2507bb356502df09474bfe3c2a8f8e1c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2507bb356502df09474bfe3c2a8f8e1c_JaffaCakes118
Size

1.1MB
MD5

2507bb356502df09474bfe3c2a8f8e1c
SHA1

e9dd2dc6426ea1df2a6652d3b324b7529a20e97c
SHA256

054f39c569885307ad5f0e6d30cc6e6ec38ed5e3f5edfbec6dc4ca6e198bd9ec
SHA512

b29486cd827f0cea5498a08d7d53b76901ac9386ab7aabe32f6ef9107d4a5d15e9bef49821e9d02c337714bfdf538529eb41db969b8cbed91ff4ad6d5796e732
SSDEEP

12288:Gkud1aBisq6gmJ1y0AFs5rrmIlw0xulI+kiyqPWz9kNBvQ4/UWY46sCXroyhOmUR:gi9rvPslhM9UQJTnXro2OR4rmUE

Score

1^/10

Malware Config

Signatures

Files

2507bb356502df09474bfe3c2a8f8e1c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bcb60789f2ba98ff1284b8f88b1619ac

Code Sign

62:8d:42:d9:9b:0e:99:6f:0a:dc:5a:ad:72:b2:0e:5e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09/08/2013, 00:00

Not After

08/08/2016, 23:59

Subject

CN=JiranJikyosoft co.\, ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Management Dept.,O=JiranJikyosoft co.\, ltd.,L=Gangnam Gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cf:3b:30:4a:a0:f4:33:80:58:e9:7a:c6:8c:5a:96:ee:82:81:8b:4c
Signer

Actual PE Digest

cf:3b:30:4a:a0:f4:33:80:58:e9:7a:c6:8c:5a:96:ee:82:81:8b:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\jiran_psy\jiran_project\officekeeper_project\[00]agent\ofk3.0\officekeeper\[release]\jssvcmon.pdb

Imports

psapi

GetModuleFileNameExW
GetMappedFileNameW
EnumProcesses
EnumProcessModules
GetModuleBaseNameW

wininet

FtpFindFirstFileW
GopherCreateLocatorW
FtpCommandW
FtpOpenFileW
GopherGetAttributeW
HttpSendRequestExW
HttpEndRequestW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
GopherFindFirstFileW
InternetFindNextFileW
GopherOpenFileW
HttpAddRequestHeadersW
InternetErrorDlg
FtpGetFileW
FtpPutFileW
FtpGetCurrentDirectoryW
FtpSetCurrentDirectoryW
FtpRemoveDirectoryW
FtpCreateDirectoryW
InternetCanonicalizeUrlW
InternetQueryOptionW
InternetSetOptionExW
InternetSetCookieW
FtpRenameFileW
FtpDeleteFileW
InternetOpenUrlW
HttpQueryInfoW
InternetSetOptionW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetQueryDataAvailable
InternetReadFile
InternetCloseHandle
InternetGetCookieW
InternetCrackUrlW

