2379a59153dcedc5925559370473e182_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2379a59153dcedc5925559370473e182_JaffaCakes118
Size

3.0MB
MD5

2379a59153dcedc5925559370473e182
SHA1

092ab60781956817c364a559c9065d35e2506d01
SHA256

63c603cde627bf17bb3348f67f4b330b69c7579dabbdfc7b6aea01031e367346
SHA512

a67ff4877ef146b3a6962474a03d77a73c02538ba05d2d733f1b36a23f89afedfe2ec9148eb449220f0ea6b23d0276489c4019d203fbbfa041fd58cc3f3bdbd3
SSDEEP

49152:TOnDVI7Fi+++rMCgwes02mxEDvTmym6H7lfAR/JtwR:HBiwhbqaW6HxYRI

Score

1^/10

Malware Config

Signatures

Files

2379a59153dcedc5925559370473e182_JaffaCakes118
.dll windows:4 windows x86 arch:x86

44c9964f0f43aa25542f7a2ea5bee825

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5b:32:d2:7a:2e:b6:b4:cf:47:4f:83:97:38:12:9c:46
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/10/2017, 00:00

Not After

10/10/2019, 23:59

Subject

CN=北京布丁跳跳科技有限公司,OU=IT,O=北京布丁跳跳科技有限公司,L=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:7b:68:fb:e4:74:c7:69:f8:4e:87:90:2a:7a:f2:85
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

10/10/2017, 00:00

Not After

10/10/2019, 23:59

Subject

CN=北京布丁跳跳科技有限公司,OU=IT,O=北京布丁跳跳科技有限公司,L=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

84:0a:d6:bd:0d:28:e5:21:0a:36:e0:b5:e6:40:cd:b3:fa:4b:7a:c3:6f:dc:f0:bd:3e:d2:21:2e:b7:e3:d5:93
Signer

Actual PE Digest

84:0a:d6:bd:0d:28:e5:21:0a:36:e0:b5:e6:40:cd:b3:fa:4b:7a:c3:6f:dc:f0:bd:3e:d2:21:2e:b7:e3:d5:93

Digest Algorithm

sha256

PE Digest Matches

true

a3:79:c1:36:59:ad:df:71:91:85:54:ad:5f:4a:18:b0:f1:91:81:ae
Signer

Actual PE Digest

a3:79:c1:36:59:ad:df:71:91:85:54:ad:5f:4a:18:b0:f1:91:81:ae

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Jenkins\workspace\srf_develop\ShuRuFa\程序\Trunk\Bin\pdbmap\SmartCloud\MainDll32.pdb

Imports

imm32

ImmGenerateMessage
ImmCreateIMCC
ImmReSizeIMCC
ImmLockIMCC
ImmUnlockIMCC
ImmLockIMC
ImmUnlockIMC

shlwapi

PathFileExistsW
PathFileExistsA

kernel32

GetCurrentProcess
FreeLibrary
LocalFree
InterlockedDecrement
LocalAlloc
GetWindowsDirectoryW
SetUnhandledExceptionFilter
CreateMutexW
ReleaseMutex
TlsGetValue
TlsSetValue
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SizeofResource
LockResource
LoadResource
FindResourceW
MulDiv
LCMapStringW
lstrcpyW
GetModuleFileNameA
ResumeThread
GetThreadContext
SuspendThread
GetCurrentThread
GlobalAddAtomW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
TlsAlloc
GetPrivateProfileIntW
GlobalFree
GetSystemTime
FormatMessageA
GetTempPathA
DeleteFileA
GetFileAttributesA
UnlockFile
LockFileEx
LockFile
AreFileApisANSI
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetFullPathNameA
GetLocaleInfoW
FlushFileBuffers
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LoadLibraryA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
SetLastError
TlsFree
GetCPInfo
LCMapStringA
GetVersionExA
GetCommandLineA
ExitProcess
GetModuleHandleA
HeapReAlloc
SetFilePointer
GetConsoleMode
GetConsoleCP
GetFullPathNameW
MoveFileW
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
RaiseException
RtlUnwind
InterlockedExchange
InterlockedIncrement
ReadProcessMemory
FindResourceExW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OutputDebugStringW
CreateFileA
GetTickCount
GlobalUnlock
GlobalLock
GlobalAlloc
WriteFile
GetStdHandle
WideCharToMultiByte
GetCurrentThreadId
GetProcessHeap
HeapFree
GetLastError
GetProcAddress
GetModuleHandleW
HeapAlloc
QueryPerformanceCounter
GetVersionExW
GetEnvironmentVariableW
LoadLibraryW
CreateDirectoryW
WritePrivateProfileStringW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
lstrcmpiW
SetFileAttributesW
GetSystemInfo
ReadFile
CreateFileW
GetFileSize
GetFileAttributesW
GetTempPathW
MoveFileExW
DeleteFileW
CopyFileW
OpenProcess
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
MultiByteToWideChar
CreateThread
GetLocalTime
Sleep
GetExitCodeThread
TerminateThread
QueryPerformanceFrequency
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CloseHandle
GetPrivateProfileStringW
GetModuleFileNameW

