17352da4ed1557fcd47cd25359a97047_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17352da4ed1557fcd47cd25359a97047_JaffaCakes118
Size

4.9MB
MD5

17352da4ed1557fcd47cd25359a97047
SHA1

2a4fb18ec0d6b7f27f512c5aa1ac34db242e9ff4
SHA256

5f6e77e6a7262da0ef3638a2870775da088380483bd5608822ab951e73ad031e
SHA512

77591c5dd5a5f9171ed1240126cc4781ec40a1dc7702d9171d7faff8bbb01344617d515774afff4a1c70628ad27544919e9e0c5d30f6499879821d0c2cd0837d
SSDEEP

49152:l0Qh0OFcQw9ioimVRJelOcS9rFA1q9AyRhfAmvKQUXlMj8vf1g7ET/4WtftVuk/O:am0nhijMD9pKAHCpQ81g7Itzuk/O

Score

1^/10

Malware Config

Signatures

Files

17352da4ed1557fcd47cd25359a97047_JaffaCakes118
.dll windows:5 windows x86 arch:x86

0fd6c2568420f823cf69e793ed85f7c5

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:57:c3:39:eb:73:c7:6d:7d:f6:a2:ad:47:8e:66:e3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/08/2015, 00:00

Not After

26/09/2017, 23:59

Subject

CN=Sogou.com,OU=Desktop Business Division,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\project\sogouime\branch\PinyinDev_R_7_8\Bin\SogouPdb\SogouInput\SogouPy.pdb

Imports

msimg32

GradientFill
TransparentBlt
AlphaBlend

kernel32

LCMapStringW
DuplicateHandle
OpenProcess
GetCurrentProcess
InterlockedIncrement
ResetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
DeleteFileW
LoadLibraryW
CreateSemaphoreW
ReleaseSemaphore
CreateEventW
OpenThread
SetEvent
CreateThread
ReleaseMutex
OpenFileMappingW
CreateFileMappingW
OpenMutexW
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
MultiByteToWideChar
ResumeThread
InterlockedCompareExchange
GlobalGetAtomNameW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetNamedPipeHandleState
EnterCriticalSection
GetLastError
GlobalAddAtomW
GetCurrentThread
SetThreadPriority
GetTempPathW
GetSystemDirectoryW
GetFileAttributesExW
CreateFileW
ReadFile
LeaveCriticalSection
Sleep
InitializeCriticalSection
WriteFile
WaitNamedPipeW
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetCurrentThreadId
GetACP
InterlockedDecrement
GetCurrentProcessId
OutputDebugStringW
GetModuleFileNameA
GlobalFree
GlobalUnlock
GetModuleFileNameW
GlobalAlloc
TlsSetValue
GlobalLock
TlsGetValue
GetCommandLineW
WideCharToMultiByte
CloseHandle
OpenEventW
GetProcAddress
SetEnvironmentVariableA
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
GetFullPathNameA
SetEndOfFile
SetStdHandle
GetStringTypeW
GetStartupInfoA
SetHandleCount
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetCurrentDirectoryA
GetFullPathNameW
LCMapStringA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetQueuedCompletionStatus
TransactNamedPipe
InterlockedExchange
CreateIoCompletionPort
ExitThread
GetVersionExW
IsBadReadPtr
CreateMutexW
FindFirstFileW
FindClose
FileTimeToSystemTime
GetLocalTime
HeapAlloc
GetProcessHeap
VirtualAlloc
LoadLibraryA
VirtualProtect
VirtualFree
GetFileTime
CreateDirectoryW
FindNextFileW
RemoveDirectoryW
GetFileSize
lstrlenA
FreeLibrary
HeapFree
LocalAlloc
LocalFree
DeviceIoControl
CreateFileA
lstrcpyA
GetSystemDirectoryA
lstrcatA
CopyFileA
HeapReAlloc
SetLastError
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetTempFileNameW
CreateProcessW
MoveFileExW
CopyFileW
GetExitCodeProcess
GetFileAttributesW
GetProcessId
SetFileAttributesW
SetFilePointer
FormatMessageW
GetLogicalDriveStringsW
QueryDosDeviceW
TlsAlloc
TlsFree
GetConsoleMode
FlushFileBuffers
VirtualQuery
SetUnhandledExceptionFilter
TerminateProcess
lstrlenW
lstrcatW
IsDebuggerPresent
lstrcpyW
FindResourceW
LoadResource
SizeofResource
LockResource
GlobalHandle
WaitForSingleObjectEx
SetWaitableTimer
CreateWaitableTimerW
OpenWaitableTimerW
SleepEx
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
FormatMessageA
LoadLibraryExW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
CompareStringW
MulDiv
GetWindowsDirectoryA
GlobalReAlloc
CreateFileMappingA
OpenFileMappingA
GetModuleHandleA
SwitchToThread
RaiseException
UnhandledExceptionFilter
ExitProcess
GetCommandLineA
GetTimeZoneInformation
FileTimeToLocalFileTime
GetDriveTypeW
RtlUnwind
GetFileInformationByHandle
GetDriveTypeA
FindFirstFileA
GetCPInfo
GetOEMCP
IsValidCodePage
HeapCreate
HeapDestroy
HeapSize
GetConsoleCP
FreeEnvironmentStringsA

