11fac6d2d794f2be0ec6cceb8aa3d2e2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

11fac6d2d794f2be0ec6cceb8aa3d2e2_JaffaCakes118
Size

9.9MB
MD5

11fac6d2d794f2be0ec6cceb8aa3d2e2
SHA1

a2234bdf44daa94c6fd5f132e005a937b1934956
SHA256

a6d7333c37f5b9616a7e16f04345ddad3265f6cddcadc92fa279da8316c430c8
SHA512

0d39bb45360885b3b6a52906965e797f46e13cd80a65b808153499ff42d8c66556a78412f5b62670459a6951dd45ef9e365c7c77d0fdbb48e8262f7a104ab12b
SSDEEP

196608:Gm5GyXoOnsf0DFkYmV8CPrv8SENKEy3B7aFei9ir:GmXoOn4skJANKcw8ir

Score

1^/10

Malware Config

Signatures

Files

11fac6d2d794f2be0ec6cceb8aa3d2e2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0cf2749979cb15d89029d0840bd4504a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

30:05:7d:6e:26:0d:0a:17:ff:ad:1b:da:f6:67:eb:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/10/2017, 00:00

Not After

12/11/2019, 23:59

Subject

CN=Shanghai Oriental Webcasting Co. Ltd.,OU=IT,O=Shanghai Oriental Webcasting Co. Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:15:bf:0d:75:ea:66:90:38:08:05:c5:e4:5c:fa:82
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/10/2017, 00:00

Not After

12/11/2019, 23:59

Subject

CN=Shanghai Oriental Webcasting Co. Ltd.,OU=IT,O=Shanghai Oriental Webcasting Co. Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c3:17:47:ba:53:d7:09:75:4c:20:87:f3:18:ac:fd:e6:23:88:d2:83:96:17:cd:15:83:4f:6c:15:56:66:b2:75
Signer

Actual PE Digest

c3:17:47:ba:53:d7:09:75:4c:20:87:f3:18:ac:fd:e6:23:88:d2:83:96:17:cd:15:83:4f:6c:15:56:66:b2:75

Digest Algorithm

sha256

PE Digest Matches

true

ff:10:07:01:6b:21:3c:52:81:cb:f1:14:af:58:2a:57:97:0d:33:5d
Signer

Actual PE Digest

ff:10:07:01:6b:21:3c:52:81:cb:f1:14:af:58:2a:57:97:0d:33:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\workspace\yasuo_code\YaSuo\ChengXu\Tags\wntag_1.2.4.11016\pdbmap\WanNeng\WanNengInstall.pdb

Imports

kernel32

GetModuleHandleA
ExpandEnvironmentStringsW
PeekNamedPipe
WaitForMultipleObjects
GetSystemDirectoryA
SleepEx
InitializeCriticalSection
GetDriveTypeW
SetPriorityClass
DeviceIoControl
FlushConsoleInputBuffer
SystemTimeToTzSpecificLocalTime
ReadConsoleInputA
GlobalMemoryStatus
GetFullPathNameW
GetDiskFreeSpaceExW
WinExec
GetTempPathW
LockResource
MultiByteToWideChar
FindResourceW
LoadLibraryExW
lstrcmpiW
SizeofResource
LoadResource
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
InterlockedDecrement
InterlockedIncrement
QueryPerformanceFrequency
SetConsoleMode
GetVersionExA
QueryPerformanceCounter
GetPrivateProfileStringW
GetPrivateProfileIntW
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
DeleteFileW
VerSetConditionMask
GetTickCount
GetCurrentDirectoryW
VerifyVersionInfoW
FreeResource
ExitProcess
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
SetLastError
GetFileType
SetFilePointer
SetFileTime
DuplicateHandle
SystemTimeToFileTime
DosDateTimeToFileTime
CreateDirectoryW
GetLocalTime
WaitForSingleObject
GetLongPathNameW
GetTempFileNameW
GetFileAttributesW
ReadProcessMemory
FindClose
FileTimeToSystemTime
FormatMessageW
CreateProcessW
RemoveDirectoryW
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileExW
GetVersion
VirtualAllocEx
VirtualFreeEx
WriteProcessMemory
lstrcpynW
ReleaseMutex
CreateMutexW
VirtualProtect
SetErrorMode
GetSystemDirectoryW
GetVolumeInformationW
GetNativeSystemInfo
LoadLibraryA
IsBadReadPtr
RtlUnwind
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetStdHandle
ExitThread
FreeLibraryAndExitThread
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
GetStringTypeW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetConsoleCtrlHandler
OutputDebugStringA
SetStdHandle
FlushFileBuffers
GetTimeZoneInformation
WriteConsoleW
SetEndOfFile
LoadLibraryW
lstrcpyW
WriteFile
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
QueryDosDeviceW
GetModuleHandleW
GetLogicalDriveStringsW
GetCurrentProcessId
OpenProcess
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetProcAddress
Sleep
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
DecodePointer
CreateFileW
WritePrivateProfileStringW
GetModuleFileNameW
lstrlenW
CloseHandle
AreFileApisANSI
ReadFile
GetFileSize
CreateThread
WideCharToMultiByte
GetVersionExW
GetACP

