f8941b62cf995837c50ad3e04f28a4e5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f8941b62cf995837c50ad3e04f28a4e5_JaffaCakes118
Size

993KB
MD5

f8941b62cf995837c50ad3e04f28a4e5
SHA1

4e925a2eac7cc61a47a1366d35c92f288534aee3
SHA256

c01658643e7cd03c44b6b346cd73727cf54162b738eb7f483526788ae8fb4759
SHA512

262a9d080953dc5644a8fc9db4392a499eeb333d74233e74b500ad3c73ef1e482a05ab93477b94cafa524ea7894053e917e50c4056e5f6c8e97b841471b8c6f8
SSDEEP

24576:nBiygbQKGZboa0SSbDUizEpeonCxxHD9kEGknj:Bi7lanBSo0HDUknj

Score

1^/10

Malware Config

Signatures

Files

f8941b62cf995837c50ad3e04f28a4e5_JaffaCakes118
.dll windows:5 windows x86 arch:x86

931c63c1aceecc6c12bbe1440a1557da

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5e:fa:90:4e:eb:f5:ed:21:23:af:59:6a:36:1a:1c:26
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

11/03/2016, 08:32

Not After

11/03/2017, 08:32

Subject

CN=南宁博纵科技有限责任公司,O=南宁博纵科技有限责任公司,L=南宁市,ST=广西壮族自治区,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f4:03:3d:1e:95:69:bb:0d:36:43:09:69:1d:e0:ce:d9:8d:8a:a5:d0
Signer

Actual PE Digest

f4:03:3d:1e:95:69:bb:0d:36:43:09:69:1d:e0:ce:d9:8d:8a:a5:d0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\SVN\proj\11BroadBandkk\userinit\Release\userinit.pdb

Imports

kernel32

CloseHandle
VirtualAlloc
WriteFile
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
ResumeThread
LeaveCriticalSection
SetFilePointer
DeleteFileA
GetFileSize
GetLocalTime
FormatMessageA
GetCurrentProcess
GetCurrentProcessId
SetThreadContext
WriteProcessMemory
GetLastError
VirtualAllocEx
GetModuleHandleW
GetProcAddress
VirtualProtectEx
GetVersionExW
VirtualQueryEx
TerminateProcess
ReadProcessMemory
GetThreadContext
CreateProcessW
GetWindowsDirectoryW
SizeofResource
LoadResource
LockResource
FindResourceW
GetFullPathNameW
GetTickCount
MoveFileW
DeleteFileW
CopyFileW
SetFileAttributesW
GetModuleFileNameW
CreateFileA
GetSystemDirectoryW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
HeapAlloc
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
HeapFree
VirtualFree
HeapReAlloc
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW

advapi32

QueryServiceStatus
StartServiceW
RegCloseKey
RegFlushKey
RegSetValueExW
RegCreateKeyExW
CreateServiceW
CloseServiceHandle
DeleteService
ControlService
OpenServiceW
OpenSCManagerW

shell32

SHGetSpecialFolderPathA

ws2_32

WSACleanup
WSAStartup

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathFileExistsA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Exports

Exports

LiveBegin
LiveResource

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 899KB - Virtual size: 899KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

931c63c1aceecc6c12bbe1440a1557da

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

5e:fa:90:4e:eb:f5:ed:21:23:af:59:6a:36:1a:1c:26Certificate

Extended Key Usages

Key Usages

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79Certificate

Extended Key Usages

Key Usages

f4:03:3d:1e:95:69:bb:0d:36:43:09:69:1d:e0:ce:d9:8d:8a:a5:d0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

ws2_32

shlwapi

version

Exports

Exports

Sections

.text Size: 58KB - Virtual size: 58KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 899KB - Virtual size: 899KB

.reloc Size: 9KB - Virtual size: 8KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5e:fa:90:4e:eb:f5:ed:21:23:af:59:6a:36:1a:1c:26
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

f4:03:3d:1e:95:69:bb:0d:36:43:09:69:1d:e0:ce:d9:8d:8a:a5:d0
Signer

.text
Size: 58KB - Virtual size: 58KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 899KB - Virtual size: 899KB

.reloc
Size: 9KB - Virtual size: 8KB