user32

TrackPopupMenu
CreateMenu
CreatePopupMenu
CharNextW
DrawTextW
SetWindowTextW
GetDlgItem
SetDlgItemTextW
EndDialog
DialogBoxParamW
IsIconic
CallWindowProcW
OffsetRect
SetCursor
UpdateLayeredWindow
EndPaint
BeginPaint
WindowFromPoint
ScreenToClient
GetDlgItemTextW
SetFocus
GetKeyState
ReleaseDC
UnregisterClassA
SendMessageTimeoutW
GetDC
ClientToScreen
GetGUIThreadInfo
GetWindowThreadProcessId
MessageBoxW
GetWindowLongW
IsWindow
SetWindowLongW
ShowWindow
SendMessageW
MoveWindow
GetWindowRect
IsWindowVisible
DefWindowProcW
SetWindowPos
GetCursorPos
FindWindowW
PostMessageW
GetParent
BringWindowToTop
GetForegroundWindow
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
GetClipboardData
IsClipboardFormatAvailable
GetSystemMetrics
GetDesktopWindow
GetClassNameW
GetWindowTextW
FindWindowExW
GetFocus
CharLowerW
keybd_event
KillTimer
SetTimer
GetMonitorInfoW
EnumDisplayMonitors
SystemParametersInfoW
PtInRect
MonitorFromPoint
UnregisterHotKey
RegisterHotKey
ReleaseCapture
MessageBeep
GetAsyncKeyState
InvalidateRect
DestroyWindow
RegisterClassExW
LoadCursorW
CreateWindowExW
SetRect
SetDlgItemInt
GetDlgItemInt
GetCaretPos
FillRect
GetClientRect
DeleteMenu
DestroyMenu
SetMenuInfo
RemoveMenu
ModifyMenuW
InsertMenuW
EnableMenuItem
SetCapture

gdi32

GetObjectW
GetDIBits
CreateDCW
SetTextColor
CreateDIBSection
GetStockObject
CreateCompatibleDC
CreateFontIndirectW
SelectObject
DeleteObject
GetDeviceCaps
CreateBitmap
CreatePen
MoveToEx
LineTo
CreateSolidBrush
CreateFontW
ExcludeClipRect
DeleteDC
GetTextExtentPoint32W
SetBkMode
CreateICW
EnumFontsW
CreateCompatibleBitmap
BitBlt
GetTextExtentPointW

advapi32

InitializeAcl
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
AddAccessAllowedAce
AddAce
GetAce
EqualSid
GetAclInformation
GetLengthSid
GetSecurityDescriptorDacl
LookupAccountNameW
RegCloseKey
LookupAccountSidW
GetTokenInformation
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetNamedSecurityInfoW
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
InitializeSecurityDescriptor

shell32

SHAppBarMessage
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoCreateInstance
CoUninitialize
CLSIDFromString
CreateStreamOnHGlobal
CoInitialize

oleaut32

GetErrorInfo
SysAllocString
SysFreeString

gdiplus

GdipCreateFont
GdipCreateBitmapFromScan0
GdipFillRectangleI
GdipSetImageAttributesColorMatrix
GdipGetGenericFontFamilySansSerif
GdipCloneImage
GdipCloneBitmapAreaI
GdipCreateBitmapFromStream
GdipGetImageRawFormat
GdipDisposeImage
GdipFillPath
GdipDrawPath
GdipDrawLineI
GdipSetImageAttributesColorKeys
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipDeletePen
GdipCreatePen1
GdipCreateImageAttributes
GdipAddPathArcI
GdipAddPathLineI
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImageAttributes
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipCloneBrush
GdipBitmapLockBits
GdipDrawImageRectRectI
GdipDrawString
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateSolidFill
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipAlloc
GdipFree
GdipDeleteBrush
GdipGetLogFontW
GdipDeleteFontFamily
GdipDeletePath
GdipCreatePath
GdiplusStartup
GdiplusShutdown
GdipBitmapUnlockBits

psapi

GetModuleFileNameExW

dbghelp

StackWalk64
SymFunctionTableAccess64
SymGetModuleBase64
EnumerateLoadedModules64
SymInitialize

Exports

Exports

CandWndProc
CompWndProc
ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME
StatusWndProc
UIWndProc

Sections

.text
Size: 1.8MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 300KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 180KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 724KB - Virtual size: 721KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44c9964f0f43aa25542f7a2ea5bee825

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

5b:32:d2:7a:2e:b6:b4:cf:47:4f:83:97:38:12:9c:46Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

17:7b:68:fb:e4:74:c7:69:f8:4e:87:90:2a:7a:f2:85Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

84:0a:d6:bd:0d:28:e5:21:0a:36:e0:b5:e6:40:cd:b3:fa:4b:7a:c3:6f:dc:f0:bd:3e:d2:21:2e:b7:e3:d5:93Signer

a3:79:c1:36:59:ad:df:71:91:85:54:ad:5f:4a:18:b0:f1:91:81:aeSigner

Headers

File Characteristics

PDB Paths

Imports

imm32

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

gdiplus

psapi

dbghelp

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.7MB

.rdata Size: 300KB - Virtual size: 297KB

.data Size: 180KB - Virtual size: 206KB

.rsrc Size: 724KB - Virtual size: 721KB

.reloc Size: 92KB - Virtual size: 91KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

5b:32:d2:7a:2e:b6:b4:cf:47:4f:83:97:38:12:9c:46
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

17:7b:68:fb:e4:74:c7:69:f8:4e:87:90:2a:7a:f2:85
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

84:0a:d6:bd:0d:28:e5:21:0a:36:e0:b5:e6:40:cd:b3:fa:4b:7a:c3:6f:dc:f0:bd:3e:d2:21:2e:b7:e3:d5:93
Signer

a3:79:c1:36:59:ad:df:71:91:85:54:ad:5f:4a:18:b0:f1:91:81:ae
Signer

.text
Size: 1.8MB - Virtual size: 1.7MB

.rdata
Size: 300KB - Virtual size: 297KB

.data
Size: 180KB - Virtual size: 206KB

.rsrc
Size: 724KB - Virtual size: 721KB

.reloc
Size: 92KB - Virtual size: 91KB