userenv

CreateEnvironmentBlock

kernel32

GetExitCodeThread
GetCurrentDirectoryW
GetCurrentDirectoryA
InterlockedExchange
FormatMessageA
ExitThread
DuplicateHandle
DeviceIoControl
CreateThread
CreateSemaphoreA
CreateProcessA
CreatePipe
CreateMutexW
CreateMutexA
CreateFileMappingA
CreateFileA
CreateEventW
CreateEventA
MulDiv
FormatMessageW
GlobalUnlock
GlobalLock
GlobalSize
FindNextFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
MoveFileW
GetStringTypeExW
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationW
GetFullPathNameW
GetShortPathNameW
GlobalGetAtomNameW
GetAtomNameW
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetVersionExA
GetFileAttributesA
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
FreeResource
GlobalFlags
SetErrorMode
LocalFileTimeToFileTime
SetFileTime
GetFileTime
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetPrivateProfileIntW
WritePrivateProfileStringW
GetStartupInfoW
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapReAlloc
RemoveDirectoryW
GetSystemInfo
HeapSize
SetStdHandle
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
FatalAppExitA
SetConsoleCtrlHandler
LCMapStringA
LCMapStringW
SetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetDriveTypeA
GetFullPathNameA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
GetSystemDirectoryA
GetThreadContext
LoadLibraryA
LoadLibraryExA
OpenEventA
OpenEventW
OpenFileMappingA
OpenFileMappingW
OpenMutexA
OpenMutexW
ReadFile
ReadProcessMemory
ReleaseMutex
ReleaseSemaphore
SetEvent
SetLastError
SetThreadPriority
VirtualProtect
VirtualProtectEx
VirtualQueryEx
WaitForMultipleObjects
WriteProcessMemory
lstrcatW
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpyW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GetStdHandle
RtlUnwind
UnhandledExceptionFilter
ExitProcess
GetCommandLineA
GetLocaleInfoA
GetStartupInfoA
GetThreadLocale
GetVersion
LocalAlloc
VirtualAlloc
VirtualFree
WaitForSingleObject
GetDriveTypeW
GlobalAlloc
GlobalFree
GetProcessHeap
HeapFree
HeapAlloc
LocalFree
GetFileAttributesW
FindFirstFileW
FindClose
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
GetNativeSystemInfo
GetLogicalDriveStringsW
QueryDosDeviceW
lstrlenA
VirtualQuery
IsWow64Process
GetSystemDirectoryW
GetWindowsDirectoryW
CreateDirectoryW
GetPrivateProfileStringW
GetComputerNameW
CreateProcessW
CreateFileW
WriteFile
WideCharToMultiByte
SetFileAttributesW
CopyFileW
DeleteFileW
LeaveCriticalSection
EnterCriticalSection
GetCommandLineW
GetCurrentThreadId
GetModuleHandleW
LoadLibraryExW
MultiByteToWideChar
InterlockedIncrement
GetCurrentThread
lstrlenW
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetModuleFileNameW
GetCurrentProcess
GetTickCount
TerminateThread
lstrcmpiW
GetLastError
Sleep
ResumeThread
SuspendThread
OutputDebugStringW
CreateToolhelp32Snapshot
GetCurrentProcessId
Process32FirstW
GetExitCodeProcess
TerminateProcess
Process32NextW
OpenProcess
CloseHandle
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
LoadLibraryW
GetProcAddress
ProcessIdToSessionId
FreeLibrary
lstrcmpW

user32

InflateRect
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
UnregisterClassW
ClientToScreen
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetMenuItemInfoW
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
SetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
LoadCursorW
GetDC
GetSysColor
GetSysColorBrush
GetWindowThreadProcessId
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
MessageBoxW
GetDesktopWindow
EnableWindow
SetTimer
KillTimer
WaitMessage
PostMessageW
UnhookWindowsHookEx
CharUpperW
GetWindowTextLengthW
GetWindowTextW
SetWindowsHookExW
CallNextHookEx
GetActiveWindow
IsWindowVisible
DestroyMenu
SystemParametersInfoW
PostQuitMessage
SetCursor
ShowOwnedPopups
DeleteMenu
DestroyIcon
EndDialog
GetNextDlgTabItem
CreateDialogIndirectParamW
GetDialogBaseUnits
GetClientRect
SendMessageW
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
CloseDesktop
DispatchMessageA
GetThreadDesktop
GetUserObjectInformationA
MsgWaitForMultipleObjects
OpenInputDesktop
PeekMessageA
TranslateMessage
MessageBoxA
GetKeyboardType
GetMessageW
DispatchMessageW
PostThreadMessageW
LoadStringW
CharNextW
GetSystemMetrics
ReleaseDC
UnregisterClassA

