22ff4bd5a4497f02fba15bc47a269cd2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

22ff4bd5a4497f02fba15bc47a269cd2_JaffaCakes118
Size

32.0MB
MD5

22ff4bd5a4497f02fba15bc47a269cd2
SHA1

ab185a3b9fe368d6c1ff1dee52a9994b1b6b4829
SHA256

a7844e25bb6c4c6082278061059cf236d8ba081558e02fe897ec482e3c20b68a
SHA512

8b20ccdc6813dbafb7ebebd188440ebef0cfacf1808717e0a4cafa552673e8696b5a70c0bb569c1e1587cf1d0b69c78b595e0b50f1daef6db0c98f1eead0cf52
SSDEEP

786432:x7mNMT3zO5GmXJXxk9LBl8pozunYP+3bI5DSQd1i6j8Lqx9:kU3qphxkNh4bI5DSK1iAEU9

Score

1^/10

Malware Config

Signatures

Files

22ff4bd5a4497f02fba15bc47a269cd2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5f305250e0893c4f1ae1e5349a4d30c0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:1e:67:40:59:76:89:87:ad:cd:c3:93:b3:f3:a2:4a
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

01/04/2015, 00:00

Not After

31/03/2016, 23:59

Subject

CN=深圳瓶子科技有限公司,O=深圳瓶子科技有限公司,L=深圳市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:43:5f:75:7c:1d:28:91:62:1e:15:eb:5a:70:ad:53:54:fe:6a:87
Signer

Actual PE Digest

36:43:5f:75:7c:1d:28:91:62:1e:15:eb:5a:70:ad:53:54:fe:6a:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\bottle_pc\Project\Shuame\PackTool_Old\Release\Installer\Setup\Basic\Bin\ShuamePacket.pdb

Imports

kernel32

FlushInstructionCache
DeleteCriticalSection
MapViewOfFileEx
CreateFileMappingW
UnmapViewOfFile
GlobalUnlock
GlobalLock
GlobalAlloc
MoveFileW
lstrcpynW
CopyFileW
GetTempPathW
GetLocalTime
GetDiskFreeSpaceExW
TerminateThread
FreeLibrary
lstrcmpiW
LoadLibraryExW
InterlockedDecrement
InterlockedIncrement
MapViewOfFile
WaitForMultipleObjects
GetExitCodeThread
GetSystemInfo
GetSystemTimes
GetSystemTimeAsFileTime
SetFilePointer
GetFullPathNameW
GetFullPathNameA
CreateFileA
SetEndOfFile
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
UnlockFileEx
FormatMessageA
WriteFile
FormatMessageW
GetVersionExW
GetFileAttributesA
FlushFileBuffers
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
GetDiskFreeSpaceA
GetFileAttributesExW
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
VirtualFree
VirtualAlloc
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
GetStdHandle
CreateToolhelp32Snapshot
GetCPInfo
QueryDosDeviceW
GetModuleHandleW
GetCurrentProcess
LoadLibraryW
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
OutputDebugStringW
SetLastError
GetModuleFileNameW
GetFileAttributesW
GetProcAddress
SetEnvironmentVariableA
GetDriveTypeA
GetCurrentDirectoryA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
GetModuleHandleA
GetTimeZoneInformation
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
CompareStringW
CompareStringA
GetStringTypeW
LCMapStringW
LCMapStringA
RtlUnwind
ExitThread
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedExchange
LocalAlloc
IsProcessorFeaturePresent
HeapSize
HeapReAlloc
HeapDestroy
SetWaitableTimer
CreateWaitableTimerW
HeapFree
GetProcessHeap
HeapAlloc
ReleaseMutex
RaiseException
FreeResource
GetCurrentThreadId
Sleep
CreateThread
SetEvent
CreateEventW
ReadFile
GetFileSize
CreateFileW
GetSystemDirectoryW
RemoveDirectoryW
GetTempFileNameW
MoveFileExW
DeleteFileW
SetFileAttributesW
lstrcmpW
FindClose
FindNextFileW
FindFirstFileW
GetDriveTypeW
GetLogicalDriveStringsW
lstrlenW
GetVersion
lstrlenA
MultiByteToWideChar
GetLastError
GetTickCount
WideCharToMultiByte
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
FindResourceExW
FindResourceW
LoadResource
CreateMutexW
Process32NextW
TerminateProcess
OpenProcess
GetCurrentProcessId
CreateDirectoryW
Process32FirstW
LockResource
SizeofResource

