0fd8e46153bb13b1a8ce903629fbd2ad_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0fd8e46153bb13b1a8ce903629fbd2ad_JaffaCakes118
Size

338KB
MD5

0fd8e46153bb13b1a8ce903629fbd2ad
SHA1

dba04366b052a992d44894a4412f9937e3ce950a
SHA256

1918d28dd3a6d81ab7046321b919a5eee49747921a49d5dd8aabba607c8b6114
SHA512

83002bf436600776ecae5568a2349aaa7bde9f8a80a65c80b06b725e504a19ecfa2019094e32b05d5e1bb20d03be7129b9e3827f56a8ec6de19a9f51007952d1
SSDEEP

6144:j6z4a25O4u9mL4aqrzHIsV3Xaak+Mz8Ptfk+tN1JpIo7zIwiWerTa7n:ezRn4umbqrzHtVHaalPekJCo7zjiWeri

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TK5ed10/Key.dll
unpack001/TK5ed10/Main.exe

Files

0fd8e46153bb13b1a8ce903629fbd2ad_JaffaCakes118
.zip
TK5ed10/Key.dll
.dll windows:4 windows x86 arch:x86

5af856723ea2ae69dc49d215c8d9474f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
DisableThreadLibraryCalls
VirtualProtect
ReadProcessMemory
TlsGetValue
DeleteCriticalSection
GetModuleFileNameA
RtlUnwind
GetStringTypeA
LCMapStringW
GetStringTypeW
MultiByteToWideChar
LCMapStringA
LoadLibraryA
GetOEMCP
GetACP
GetProcAddress
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetLastError
CloseHandle
InitializeCriticalSection
ExitProcess
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
WriteProcessMemory
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapAlloc
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
GetCPInfo
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
SetFilePointer

user32

SetWindowLongA
DefWindowProcA
PeekMessageA
DispatchMessageA
IsDialogMessageA
SendDlgItemMessageA
PostMessageA
GetDlgItemInt
DestroyWindow
GetDlgItem
SetDlgItemTextA
GetDlgItemTextA
SetDlgItemInt
GetActiveWindow
UnhookWindowsHookEx
SetWindowsHookExA
GetDC
FindWindowA
CallNextHookEx
CreateDialogParamA
ReleaseDC
CallWindowProcA
TranslateMessage
SetWindowPos
GetMessageA

gdi32

DeleteObject
TextOutA
SelectObject
CreateFontA
SetTextColor

Exports

Exports

?KeyboardProc@@YGJHIJ@Z
?install@@YAHPAUHWND__@@@Z
?uninstall@@YAHXZ

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARESEG
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TK5ed10/Main.exe
.exe windows:4 windows x86 arch:x86

a432bf69ca59a077055bc9234768d558

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

key

?uninstall@@YAHXZ
?install@@YAHPAUHWND__@@@Z

kernel32

RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
HeapFree
HeapAlloc
HeapReAlloc
HeapSize
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
SetHandleCount
GetStdHandle
RaiseException
VirtualFree
GetEnvironmentStringsW
IsBadWritePtr
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetEnvironmentStrings
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
GetProfileStringA
WriteFile
SetErrorMode
GetCurrentProcess
SizeofResource
GetOEMCP
GetCPInfo
MultiByteToWideChar
GetProcessVersion
GetLastError
WideCharToMultiByte
WritePrivateProfileStringA
lstrcpynA
GlobalFlags
lstrlenA
TlsSetValue
TlsGetValue
LocalReAlloc
LeaveCriticalSection
EnterCriticalSection
GlobalReAlloc
GetFileType
DeleteCriticalSection
CloseHandle
TlsFree
GlobalHandle
TlsAlloc
GetModuleFileNameA
InitializeCriticalSection
LocalFree
LocalAlloc
MulDiv
SetLastError
InterlockedDecrement
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
GetProcAddress
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
HeapDestroy
HeapCreate
VirtualAlloc

user32

AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
SendDlgItemMessageA
UpdateWindow
IsDialogMessageA
SetWindowTextA
ShowWindow
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
LoadCursorA
ScreenToClient
GetClassNameA
PtInRect
GetSysColorBrush
LoadStringA
DestroyMenu
InvalidateRect
CopyRect
GetTopWindow
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
CallWindowProcA
RemovePropA
GetMessageTime
SetForegroundWindow
GetWindow
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
PostQuitMessage
PostMessageA
EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
LoadIconA
GetCapture
GetForegroundWindow
GetMessagePos
SetWindowPos
SetWindowLongA
GetPropA
ShowCaret
IsWindowUnicode
CharNextA
InflateRect
DefDlgProcA
DrawFocusRect
ExcludeUpdateRgn
HideCaret
UnregisterClassA

gdi32

DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
GetObjectA
SetBkColor
SetTextColor
DeleteObject
GetDeviceCaps
CreateSolidBrush
PtVisible
TextOutA
ExtTextOutA
RectVisible
Escape
CreateDIBitmap
BitBlt
GetTextExtentPointA
CreateCompatibleDC
GetClipBox
PatBlt
CreateBitmap

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA

comctl32

ord17

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TK5ed10/newyx.txt
TK5ed10/savedata.tr5
setup.exe
.exe windows:4 windows x86 arch:x86

b1ce86732ca5e0ef531f0a541177d693

Code Sign

19:9d:f8:72
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=Time-Stamping Authority WoSign,O=WoSign eCommerce Services Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:9d:f8:8e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:cb:93:7f:07:32:59
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