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
GetTextMetricsW
DPtoLP
PatBlt
GetMapMode
CombineRgn
SetRectRgn
CreateRectRgnIndirect
GetTextExtentPoint32W
CreateFontIndirectW
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
GetStockObject
CreateCompatibleDC
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
SetViewportOrgEx
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
GetDeviceCaps
CopyMetaFileW
CreateDCW
CreateBitmap
GetDCOrgEx
GetClipBox
SetTextColor
SetBkColor
GetObjectW
DeleteObject
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetGraphicsMode
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
StartDocW
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
ScaleWindowExtEx

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

GetTokenInformation
RegCreateKeyW
RegQueryValueW
RegOpenKeyW
RegSetValueW
GetKernelObjectSecurity
LookupPrivilegeValueA
RegEnumKeyW
RegSetValueExA
SetSecurityDescriptorDacl
RegOpenKeyExA
RegQueryValueExA
ConvertSidToStringSidW
RegFlushKey
ImpersonateLoggedOnUser
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCreateKeyExW
OpenThreadToken
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
ControlService
DeleteService
CreateServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
LookupPrivilegeValueW
DuplicateTokenEx
SetTokenInformation
AdjustTokenPrivileges
CreateProcessAsUserW
OpenProcessToken
LookupAccountSidW

shell32

ShellExecuteExW
SHGetFileInfoW
ExtractIconW
SHGetSpecialFolderPathW

shlwapi

StrStrIA
UrlUnescapeW
PathFindFileNameW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathRemoveExtensionW

ole32

CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoUninitialize
CoInitialize
CoInitializeSecurity
CoInitializeEx
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
CreateBindCtx
ReleaseStgMedium
StringFromCLSID
CoTreatAsClass
OleDuplicateData
CLSIDFromString
CoDisconnectObject

oleaut32

SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysReAllocStringLen
CreateErrorInfo
SetErrorInfo
VariantInit
VariantChangeType
GetErrorInfo
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
LoadRegTypeLi
VariantClear
VarUI4FromStr
RegisterTypeLi
SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
VarDateFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate
UnRegisterTypeLi

ws2_32

WSAEventSelect
WSACreateEvent
closesocket
setsockopt
socket
gethostbyname
inet_addr
WSAStartup
WSACleanup
inet_ntoa
gethostname
recv
WSACloseEvent
WSAAsyncSelect
recvfrom
sendto
WSASetLastError
getpeername
getsockname
bind
select
accept
htonl
ntohs
WSAEnumNetworkEvents
htons
connect
WSAGetLastError
send
WSAWaitForMultipleEvents

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

iphlpapi

GetAdaptersAddresses
GetBestInterface
GetAdaptersInfo

Sections

.text
Size: 496KB - Virtual size: 495KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bcb60789f2ba98ff1284b8f88b1619ac

Code Sign

62:8d:42:d9:9b:0e:99:6f:0a:dc:5a:ad:72:b2:0e:5eCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

cf:3b:30:4a:a0:f4:33:80:58:e9:7a:c6:8c:5a:96:ee:82:81:8b:4cSigner

Headers

File Characteristics

PDB Paths

Imports

psapi

wininet

userenv

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

ws2_32

wtsapi32

iphlpapi

Sections

.text Size: 496KB - Virtual size: 495KB

CODE Size: 136KB - Virtual size: 132KB

.rdata Size: 124KB - Virtual size: 122KB

.data Size: 12KB - Virtual size: 27KB

DATA Size: 8KB - Virtual size: 5KB

BSS Size: 4KB - Virtual size: 1KB

.rsrc Size: 340KB - Virtual size: 339KB

62:8d:42:d9:9b:0e:99:6f:0a:dc:5a:ad:72:b2:0e:5e
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

cf:3b:30:4a:a0:f4:33:80:58:e9:7a:c6:8c:5a:96:ee:82:81:8b:4c
Signer

.text
Size: 496KB - Virtual size: 495KB

CODE
Size: 136KB - Virtual size: 132KB

.rdata
Size: 124KB - Virtual size: 122KB

.data
Size: 12KB - Virtual size: 27KB

DATA
Size: 8KB - Virtual size: 5KB

BSS
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 340KB - Virtual size: 339KB