07b82d29699a3a3655b91b396c52e9d1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

07b82d29699a3a3655b91b396c52e9d1_JaffaCakes118
Size

822KB
MD5

07b82d29699a3a3655b91b396c52e9d1
SHA1

25ad6415d9618b09e4eaff59ed482e96a13d3d29
SHA256

dbb40f5097f6b8ec63f774207a50c13f8efcc8ed7b5b28e8171e536c803bc23f
SHA512

f64efdd9271dfe7cf5d911fb93e231fa57d3449a6ef476fd94b1d2f622b0f5dfa7c0946d50734e3a0c78f5bb48fd312927de399d6b20d1bf529941a18c4a1729
SSDEEP

6144:AIt8uUcKexyuWrim4m+cdUrX3Wu1FUDaWG2i4WfaqaTJDnqRQ2U/KYuaR4jMCfCn:Dt8uDxyuW+R1Lpg

Score

1^/10

Malware Config

Signatures

Files

07b82d29699a3a3655b91b396c52e9d1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

15b21c74d54198111adf3090e7d845e2

Code Sign

60:bc:17:a0:63:d1:09:a9:0e:f3:61:6b:5f:10:53:3d
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

06/04/2016, 03:19

Not After

06/01/2018, 03:19

Subject

CN=合一网络技术（北京）有限公司,O=合一网络技术（北京）有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:6f:04:d2:13:44:d0:37:09:e8:c1:9c:c7:ed:12:b5
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

06/04/2016, 03:28

Not After

06/01/2018, 03:28

Subject

CN=合一网络技术（北京）有限公司,O=合一网络技术（北京）有限公司,L=北京市,ST=北京市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a5:93:27:e5:56:ad:2c:de:78:ed:b2:d1:94:a7:81:d2:4a:dc:4d:e5:53:6f:33:87:7a:04:fc:ce:69:7b:c8:e8
Signer

Actual PE Digest

a5:93:27:e5:56:ad:2c:de:78:ed:b2:d1:94:a7:81:d2:4a:dc:4d:e5:53:6f:33:87:7a:04:fc:ce:69:7b:c8:e8

Digest Algorithm

sha256

PE Digest Matches

true

03:fc:18:41:f0:62:81:17:f9:57:ea:62:5e:37:b4:7d:3a:5c:49:81
Signer

Actual PE Digest

03:fc:18:41:f0:62:81:17:f9:57:ea:62:5e:37:b4:7d:3a:5c:49:81

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
_amsg_exit
_initterm
_iob
_lock
_onexit
_unlock
abort
calloc
free
fwrite
malloc
strlen
strncmp
vfprintf

libgcc_s_dw2-1

__deregister_frame_info
__register_frame_info

Exports

Exports

icudt54_dat

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 732KB - Virtual size: 732KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 74B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/89
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15b21c74d54198111adf3090e7d845e2

Code Sign

60:bc:17:a0:63:d1:09:a9:0e:f3:61:6b:5f:10:53:3dCertificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79Certificate

Extended Key Usages

Key Usages

1f:6f:04:d2:13:44:d0:37:09:e8:c1:9c:c7:ed:12:b5Certificate

Extended Key Usages

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

a5:93:27:e5:56:ad:2c:de:78:ed:b2:d1:94:a7:81:d2:4a:dc:4d:e5:53:6f:33:87:7a:04:fc:ce:69:7b:c8:e8Signer

03:fc:18:41:f0:62:81:17:f9:57:ea:62:5e:37:b4:7d:3a:5c:49:81Signer

Headers

File Characteristics

Imports

kernel32

msvcrt

libgcc_s_dw2-1

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 28B

.rodata Size: 732KB - Virtual size: 732KB

.rdata Size: 1KB - Virtual size: 1KB

/4 Size: 2KB - Virtual size: 1KB

.bss Size: - Virtual size: 1KB

.edata Size: 512B - Virtual size: 74B

.idata Size: 1KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 32B

.reloc Size: 1024B - Virtual size: 548B

/14 Size: 512B - Virtual size: 448B

/29 Size: 27KB - Virtual size: 27KB

/41 Size: 5KB - Virtual size: 4KB

/55 Size: 4KB - Virtual size: 4KB

/67 Size: 512B - Virtual size: 272B

/78 Size: 3KB - Virtual size: 3KB

/89 Size: 1024B - Virtual size: 552B

60:bc:17:a0:63:d1:09:a9:0e:f3:61:6b:5f:10:53:3d
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

46:bb:b3:40:fa:b9:c1:79:28:93:8c:93:da:10:86:79
Certificate

1f:6f:04:d2:13:44:d0:37:09:e8:c1:9c:c7:ed:12:b5
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

a5:93:27:e5:56:ad:2c:de:78:ed:b2:d1:94:a7:81:d2:4a:dc:4d:e5:53:6f:33:87:7a:04:fc:ce:69:7b:c8:e8
Signer

03:fc:18:41:f0:62:81:17:f9:57:ea:62:5e:37:b4:7d:3a:5c:49:81
Signer

.text
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 28B

.rodata
Size: 732KB - Virtual size: 732KB

.rdata
Size: 1KB - Virtual size: 1KB

/4
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 74B

.idata
Size: 1KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 1024B - Virtual size: 548B

/14
Size: 512B - Virtual size: 448B

/29
Size: 27KB - Virtual size: 27KB

/41
Size: 5KB - Virtual size: 4KB

/55
Size: 4KB - Virtual size: 4KB

/67
Size: 512B - Virtual size: 272B

/78
Size: 3KB - Virtual size: 3KB

/89
Size: 1024B - Virtual size: 552B