0e5b319ecbc2dd376f126fc6a917eda5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0e5b319ecbc2dd376f126fc6a917eda5_JaffaCakes118
Size

8.2MB
MD5

0e5b319ecbc2dd376f126fc6a917eda5
SHA1

209547599a5b7aeb8af35d3f4e217f4687570a14
SHA256

fcebdd4e44170e2aa822a320d80974d55300dce98fc9a4cc9c0e1f2f962cbde7
SHA512

0aca8811c78df1c459066fb65ac2d4b5fd4be48b6c17449b7841eec61db69f12836eb0faca8fdec5cfd69a160db5d665d48f0fb9fd71fd476919cd3d6ed64428
SSDEEP

98304:Z/jv+mcZXiVPIYkjVrp9aa2UAosOFXXjV+pfUpErmJDIc:VjCt2PIzt2aPAosOFXXjV+pfUfDT

Score

1^/10

Malware Config

Signatures

Files

0e5b319ecbc2dd376f126fc6a917eda5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6ce83721b6075c4f070541b497eb6589

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\project\sogouime\branch\PinyinDev_R_7_6\Bin\SogouPdb\SogouInput\SGTool.pdb

Imports

imm32

ImmDisableIME
ImmInstallIMEW
ImmDestroyContext
ImmAssociateContext
ImmGetHotKey
ImmGetIMEFileNameW
ImmSetHotKey

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

comctl32

InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Create

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wininet

InternetCloseHandle
InternetOpenUrlW
InternetSetOptionW
InternetOpenW
InternetQueryOptionW
InternetErrorDlg
HttpAddRequestHeadersW
InternetReadFile
InternetQueryDataAvailable
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetWriteFile
InternetConnectA
HttpSendRequestExW
HttpEndRequestW
HttpOpenRequestA
InternetCrackUrlA
InternetSetCookieW
InternetGetConnectedState
InternetCanonicalizeUrlW

kernel32

GlobalUnlock
GlobalLock
GetExitCodeThread
WaitForSingleObjectEx
GlobalAddAtomW
LoadLibraryA
GetSystemDirectoryA
GetLocaleInfoW
lstrcmpW
EnumSystemLocalesW
MoveFileExW
WriteProfileStringW
GetACP
SetWaitableTimer
RaiseException
InitializeCriticalSection
DeleteCriticalSection
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetLastError
InterlockedIncrement
InterlockedDecrement
GetProcAddress
GetModuleHandleW
lstrcmpiW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
LocalFree
GetTempPathW
CloseHandle
Module32NextW
SuspendThread
GetThreadContext
SetThreadContext
SetEnvironmentVariableA
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetStringTypeA
LCMapStringA
GetCurrentDirectoryA
GetFullPathNameA
GetStartupInfoA
SetHandleCount
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
HeapCreate
GetFileInformationByHandle
GetDateFormatA
GetTimeFormatA
GetFullPathNameW
GetCPInfo
GetDriveTypeW
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
ExitProcess
UnhandledExceptionFilter
RtlUnwind
HeapSize
HeapDestroy
IsProcessorFeaturePresent
SwitchToThread
GetModuleHandleA
WriteFileEx
ReadFileEx
DisconnectNamedPipe
GetOverlappedResult
WaitForMultipleObjectsEx
CreateNamedPipeW
ConnectNamedPipe
GetWindowsDirectoryW
OpenFileMappingA
CreateFileMappingA
GlobalReAlloc
GetWindowsDirectoryA
CompareStringW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
GlobalHandle
IsDebuggerPresent
lstrcatW
VirtualQuery
TlsFree
TlsAlloc
FlushFileBuffers
GetFileAttributesExW
QueryDosDeviceW
GetLogicalDriveStringsW
GetProcessId
GetFileAttributesW
CreateProcessW
DuplicateHandle
FormatMessageW
InitializeCriticalSectionAndSpinCount
TlsSetValue
TlsGetValue
CopyFileA
lstrcatA
lstrcpyA
DeviceIoControl
LocalAlloc
RemoveDirectoryW
CreateDirectoryW
SetFileTime
GetFileTime
VirtualProtect
VirtualFree
VirtualAlloc
FileTimeToSystemTime
GetModuleFileNameA
CreateFileMappingW
IsBadReadPtr
ExitThread
GetSystemTimeAsFileTime
ExpandEnvironmentStringsA
PeekNamedPipe
SleepEx
MoveFileW
SetNamedPipeHandleState
WaitNamedPipeW
CreateIoCompletionPort
TransactNamedPipe
GetQueuedCompletionStatus
LCMapStringW
Module32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
Process32NextW
Process32FirstW
GetCurrentProcessId
TerminateProcess
OpenProcess
GetSystemDirectoryW
GlobalFree
GlobalAlloc
GetCommandLineW
GetCurrentThreadId
GetFileSize
CreateFileW
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryW
ResetEvent
SetEvent
WaitForSingleObject
CreateEventW
SetEndOfFile
MulDiv
WaitForMultipleObjects
GetSystemInfo
GetExitCodeProcess
SetFilePointer
FindResourceExW
GlobalMemoryStatusEx
GetTimeZoneInformation
SetUnhandledExceptionFilter
lstrcpyW
lstrcpynW
lstrcpynA
ResumeThread
HeapAlloc
HeapReAlloc
GetProcessHeap
HeapFree
SetFileAttributesW
CopyFileW
GetSystemDefaultLangID
CreateMutexW
InterlockedExchange
InterlockedCompareExchange
GetTempFileNameW
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
CreateThread
TerminateThread
GetTickCount
OpenMutexW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
LockResource
GetVersionExW
GetCurrentThread
GetStartupInfoW
WideCharToMultiByte
GetStdHandle
SetFilePointerEx
ReadFile
WriteFile
GetFileType
GetFileSizeEx
CreateFileA
GetLocalTime
SystemTimeToFileTime
FormatMessageA
SetLastError
FlushInstructionCache
lstrlenA
OutputDebugStringW
DebugBreak
Sleep
OpenEventW

