetTickCount
InterlockedIncrement
GetLastError
GetProcessId
GetCurrentProcess
GetModuleFileNameW
VirtualAlloc
VirtualFree
VirtualProtect
IsBadReadPtr
SetLastError
LoadLibraryA
FreeLibrary
HeapAlloc
GetProcessHeap
GetNativeSystemInfo
HeapFree
CreateFileA
SetEndOfFile
GetLocaleInfoA
GlobalLock
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
FlushFileBuffers
ExitProcess
InitializeCriticalSectionAndSpinCount
CreateFileW
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ReadFile
MultiByteToWideChar
GetConsoleMode
GlobalAlloc
SizeofResource
LockResource
FreeResource
LoadResource
FindResourceW
Sleep
GetModuleHandleW
ExpandEnvironmentStringsW
GetProcAddress
LocalFree
CloseHandle
GetVersionExW
GetConsoleCP
WideCharToMultiByte
WriteFile
InterlockedDecrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
GetStartupInfoW
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetModuleHandleA
HeapSize
HeapReAlloc
HeapDestroy
SetStdHandle
GetCommandLineW

user32

TranslateAcceleratorW
DispatchMessageW
LoadIconW
LoadCursorW
RegisterClassExW
MonitorFromRect
GetMonitorInfoW
GetWindowRect
SetWindowPos
CreateWindowExW
ShowWindow
UpdateWindow
BeginPaint
EndPaint
SendMessageW
PostMessageW
GetDC
ReleaseDC
GetPropW
SetWindowLongW
SetPropW
GetSystemMetrics
GetCursorPos
ScreenToClient
SetCursor
SetCapture
ReleaseCapture
InvalidateRect
InflateRect
UpdateLayeredWindow
GetWindowLongW
SetTimer
KillTimer
IsWindow
GetMessageW
LoadAcceleratorsW
LoadStringW
DefWindowProcW
TranslateMessage

gdi32

CreateDIBSection
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
SelectObject
BitBlt

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

CommandLineToArgvW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA

ole32

CreateStreamOnHGlobal
CoUninitialize
CoInitialize

shlwapi

PathFindFileNameW
PathFileExistsW
PathAppendW
PathAppendA

gdiplus

GdipCreateSolidFill
GdipLoadImageFromFile
GdipDrawRectangle
GdiplusStartup
GdipDeletePen
GdiplusShutdown
GdipDeleteGraphics
GdipCreateFromHDC
GdipGraphicsClear
GdipLoadImageFromFileICM
GdipFillRectangle
GdipSetSolidFillColor
GdipCloneBrush
GdipDeleteBrush
GdipBeginContainer2
GdipSetClipRect
GdipTranslateWorldTransform
GdipEndContainer
GdipFree
GdipDisposeImage
GdipCreatePen1
GdipCreateImageAttributes
GdipAlloc
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipScaleWorldTransform
GdipDrawPolygon
GdipFillPolygon
GdipDrawArc
GdipFillEllipse
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipMeasureString
GdipCreateFromHWNDICM
GdipCreateFromHWND
GdipDrawString
GdipSetTextRenderingHint
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipSetPenColor
GdipDisposeImageAttributes
GdipRotateWorldTransform

comctl32

_TrackMouseEvent

dbghelp

MakeSureDirectoryPathExists

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d55aa0511b5d502fa0b3649bbff5c55d

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

70:be:6a:74:33:1f:1a:a1:b8:4c:33:cd:90:c6:cf:62Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

d4:a7:7d:bf:ea:b8:80:ef:6b:6c:fc:39:a4:7a:c2:a9:b3:24:3c:ebSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

gdiplus

comctl32

dbghelp

Sections

.text Size: 166KB - Virtual size: 165KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 3.1MB - Virtual size: 3.1MB

.reloc Size: 21KB - Virtual size: 20KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

70:be:6a:74:33:1f:1a:a1:b8:4c:33:cd:90:c6:cf:62
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

d4:a7:7d:bf:ea:b8:80:ef:6b:6c:fc:39:a4:7a:c2:a9:b3:24:3c:eb
Signer

.text
Size: 166KB - Virtual size: 165KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

.reloc
Size: 21KB - Virtual size: 20KB