056c6cedff2225d014b1c519c81e94d3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

056c6cedff2225d014b1c519c81e94d3_JaffaCakes118
Size

988KB
MD5

056c6cedff2225d014b1c519c81e94d3
SHA1

ead3c216067a7c0eae25483d114a215ebaecf1e2
SHA256

214ecd94a6edcc24f516310e73bd04d03db83911648248cb8a518a16adb64c30
SHA512

f738d6d2a7a9170e4ead74bb12e25ea79ce82fe23fb3e33ebc33ae58f6b121fef6cac3cddd71611b120aad1ecc10db4ffbd2db5a14ced1635307cf2d4eb59e8d
SSDEEP

12288:sqF1Wjf3etN23V4bkkLKJff6VTUCje7Od/3mtJC9TFWx1YKt0Puo:sqfN24BVoCje7+mtU9TF+t0P1

Score

1^/10

Malware Config

Signatures

Files

056c6cedff2225d014b1c519c81e94d3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b7c69671792455a26459e34f02b1687b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:cf:64:81:d2:9d:bd:67:46:86:3a:65:84:08:ae:1c
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

12/05/2014, 00:00

Not After

11/08/2015, 23:59

Subject

CN=载信软件（上海）有限公司,OU=IT部,O=载信软件（上海）有限公司,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

bf:50:42:9f:04:f2:2e:4e:dc:47:5a:bd:ae:44:35:d2:d1:f6:2a:29
Signer

Actual PE Digest

bf:50:42:9f:04:f2:2e:4e:dc:47:5a:bd:ae:44:35:d2:d1:f6:2a:29

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\code\b5m-clt-bang5tao\B5TClient\bin\Release\B5TAssist.pdb

Imports

winhttp

WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpOpen
WinHttpWriteData

kernel32

SetUnhandledExceptionFilter
Sleep
CreateEventW
WaitForSingleObject
SetEvent
CloseHandle
CreateThread
GetTickCount
CreateDirectoryW
GetTempPathW
GetTempFileNameW
MoveFileW
CreateProcessW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
WaitForMultipleObjects
WriteFile
ReadFile
SetFilePointerEx
SetEndOfFile
CreateFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
WTSGetActiveConsoleSessionId
GetModuleFileNameW
LocalFree
GetModuleHandleW
GetCurrentProcess
GetCurrentProcessId
CreateMutexW
WideCharToMultiByte
MultiByteToWideChar
SetFilePointer
FindClose
FindFirstFileW
GetDriveTypeW
SetErrorMode
GetVersionExW
DeleteFileA
lstrlenW
CreateFileA
OutputDebugStringA
ReleaseMutex
DeviceIoControl
SetPriorityClass
InterlockedDecrement
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
lstrlenA
TlsGetValue
TlsAlloc
FreeLibrary
GetProcAddress
IsValidCodePage
OutputDebugStringW
GetLastError
LoadLibraryW
GetLocaleInfoW
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetStdHandle
GetProcessHeap
CompareStringW
GetOEMCP
GetACP
FlushFileBuffers
GetConsoleMode
GetConsoleCP
ExitProcess
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
RaiseException
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
GetSystemTimeAsFileTime
HeapReAlloc
HeapAlloc
HeapFree
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedCompareExchange
InterlockedIncrement
SetEnvironmentVariableA

user32

wsprintfW
MessageBoxA

advapi32

RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
OpenProcessToken
GetTokenInformation
LookupAccountSidW

shell32

SHGetFolderLocation
SHGetPathFromIDListW
ord155
ShellExecuteW
ord680

ole32

CoInitialize
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
CoInitializeSecurity
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear

shlwapi

UrlUnescapeW
PathFileExistsW

wtsapi32

WTSQueryUserToken

psapi

GetModuleFileNameExW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b7c69671792455a26459e34f02b1687b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

07:cf:64:81:d2:9d:bd:67:46:86:3a:65:84:08:ae:1cCertificate

Extended Key Usages

Key Usages

bf:50:42:9f:04:f2:2e:4e:dc:47:5a:bd:ae:44:35:d2:d1:f6:2a:29Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winhttp

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wtsapi32

psapi

iphlpapi

Sections

.text Size: 360KB - Virtual size: 360KB

.rdata Size: 192KB - Virtual size: 191KB

.data Size: 10KB - Virtual size: 22KB

.rsrc Size: 49KB - Virtual size: 48KB

.reloc Size: 385KB - Virtual size: 385KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

07:cf:64:81:d2:9d:bd:67:46:86:3a:65:84:08:ae:1c
Certificate

bf:50:42:9f:04:f2:2e:4e:dc:47:5a:bd:ae:44:35:d2:d1:f6:2a:29
Signer

.text
Size: 360KB - Virtual size: 360KB

.rdata
Size: 192KB - Virtual size: 191KB

.data
Size: 10KB - Virtual size: 22KB

.rsrc
Size: 49KB - Virtual size: 48KB

.reloc
Size: 385KB - Virtual size: 385KB