146b66852d0e48ae57d2b13f03ff58c0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

146b66852d0e48ae57d2b13f03ff58c0_JaffaCakes118
Size

328KB
MD5

146b66852d0e48ae57d2b13f03ff58c0
SHA1

97bfda4c0b278f65f3e6bb830484a0d02df03caa
SHA256

4b12d0a0ea723d97104f79ec1f3fab00233506910962269b34e8af5f75a984ee
SHA512

fd9135133c168b1f966a4958974ef2cde56d09117918dd0bb6c179224c5069912f43ae5537ded20a94597da23086f73ab70233d36c2d341a0393b9daa8b1f9d3
SSDEEP

3072:gY1Hb+XR+eoVGociU1VSb0UU8d4j2i1sDGwCC/9lnNbseOZ6eZV/VLe:gY1HbG+eJocUbqDjNY1BOZ6u/Be

Score

1^/10

Malware Config

Signatures

Files

146b66852d0e48ae57d2b13f03ff58c0_JaffaCakes118
.dll windows:5 windows x86 arch:x86

9d7706ec0a2a183b479348cf448570fc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

41:da:d5:9a:6c:a7:7a:2d:24:61:25:08:38:03:46:4f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

12/04/2018, 00:00

Not After

12/07/2019, 23:59

Subject

CN=Shenzhen Thinksky Technology Co.\,Ltd,OU=R&D Dept.,O=Shenzhen Thinksky Technology Co.\,Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:da:d5:9a:6c:a7:7a:2d:24:61:25:08:38:03:46:4f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

12/04/2018, 00:00

Not After

12/07/2019, 23:59

Subject

CN=Shenzhen Thinksky Technology Co.\,Ltd,OU=R&D Dept.,O=Shenzhen Thinksky Technology Co.\,Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ca:50:d1:fc:18:77:44:9d:ed:46:a7:f4:0e:6b:b4:c4:23:16:33:27:2e:15:e1:72:5c:d3:cf:16:5f:a8:ae:5d
Signer

Actual PE Digest

ca:50:d1:fc:18:77:44:9d:ed:46:a7:f4:0e:6b:b4:c4:23:16:33:27:2e:15:e1:72:5c:d3:cf:16:5f:a8:ae:5d

Digest Algorithm

sha256

PE Digest Matches

true

bc:38:2f:c5:53:90:58:7b:50:69:83:92:35:1d:af:4a:8a:d4:d9:5d
Signer

Actual PE Digest

bc:38:2f:c5:53:90:58:7b:50:69:83:92:35:1d:af:4a:8a:d4:d9:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Program Files (x86)\Jenkins\workspace\iTools3\Release\iTunesAssist.pdb

Imports

rpcrt4

RpcServerListen
RpcBindingFromStringBindingA
RpcServerRegisterIf
NdrServerCall2
NdrClientCall2
RpcMgmtStopServerListening
RpcServerUnregisterIf
RpcStringBindingComposeA
RpcServerUseProtseqEpA

kernel32

GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
OpenProcess
WaitForSingleObject
LoadLibraryW
GetModuleHandleW
GetProcAddress
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
CreateEventA
CloseHandle
SetEvent
GetCurrentThreadId
GetCurrentThread
GetSystemTimeAsFileTime
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcess
GetThreadContext
VirtualQuery
InitializeCriticalSection
Sleep
LeaveCriticalSection
SetThreadPriority
FlushInstructionCache
VirtualAlloc
EnterCriticalSection
OpenThread
GetSystemInfo
GetThreadPriority
VirtualProtect
SuspendThread
ResumeThread
InterlockedCompareExchange
InterlockedExchange
HeapFree
HeapAlloc
GetProcessHeap
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
HeapReAlloc
HeapSize
HeapDestroy

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

oleaut32

BSTR_UserFree
SysFreeString
SysAllocString
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
SysAllocStringLen

iosdevice

iTunesCalcCIGHash
ATHostInitGrappaHost
ATHostEstablishGrappaKey
CreateIiTunesAuthLocal
InitiTunesBaseAPI

msvcp100

?_Xfunc@tr1@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_BADOFF@std@@3_JB
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z

psapi

GetModuleInformation

tslib

??1JValue@@QAE@XZ
?read@JValue@@QAE_NPBDPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0CHIconv@@QAE@XZ
??1CHIconv@@QAE@XZ
??0CHLock@@QAE@XZ
?Lock@CHLock@@QAEXXZ
?Unlock@CHLock@@QAEXXZ
??1CHLock@@QAE@XZ
??0JValue@@QAE@W4TYPE@0@@Z