18/03/2013, 08:46

Not After

19/03/2014, 18:02

Subject

CN=南京凡游网络技术有限公司,O=南京凡游网络技术有限公司,L=南京市,ST=江苏省,C=CN,1.2.840.113549.1.9.1=#0c0e70756a63406b756169382e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Apps\release\KuaibaDown.pdb

Imports

wininet

InternetOpenW
InternetSetOptionW
InternetOpenA
InternetCloseHandle
InternetSetOptionA
InternetOpenUrlA
InternetReadFile
InternetOpenUrlW
HttpQueryInfoW

msimg32

AlphaBlend

comctl32

_TrackMouseEvent

riched20

ord4

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

GetProcAddress
GetModuleFileNameW
LoadLibraryW
GetModuleHandleW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetCurrentThreadId
ResumeThread
SetEvent
ResetEvent
CreateEventW
SetFilePointer
SetEndOfFile
GetFileSize
ReadFile
WriteFile
FindNextFileW
FindClose
FindFirstFileW
FindResourceW
LoadResource
LockResource
FreeResource
SizeofResource
MulDiv
InterlockedIncrement
InterlockedDecrement
GetConsoleMode
GetConsoleCP
VirtualAlloc
IsValidCodePage
GetOEMCP
GetACP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
HeapReAlloc
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetTempPathW
RemoveDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
CreateFileW
CreateDirectoryW
GetLongPathNameW
GetCurrentDirectoryW
GetFileAttributesW
DeleteFileW
CloseHandle
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObject
GetLastError
Sleep
GetTickCount
CreateProcessW
LoadLibraryA
SetStdHandle
WriteConsoleA
GetLocaleInfoA
GetStringTypeA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
GetStringTypeW

user32

ShowCaret
HideCaret
CreateCaret
SetCaretPos
GetSysColor
FillRect
DrawTextW
CharPrevW
DrawIconEx
MoveWindow
RedrawWindow
ClientToScreen
OffsetRect
IntersectRect
CharNextW
IsRectEmpty
DrawFocusRect
SetCursor
CharNextA
DestroyIcon
RegisterClassExW
LoadImageW
GetAsyncKeyState
CreateAcceleratorTableW
InvalidateRgn
GetPropW
GetClassInfoExW
RegisterClassW
CallWindowProcW
DefWindowProcW
LoadCursorW
SetPropW
LoadBitmapW
GetFocus
IsWindow
GetMessageW
EndPaint
GetUpdateRect
GetDC
CreateWindowExW
DestroyAcceleratorTable
DestroyWindow
ReleaseDC
ReleaseCapture
GetMonitorInfoW
IsChild
SetCapture
MonitorFromWindow
SendMessageW
TranslateAcceleratorW
UpdateLayeredWindow
SetWindowRgn
GetCursorPos
DispatchMessageW
SetFocus
GetKeyState
ScreenToClient
InvalidateRect
BeginPaint
PtInRect
IsIconic
GetClientRect
IsZoomed
MapWindowPoints
GetWindowTextW
GetWindow
GetWindowTextLengthW
SetWindowTextW
SetForegroundWindow
GetWindowRect
ShowWindow
GetParent
LoadStringW
PostMessageW
KillTimer
GetWindowLongW
SetTimer
PostQuitMessage
SetWindowLongW
GetSystemMetrics
SetWindowPos
TranslateMessage
EnableWindow

gdi32

RoundRect
ExtSelectClipRgn
SetBkMode
SetBkColor
GetClipBox
StretchBlt
ExtTextOutW
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateRoundRectRgn
Rectangle
SetTextColor
CreateSolidBrush
SelectClipRgn
GetObjectW
CombineRgn
GetStockObject
CreateRectRgnIndirect
BitBlt
CreateCompatibleDC
GetDeviceCaps
SetStretchBltMode
GetCharABCWidthsW
SetBitmapBits
GetBitmapBits
TextOutW
CreateEllipticRgn
CreateRectRgn
CreateFontIndirectW
GetTextMetricsW
SelectObject
CreateDIBSection
DeleteDC
DeleteObject
CreatePen

advapi32

RegOpenKeyExW
RegCloseKey

ole32

CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
OleLockRunning
CoCreateInstance

oleaut32

OleLoadPicture
SysFreeString
SysAllocString

Sections

.text
Size: 428KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5af856723ea2ae69dc49d215c8d9474f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 9KB

SHARESEG Size: 4KB - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 3KB

a432bf69ca59a077055bc9234768d558

Headers

File Characteristics

Imports

key

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 12KB - Virtual size: 8KB

b1ce86732ca5e0ef531f0a541177d693

Code Sign

19:9d:f8:72Certificate

Extended Key Usages

Key Usages

19:9d:f8:8eCertificate

Key Usages

0f:cb:93:7f:07:32:59Certificate

Extended Key Usages

Key Usages

3dCertificate

Key Usages

01Certificate

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

wininet

msimg32

comctl32

riched20

version

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Sections

.text Size: 428KB - Virtual size: 425KB

.rdata Size: 80KB - Virtual size: 76KB

.data Size: 12KB - Virtual size: 18KB

.tls Size: 4KB - Virtual size: 9B

.rsrc Size: 48KB - Virtual size: 45KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 9KB

SHARESEG
Size: 4KB - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 12KB - Virtual size: 8KB

19:9d:f8:72
Certificate

19:9d:f8:8e
Certificate

0f:cb:93:7f:07:32:59
Certificate

3d
Certificate

01
Certificate

.text
Size: 428KB - Virtual size: 425KB

.rdata
Size: 80KB - Virtual size: 76KB

.data
Size: 12KB - Virtual size: 18KB

.tls
Size: 4KB - Virtual size: 9B

.rsrc
Size: 48KB - Virtual size: 45KB