user32

SetRect
PtInRect
GetDC
LoadCursorW
CopyRect
InflateRect
ReleaseDC
GetDesktopWindow
IntersectRect
IsRectEmpty
InvalidateRect
IsWindow
SetCursor
UnregisterClassA
SendMessageW
ShowWindow
DestroyWindow
GetKeyState
IsWindowEnabled
MoveWindow
GetClientRect
GetMonitorInfoW
LoadBitmapW
CharLowerW
CharUpperW
DestroyIcon
CharNextW
SetActiveWindow
GetActiveWindow
GetWindow
EnableWindow
LoadImageW
MapWindowPoints
SetFocus
SetForegroundWindow
IsIconic
EqualRect
GetCursorPos
UpdateLayeredWindow
GetClassInfoExW
RegisterClassExW
CreateWindowExW
SetRectEmpty
PostThreadMessageW
UpdateWindow
IsWindowVisible
IsDialogMessageW
MessageBoxW
KillTimer
SetTimer
LoadIconW
SetWindowPos
PostMessageW
UnionRect
OffsetRect
BeginPaint
EndPaint
SetCapture
ScreenToClient
ReleaseCapture
GetDlgCtrlID
InvalidateRgn
GetParent
GetDlgItem
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetWindowRect
MonitorFromWindow

gdi32

CombineRgn
CreateRectRgnIndirect
CreateFontIndirectW
GetStockObject
GetTextExtentPoint32W
GetRgnBox
CreateDIBSection
CreateCompatibleBitmap
DeleteObject
CreateCompatibleDC
BitBlt
SelectObject
RectInRegion
DeleteDC
GetObjectW

advapi32

RegOpenKeyExW
InitializeSecurityDescriptor
RegDeleteValueW
RegQueryInfoKeyW
RegOpenKeyW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegQueryValueExW
SetSecurityDescriptorDacl
RegCloseKey

shell32

SHChangeNotify
SHGetPathFromIDListW
ord680
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHFileOperationW
ShellExecuteW

ole32

CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitializeEx
CoCreateInstance

oleaut32

VariantCopy
VarUI4FromStr
VariantClear
SysAllocString
SysFreeString

shlwapi

PathRemoveBackslashW
SHDeleteKeyW
StrToIntA
PathAddBackslashW
PathFindFileNameW
PathFileExistsW

comctl32

_TrackMouseEvent
InitCommonControlsEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

dbghelp

MakeSureDirectoryPathExists

iphlpapi

GetAdaptersInfo
GetPerAdapterInfo

netapi32

Netbios

wininet

InternetReadFileExA
HttpQueryInfoW
HttpEndRequestW
InternetWriteFile
InternetOpenW
InternetSetOptionW
HttpOpenRequestW
InternetCloseHandle
InternetSetStatusCallbackW
InternetConnectW
InternetCrackUrlW
HttpSendRequestExW

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_strnicmp
sqlite3_temp_directory
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_utf8_to_mbcs

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 328KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f305250e0893c4f1ae1e5349a4d30c0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

14:1e:67:40:59:76:89:87:ad:cd:c3:93:b3:f3:a2:4aCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

36:43:5f:75:7c:1d:28:91:62:1e:15:eb:5a:70:ad:53:54:fe:6a:87Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

dbghelp

iphlpapi

netapi32

wininet

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 156KB - Virtual size: 156KB

.data Size: 44KB - Virtual size: 63KB

.rsrc Size: 328KB - Virtual size: 328KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

14:1e:67:40:59:76:89:87:ad:cd:c3:93:b3:f3:a2:4a
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

36:43:5f:75:7c:1d:28:91:62:1e:15:eb:5a:70:ad:53:54:fe:6a:87
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 156KB - Virtual size: 156KB

.data
Size: 44KB - Virtual size: 63KB

.rsrc
Size: 328KB - Virtual size: 328KB