misccore

AMDServiceConnectionCreate
AMDServiceConnectionSend
AMDServiceConnectionSendMessage
AMDServiceConnectionReceive
AMDServiceConnectionReceiveMessage
AMDServiceConnectionInvalidate
AMDeviceLookupApplications
AMDeviceGetInterfaceType
AMDeviceWakeupOperationSchedule
CFRunLoopGetMain
AMDeviceWakeupOperationCreateWithToken
AMRecoveryModeDeviceCopyAuthInstallPreflightOptions
AMDeviceCopyAuthInstallPreflightOptions
AMRestoreCreateDefaultOptions
AMDFUModeDeviceCopyAuthInstallPreflightOptions
AMRestorePerformDFURestore
AMRestorePerformRecoveryModeRestore
AMRestoreModeDeviceCreate
AMRestoreModeDeviceCopyEcid
AMRecoveryModeDeviceGetECID
AMDFUModeDeviceGetECID
AMRestorableDeviceRegisterForNotifications
CFErrorCopyUserInfo
CFErrorGetDomain
CFErrorGetCode
AMRestorableDeviceGetECID
AMRestorableDeviceRestore
AMRestorableDeviceGetRecoveryModeDevice
AMRestorableDeviceGetDFUModeDevice
AMRecoveryModeDeviceGetTypeID
AMRestorableDeviceCopyRestoreModeDevice
AMRestorableDeviceGetState
AMRestorableDeviceGetProductType
AMRestorableDeviceGetProductID
AFCConnectionOpen
AFCDirectoryOpen
AFCDirectoryRead
AFCDirectoryClose
AFCDirectoryCreate
AFCRemovePath
AFCRenamePath
AFCDeviceInfoOpen
AFCKeyValueClose
AFCKeyValueRead
AFCConnectionClose
AFCFileInfoOpen
AFCFileRefOpen
AFCFileRefRead
AFCFileRefWrite
AFCFileRefSeek
AFCFileRefTell
AFCFileRefLock
AFCFileRefUnlock
AFCFileRefClose
AFCConnectionSetSecureContext
CreateIPList
CFStringGetTypeID
CFGetTypeID
CFDictionaryGetTypeID
InitAPICore
AMDeviceActivate
AMRecoveryModeDeviceCopySerialNumber
AMRecoveryModeDeviceSetAutoBoot
AMRecoveryModeDeviceReboot
AMDeviceEnterRecovery
AMDPostNotification
USBMuxConnectByPort
AMDShutdownNotificationProxy
AMDListenForNotifications
AMDeviceNotificationUnsubscribe
AMDObserveNotification
AMDeviceCopyDeviceIdentifier
AMDeviceNotificationSubscribe
AMDServiceConnectionGetSecureIOContext
AMDServiceConnectionGetSocket
AMDeviceSecureStartService
AMDeviceGetConnectionID
AMDeviceValidatePairing
AMDeviceStartSession
AMDeviceStopSession
AMDeviceSetValue
AMDeviceCopyValue
AMDeviceIsPaired
AMDevicePairWithOptions
AMDevicePair
AMDeviceRelease
AMDeviceRetain
AMDeviceDisconnect
AMDeviceConnect
AMDeviceDeactivate

wininet

InternetCloseHandle
InternetOpenW

msvcr100

__clean_type_info_names_internal
__CxxFrameHandler3
memcpy
_CxxThrowException
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_onexit
_lock
printf
_snprintf
fflush
__iob_func
_wassert
_beginthread
wmemcpy_s
memmove_s
wcsnlen
exit
_purecall
memmove
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??2@YAPAXI@Z
memcpy_s
free
malloc
??3@YAXPAX@Z
_unlock
__dllonexit
memset

Exports

Exports

ItsInit

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d7706ec0a2a183b479348cf448570fc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

41:da:d5:9a:6c:a7:7a:2d:24:61:25:08:38:03:46:4fCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

41:da:d5:9a:6c:a7:7a:2d:24:61:25:08:38:03:46:4fCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

ca:50:d1:fc:18:77:44:9d:ed:46:a7:f4:0e:6b:b4:c4:23:16:33:27:2e:15:e1:72:5c:d3:cf:16:5f:a8:ae:5dSigner

bc:38:2f:c5:53:90:58:7b:50:69:83:92:35:1d:af:4a:8a:d4:d9:5dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

kernel32

advapi32

oleaut32

iosdevice

msvcp100

psapi

tslib

misccore

wininet

msvcr100

Exports

Exports

Sections

.text Size: 109KB - Virtual size: 108KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 156KB - Virtual size: 157KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 13KB - Virtual size: 12KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

41:da:d5:9a:6c:a7:7a:2d:24:61:25:08:38:03:46:4f
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

41:da:d5:9a:6c:a7:7a:2d:24:61:25:08:38:03:46:4f
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

ca:50:d1:fc:18:77:44:9d:ed:46:a7:f4:0e:6b:b4:c4:23:16:33:27:2e:15:e1:72:5c:d3:cf:16:5f:a8:ae:5d
Signer

bc:38:2f:c5:53:90:58:7b:50:69:83:92:35:1d:af:4a:8a:d4:d9:5d
Signer

.text
Size: 109KB - Virtual size: 108KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 156KB - Virtual size: 157KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 13KB - Virtual size: 12KB