23ef3aafb00b9ff1526387a716ca949b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

23ef3aafb00b9ff1526387a716ca949b_JaffaCakes118
Size

1.3MB
MD5

23ef3aafb00b9ff1526387a716ca949b
SHA1

1ad4e1fc8489c635368aa0e67734f0a1e67d9235
SHA256

d2246f818a87375f4574e7fe0170a29a23297060e7694b8ea5ede57a339b0838
SHA512

24c794a05cd5732b5431cd0dd3ad5a16fbcc6bb5b349ef00c278d48be8ae145a2d4944fd94c9798aa7cefae5c06d961f7f9781b10728a6de5b7a2870470358c0
SSDEEP

24576:w6NlJ1dh9vdTlGaBolu1BqY5mPd8PCdgPbPDpQX5L5G7a:pZJdBGad1cY5ZPCdApQX59z

Score

1^/10

Malware Config

Signatures

Files

23ef3aafb00b9ff1526387a716ca949b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

83cf1e7663f8448e57a5ea8d8e3eb985

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

34:8a:4d:46:c9:a1:a9:ed:c2:b4:81:84:65:a6:6b:ed
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/05/2014, 00:00

Not After

21/06/2016, 23:59

Subject

CN=TAOBAO (CHINA) SOFTWARE CO.\,LTD.,OU=RDC,O=TAOBAO (CHINA) SOFTWARE CO.\,LTD.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

df:ca:76:38:a0:21:ed:a8:b7:37:b9:f3:10:28:30:96:f1:58:aa:31
Signer

Actual PE Digest

df:ca:76:38:a0:21:ed:a8:b7:37:b9:f3:10:28:30:96:f1:58:aa:31

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\webapps\b\build\slave\repo\build\src\out\Release\UCAgent.exe.pdb

Imports

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

ws2_32

socket
WSAGetLastError
recv
send
closesocket
connect
getpeername
getsockname
getsockopt
WSACleanup
WSAStartup
bind
select
htons
ntohs
setsockopt
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
WSASetLastError
__WSAFDIsSet
freeaddrinfo
getaddrinfo

psapi

GetModuleFileNameExW

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime

shlwapi

SHStrDupW
PathRemoveFileSpecW

advapi32

RegCreateKeyExW
SystemFunction036
GetTokenInformation
RegCloseKey
CreateProcessAsUserW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW

kernel32

RtlUnwind
ExitThread
FileTimeToLocalFileTime
GetCPInfo
UnhandledExceptionFilter
GetStartupInfoW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
GetTimeZoneInformation
WriteConsoleW
ReadConsoleW
DecodePointer
RaiseException
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
SizeofResource
lstrcmpiW
FindResourceW
MultiByteToWideChar
Sleep
GetCurrentProcessId
CreateEventW
RtlCaptureContext
SetUnhandledExceptionFilter
SetErrorMode
CloseHandle
GetCurrentProcess
WTSGetActiveConsoleSessionId
GetPrivateProfileIntW
LoadLibraryW
FreeResource
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
FlushInstructionCache
CreateFileW
ReadFile
WriteFile
WaitNamedPipeW
TerminateProcess
OpenThread
ResumeThread
OpenProcess
MulDiv
lstrcmpW
VirtualAllocEx
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
CreateDirectoryW
GetFileAttributesW
ReplaceFileW
GetTempPathW
GetCurrentDirectoryW
MoveFileW
SetCurrentDirectoryW
RemoveDirectoryW
GetFileAttributesExW
DeleteFileW
GetVolumeInformationW
GetExitCodeProcess
DuplicateHandle
CreateProcessW
SetHandleInformation
AssignProcessToJobObject
GetStdHandle
WideCharToMultiByte
GetNativeSystemInfo
GetVersionExW
CreateMutexW
SetFilePointer
GetTickCount
FormatMessageA
OutputDebugStringA
ReleaseMutex
GetCommandLineW
LocalFree
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
QueryPerformanceCounter
GetSystemTimeAsFileTime
FileTimeToSystemTime
QueryPerformanceFrequency
GetHandleInformation
IsDebuggerPresent
ExpandEnvironmentStringsW
GetModuleHandleExA
FindFirstFileW
FindFirstFileExW
FindClose
FindNextFileW
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
GetFileInformationByHandle
GetSystemDirectoryW
GetWindowsDirectoryW
GetCurrentThread
CreateThread
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
SetEvent
WaitForMultipleObjects
SetEnvironmentVariableA
SetEnvironmentVariableW
GetModuleHandleExW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetDriveTypeW
GetVolumePathNamesForVolumeNameW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
DeviceIoControl
CreateFileA
FormatMessageW
InitializeCriticalSection
SleepEx
GetFileType
PeekNamedPipe
GetConsoleMode
GetConsoleCP
SetStdHandle
GetFullPathNameW
AreFileApisANSI
ExitProcess
GetStringTypeW
EncodePointer
LoadLibraryExA
OutputDebugStringW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualAlloc
WaitForSingleObject
VirtualFree
GetEnvironmentVariableW