user32

PeekMessageW
PostThreadMessageW
GetKeyboardState
GetForegroundWindow
MessageBoxW
SendMessageW
SetWindowLongW
PostMessageW
GetMessageW
SetTimer
IsWindow
wsprintfW
wsprintfA
WindowFromPoint
IsCharAlphaNumericW
SetRectEmpty
SetWindowPos
MsgWaitForMultipleObjectsEx
wvsprintfW
CopyRect
GetMonitorInfoW
ReleaseCapture
EqualRect
CreateWindowExW
ReleaseDC
OffsetRect
GetDC
GetClientRect
LoadCursorW
SetCapture
MonitorFromPoint
UpdateLayeredWindow
SetCursor
DefWindowProcW
CallWindowProcW
EnableWindow
RegisterClassExW
SetPropW
BeginPaint
IsWindowEnabled
TrackMouseEvent
UnregisterClassW
NotifyWinEvent
ScreenToClient
EndPaint
DrawTextW
IntersectRect
SubtractRect
RedrawWindow
GetCursor
SetMenuItemInfoW
FillRect
GetMenuItemRect
MenuItemFromPoint
GetMenuItemID
GetKeyboardLayoutList
LoadStringW
DestroyIcon
CreateDialogParamW
DialogBoxParamW
SetClipboardData
SetCaretPos
OpenClipboard
EmptyClipboard
CloseClipboard
GetWindowPlacement
InflateRect
SetCursorPos
SetClassLongW
GetClassLongW
SetWindowRgn
mouse_event
GetClassInfoExW
SetScrollInfo
PostQuitMessage
LoadBitmapW
IsRectEmpty
EndDialog
LoadIconW
FindWindowW
GetParent
GetFocus
SetForegroundWindow
DestroyWindow
GetMenuItemCount
GetCursorPos
GetMenuItemInfoW
LoadImageW
GetWindowLongW
UnhookWindowsHookEx
SetWindowsHookExW
GetDesktopWindow
GetClassNameW
GetWindowTextW
GetAsyncKeyState
CallNextHookEx
GetKeyState
GetMessageExtraInfo
SendInput
keybd_event
GetSystemMetrics
DispatchMessageW
TranslateMessage
SendMessageTimeoutW
GetWindowTextLengthW
SetRect
MoveWindow
EnumWindows
KillTimer
UnregisterHotKey
RegisterHotKey
InvalidateRect
IsWindowVisible
GetWindowRect
IsIconic
SystemParametersInfoW
ShowWindow
ClientToScreen
PtInRect
GetAncestor
GetCaretPos
FindWindowExW
GetPropW
GetWindowThreadProcessId
GetWindow
RegisterWindowMessageW

gdi32

SetMapMode
ExtCreateRegion
GetTextExtentPoint32W
GetCharABCWidthsFloatW
CombineRgn
OffsetRgn
Rectangle
GetPixel
GetObjectW
CreateCompatibleDC
SelectObject
DeleteObject
CreateDIBSection
DeleteDC
GetClipRgn
MoveToEx
LineTo
SelectClipRgn
CreateCompatibleBitmap
GetFontUnicodeRanges
GetTextExtentExPointW
CreateRectRgn
CreatePen
GetTextMetricsW
GetTextExtentPointW
CreateSolidBrush
GetDeviceCaps
StretchDIBits
GetFontData
CreateFontIndirectW
BitBlt
SetTextColor
GetStockObject
StretchBlt
SetBkMode
SetTextCharacterExtra
CreateDCW
SetBkColor
CreateFontW

advapi32

LookupAccountSidW
OpenProcessToken
GetTokenInformation
RegOpenKeyW
RegCreateKeyExW
AddAccessAllowedAceEx
SetNamedSecurityInfoW
GetNamedSecurityInfoW
InitializeAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
GetLengthSid
SetSecurityDescriptorSacl
RegQueryValueW
CryptDecrypt
CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptSetKeyParam
CryptImportKey
CryptAcquireContextW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyW
RegSetValueExW
RegEnumValueW
RegEnumKeyW
RegQueryInfoKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
RegDeleteValueA
RegEnumValueA
CryptGetKeyParam
RegCreateKeyExA
RegNotifyChangeKeyValue

imm32

ImmGetHotKey
ImmGenerateMessage
ImmGetIMCCSize
ImmCreateIMCC
ImmReSizeIMCC
ImmNotifyIME
ImmDisableIME
ImmLockIMCC
ImmUnlockIMC
ImmAssociateContextEx
ImmLockIMC
ImmUnlockIMCC

ws2_32

WSAStartup
WSACleanup
closesocket
WSAGetLastError
recv
send
getsockname
ntohs
bind
htons
getsockopt
getpeername
setsockopt
connect
socket
inet_addr
gethostbyname
inet_ntoa
htonl
getservbyname
gethostbyaddr
getservbyport
WSASetLastError
gethostname
sendto
recvfrom
accept
listen
__WSAFDIsSet
select
ioctlsocket

shlwapi

wnsprintfA
SHGetValueW
SHDeleteKeyA

oleacc

LresultFromObject
AccessibleObjectFromWindow

Exports

Exports

ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 886KB - Virtual size: 885KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 159KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0fd6c2568420f823cf69e793ed85f7c5

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

76:57:c3:39:eb:73:c7:6d:7d:f6:a2:ad:47:8e:66:e3Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

msimg32

kernel32

user32

gdi32

advapi32

imm32

ws2_32

shlwapi

oleacc

Exports

Exports

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 886KB - Virtual size: 885KB

.data Size: 159KB - Virtual size: 266KB

.rsrc Size: 152KB - Virtual size: 152KB

.reloc Size: 220KB - Virtual size: 219KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

76:57:c3:39:eb:73:c7:6d:7d:f6:a2:ad:47:8e:66:e3
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 886KB - Virtual size: 885KB

.data
Size: 159KB - Virtual size: 266KB

.rsrc
Size: 152KB - Virtual size: 152KB

.reloc
Size: 220KB - Virtual size: 219KB