user32

SetCursorPos
SendMessageW
SetFocus
SetTimer
LoadIconW
RemoveMenu
GetSystemMenu
EndDialog
GetDlgItem
DialogBoxParamW
GetKeyboardLayoutList
UnloadKeyboardLayout
ActivateKeyboardLayout
DrawTextW
PostQuitMessage
UnregisterHotKey
SetWindowLongW
VkKeyScanW
CreateWindowExW
ShowWindow
EndPaint
UnregisterClassA
EnumWindows
GetScrollInfo
SetScrollInfo
AdjustWindowRectEx
LoadKeyboardLayoutW
GetMenuItemID
MenuItemFromPoint
GetMenuItemRect
mouse_event
MsgWaitForMultipleObjectsEx
IsCharAlphaNumericW
GetLastInputInfo
WindowFromPoint
wsprintfA
BeginPaint
DefWindowProcW
RegisterClassExW
LoadCursorW
MessageBoxW
CharNextW
SetWindowTextW
IsDlgButtonChecked
SetClipboardData
SetWindowPos
RegisterClipboardFormatW
CloseClipboard
EmptyClipboard
OpenClipboard
SendInput
GetIconInfo
UpdateLayeredWindow
DestroyWindow
IsIconic
RegisterHotKey
ExitWindowsEx
SetPropW
EnumThreadWindows
CloseWindow
BringWindowToTop
GetWindowTextLengthW
UnhookWindowsHookEx
FindWindowW
keybd_event
InvalidateRect
UnregisterClassW
GetAsyncKeyState
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
ClipCursor
DestroyCursor
SystemParametersInfoW
LoadMenuW
LoadAcceleratorsW
wsprintfW
CharLowerW
MessageBeep
TrackPopupMenuEx
GetMenuItemCount
LoadStringA
SetMenuDefaultItem
GetMenuItemInfoW
DrawIcon
TranslateAcceleratorW
LoadBitmapW
GetClassInfoExW
LoadStringW
TrackMouseEvent
CallWindowProcW
CheckDlgButton
GetWindowDC
ScrollWindow
GetCursor
GetPropW
NotifyWinEvent
SendMessageTimeoutW
GetWindowTextW
IsWindowEnabled
CreatePopupMenu
AppendMenuW
SetMenuItemInfoW
DestroyMenu
InflateRect
FillRect
EnumChildWindows
RedrawWindow
SetCursor
AttachThreadInput
GetKeyState
PostThreadMessageW
GetClassLongW
SetClassLongW
MonitorFromRect
IntersectRect
SubtractRect
ScreenToClient
PtInRect
SetLayeredWindowAttributes
DestroyIcon
GetDesktopWindow
GetWindowThreadProcessId
SetWindowRgn
GetClassNameW
OffsetRect
GetCursorPos
RegisterWindowMessageW
ClientToScreen
SetCapture
ReleaseCapture
MoveWindow
SetRect
GetDC
ReleaseDC
GetForegroundWindow
SetForegroundWindow
IsRectEmpty
MonitorFromPoint
CopyRect
SetRectEmpty
CreateDialogParamW
IsDialogMessageW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetSystemMetrics
LoadImageW
FindWindowExW
wvsprintfW
GetParent
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
IsWindow
KillTimer
IsWindowVisible
GetWindowRect
GetWindowLongW
GetClientRect
GetFocus
PostMessageW
EnableWindow