gdi32

GetObjectW
SetBkMode
GetStockObject
GetDeviceCaps
CreateRoundRectRgn
CreateCompatibleBitmap
BitBlt
CreateDIBSection
CreateSolidBrush
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC

ole32

CLSIDFromProgID
StringFromGUID2
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CLSIDFromString
OleUninitialize
OleLockRunning
PropVariantClear
CoInitializeSecurity
CoSetProxyBlanket
CoInitialize
CoGetClassObject
CreateStreamOnHGlobal
CoTaskMemRealloc
CoInitializeEx
CoUninitialize
CoTaskMemFree

oleaut32

SysAllocString
OleCreateFontIndirect
DispCallFunc
LoadRegTypeLi
SysFreeString
VarUI4FromStr
SysAllocStringLen
SysStringLen
VariantInit
VariantClear
LoadTypeLi

user32

GetClassNameA
SetWindowRgn
UnregisterClassW
DestroyWindow
CharNextW
SendMessageTimeoutW
GetWindowThreadProcessId
RegisterWindowMessageW
PostMessageW
IsWindow
CopyRect
FindWindowExW
DefWindowProcW
CallWindowProcW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
UpdateLayeredWindow
GetActiveWindow
GetWindowDC
ReleaseDC
GetClientRect
GetWindowRect
GetWindowLongW
SetWindowLongW
LoadCursorW
SystemParametersInfoW
ShowWindow
IsWindowVisible
GetDC
GetCursorPos
FillRect
SetRect
SendMessageW
IsChild
MoveWindow
SetWindowPos
GetDlgItem
SetFocus
GetFocus
SetCapture
ReleaseCapture
CreateAcceleratorTableW
DestroyAcceleratorTable
UpdateWindow
BeginPaint
EndPaint
SetTimer
InvalidateRect
InvalidateRgn
RedrawWindow
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
ClientToScreen
ScreenToClient
GetSysColor
GetDesktopWindow
GetParent
GetClassNameW
GetWindow
DispatchMessageW
MsgWaitForMultipleObjectsEx
PeekMessageW
CallMsgFilterW
TranslateMessage
GetQueueStatus
WaitMessage
KillTimer
PostQuitMessage

comctl32

_TrackMouseEvent

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 625KB - Virtual size: 624KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 576KB - Virtual size: 575KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83cf1e7663f8448e57a5ea8d8e3eb985

Code Sign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4cCertificate

Extended Key Usages

Key Usages

34:8a:4d:46:c9:a1:a9:ed:c2:b4:81:84:65:a6:6b:edCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

df:ca:76:38:a0:21:ed:a8:b7:37:b9:f3:10:28:30:96:f1:58:aa:31Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

userenv

wtsapi32

ws2_32

psapi

winmm

shlwapi

advapi32

kernel32

gdi32

ole32

oleaut32

user32

comctl32

Exports

Exports

Sections

.text Size: 625KB - Virtual size: 624KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 8KB - Virtual size: 25KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 576KB - Virtual size: 575KB

.reloc Size: 24KB - Virtual size: 23KB

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

34:8a:4d:46:c9:a1:a9:ed:c2:b4:81:84:65:a6:6b:ed
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

df:ca:76:38:a0:21:ed:a8:b7:37:b9:f3:10:28:30:96:f1:58:aa:31
Signer

.text
Size: 625KB - Virtual size: 624KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 8KB - Virtual size: 25KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 576KB - Virtual size: 575KB

.reloc
Size: 24KB - Virtual size: 23KB