user32

ClientToScreen
GetSysColor
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
CreateAcceleratorTableW
InvalidateRgn
FindWindowExW
GetClassNameW
GetWindowThreadProcessId
GetShellWindow
SystemParametersInfoW
IsWindowVisible
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
DefWindowProcW
wsprintfW
GetWindow
GetParent
PtInRect
IsRectEmpty
MapWindowPoints
ScreenToClient
GetCursorPos
GetClientRect
GetUpdateRect
EndPaint
BeginPaint
GetCaretPos
GetDC
KillTimer
ReleaseCapture
SetCapture
GetKeyState
GetFocus
SetFocus
IsZoomed
UpdateLayeredWindow
DestroyWindow
CreateWindowExW
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadCursorW
OffsetRect
UnionRect
InflateRect
SetCursor
SetCaretPos
ShowCaret
HideCaret
PostMessageW
PostQuitMessage
CreateCaret
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetDesktopWindow
SetRect
FillRect
DrawTextW
CharPrevW
GetWindowRgn
IntersectRect
MessageBoxW
SetWindowRgn
IsIconic
GetMonitorInfoW
MonitorFromWindow
ShowWindow
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
SetWindowPos
SetTimer
InvalidateRect
LoadImageW
GetWindowLongW
SetWindowLongW
LoadStringW
IsWindow
SetForegroundWindow
FindWindowW
CharNextW
MoveWindow
GetForegroundWindow
GetWindowRect
GetPropW
SetPropW
GetSystemMetrics
EnableWindow
ReleaseDC

advapi32

ReportEventA
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegEnumValueA
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyW
RegEnumKeyW
DuplicateTokenEx
LookupAccountSidW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DeregisterEventSource
RegisterEventSourceA
GetTokenInformation
OpenProcessToken
RegQueryValueExW
ImpersonateLoggedOnUser
RevertToSelf
RegSetValueExW

shell32

ord155
SHGetFolderPathW
SHGetFolderLocation
SHGetDesktopFolder
SHGetDataFromIDListW
SHGetSpecialFolderPathW
SHAppBarMessage
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
RevokeDragDrop
RegisterDragDrop
CoInitialize

oleaut32

VariantInit
VariantClear
SysFreeString
VarUI4FromStr
SysAllocString

shlwapi

PathFileExistsW
PathAppendW
ord219

psapi

GetModuleFileNameExW
EnumProcessModules
GetProcessImageFileNameW

crypt32

CertFindCertificateInStore
CryptQueryObject
CertCloseStore
CertGetNameStringW
CertFreeCertificateContext
CryptMsgGetParam
CryptMsgClose

comctl32

ord17
_TrackMouseEvent

urlmon

URLDownloadToFileW

iphlpapi

GetAdaptersInfo

netapi32

NetApiBufferFree
NetWkstaGetInfo

gdi32

MoveToEx
BitBlt
TextOutW
GetObjectA
CreateSolidBrush
CreateRectRgnIndirect
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreatePenIndirect
CombineRgn
PtInRegion
CreateRectRgn
GetDeviceCaps
GetDIBits
CreateDCW
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
CreateDIBSection
GetTextMetricsW
SelectObject
SaveDC
RestoreDC
Rectangle
GetStockObject
DeleteObject
DeleteDC
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap

gdiplus

GdipCreateFontFromDC
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawImageRectRect
GdipFillRectangleI
GdipDrawPath
GdipDrawRectangleI
GdipDeletePen
GdipSetTextRenderingHint
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipSetCompositingMode
GdipGetImagePixelFormat
GdipGetImageWidth
GdipGetImageHeight
GdipSetPenMode
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdipDrawArcI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipCreateStringFormat
GdipCreateLineBrushI
GdiplusShutdown
GdiplusStartup
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipSetInterpolationMode
GdipCreateFontFromLogfontA
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAddPathArcI
GdipDeletePath
GdipCreatePath
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipBitmapUnlockBits
GdipAddPathLineI

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

InternetOpenW
InternetCloseHandle
InternetSetOptionW
InternetOpenUrlW
HttpQueryInfoW
InternetReadFile

ws2_32

gethostname
ioctlsocket
sendto
recvfrom
listen
accept
select
__WSAFDIsSet
getservbyname
getservbyport
gethostbyname
gethostbyaddr
inet_ntoa
inet_addr
htonl
WSASetLastError
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
socket
closesocket
WSAGetLastError
send
recv
WSACleanup
WSAStartup
shutdown

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 418KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.8MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0cf2749979cb15d89029d0840bd4504a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

30:05:7d:6e:26:0d:0a:17:ff:ad:1b:da:f6:67:eb:f4Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

4f:15:bf:0d:75:ea:66:90:38:08:05:c5:e4:5c:fa:82Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

c3:17:47:ba:53:d7:09:75:4c:20:87:f3:18:ac:fd:e6:23:88:d2:83:96:17:cd:15:83:4f:6c:15:56:66:b2:75Signer

ff:10:07:01:6b:21:3c:52:81:cb:f1:14:af:58:2a:57:97:0d:33:5dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

crypt32

comctl32

urlmon

iphlpapi

netapi32

gdi32

gdiplus

imm32

version

wininet

ws2_32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 418KB - Virtual size: 418KB

.data Size: 44KB - Virtual size: 72KB

.gfids Size: 512B - Virtual size: 436B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 7.8MB - Virtual size: 7.8MB

.reloc Size: 82KB - Virtual size: 81KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

30:05:7d:6e:26:0d:0a:17:ff:ad:1b:da:f6:67:eb:f4
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

4f:15:bf:0d:75:ea:66:90:38:08:05:c5:e4:5c:fa:82
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

c3:17:47:ba:53:d7:09:75:4c:20:87:f3:18:ac:fd:e6:23:88:d2:83:96:17:cd:15:83:4f:6c:15:56:66:b2:75
Signer

ff:10:07:01:6b:21:3c:52:81:cb:f1:14:af:58:2a:57:97:0d:33:5d
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 418KB - Virtual size: 418KB

.data
Size: 44KB - Virtual size: 72KB

.gfids
Size: 512B - Virtual size: 436B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 7.8MB - Virtual size: 7.8MB

.reloc
Size: 82KB - Virtual size: 81KB