gdi32

CreateFontIndirectW
GetTextExtentPointW
CreateDIBSection
SetTextCharacterExtra
GetFontData
StretchDIBits
SetViewportOrgEx
CreateRectRgn
CombineRgn
CreatePolygonRgn
EnumFontFamiliesExW
OffsetRgn
RestoreDC
FillPath
EndPath
SaveDC
AngleArc
BeginPath
SelectClipRgn
GetClipRgn
GetCharABCWidthsFloatW
ExtCreateRegion
GetObjectW
DeleteObject
Rectangle
CreatePen
SelectObject
CreateSolidBrush
GetStockObject
SetBkMode
SetTextColor
CreateCompatibleDC
DeleteDC
GetDeviceCaps
RemoveFontResourceW
AddFontResourceW
SetStretchBltMode
StretchBlt
SetPixel
CreateDCW
GetPixel
GetFontUnicodeRanges
GetTextMetricsW
DPtoLP
SetMapMode
GetTextExtentExPointW
GetTextExtentPoint32W
MoveToEx
LineTo
CreateCompatibleBitmap
BitBlt

comdlg32

GetSaveFileNameW
ChooseColorW
GetOpenFileNameW

advapi32

RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetSecurityDescriptorSacl
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
CryptGetKeyParam
CryptDecrypt
CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptSetKeyParam
CryptImportKey
CryptAcquireContextW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
OpenProcessToken
RegQueryValueExW
RegFlushKey
ConvertSidToStringSidW
LookupAccountNameW
RegEnumKeyW
RegEnumValueW
RegUnLoadKeyW
RegOpenKeyW
RegLoadKeyW
RegCreateKeyW
DuplicateTokenEx
CreateProcessAsUserW
LookupAccountSidW
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid

shell32

ExtractIconW
ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
CommandLineToArgvW
SHChangeNotify
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHFileOperationW

ole32

OleSetContainedObject
CreateStreamOnHGlobal
CoInitializeEx
CoInitializeSecurity
OleUninitialize
OleInitialize
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
OleCreate

oleaut32

SysStringByteLen
SysAllocStringByteLen
VariantChangeType
VariantClear
VariantCopy
VariantInit
SysAllocString
SysFreeString
SysStringLen
VarUI4FromStr

ws2_32

setsockopt
inet_ntoa
gethostname
gethostbyname
WSAStartup
WSAGetLastError
socket
sendto
shutdown
htonl
recvfrom
getservbyname
htons
gethostbyaddr
getservbyport
ntohs
WSASetLastError
getpeername
WSACleanup
closesocket
recv
send
getsockname
bind
getsockopt
connect
accept
listen
__WSAFDIsSet
select
ioctlsocket
inet_addr

wldap32

ord79
ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord200
ord33
ord301
ord27
ord41
ord46
ord22

psapi

GetModuleInformation
GetModuleFileNameExW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shlwapi

StrCmpIW
PathFileExistsW
StrToIntW
StrCSpnW
SHDeleteKeyW
StrStrIW

msimg32

GradientFill
TransparentBlt
AlphaBlend

oleacc

LresultFromObject
AccessibleObjectFromWindow

Sections

.text
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 323KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ce83721b6075c4f070541b497eb6589

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9dCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

imm32

wtsapi32

comctl32

userenv

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

ws2_32

wldap32

psapi

version

shlwapi

msimg32

oleacc

Sections

.text Size: 5.2MB - Virtual size: 5.2MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 323KB - Virtual size: 1.3MB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 376KB - Virtual size: 375KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 5.2MB - Virtual size: 5.2MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 323KB - Virtual size: 1.3MB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 376KB - Virtual size: 375KB