2abca3766a98f7e06611018e2f0cfd3c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2abca3766a98f7e06611018e2f0cfd3c_JaffaCakes118
Size

1.4MB
MD5

2abca3766a98f7e06611018e2f0cfd3c
SHA1

d50e057690949d6df99c6b806471dd19686c9774
SHA256

c0a2a6c989b72d9641d980d03e9ceec62545c7d4fa4f438a20ccb29bbfa0b9e9
SHA512

3e563b210d2e4caf8e5ce3b434faadbeb3dfaad68f2b5b299c5f037fbe11e8b81daaf85f012889b3ab8cca6a56640687ebdc131259382d497aef5619a9ce0d7a
SSDEEP

12288:dbDpauiJ6xzXBoDajvwfUSb2Jby36rrKpiGYWF2xHg3eYEKsbn2b3P+FZMm74odL:dbDsuia9girrKIGnF2x9YEKsbscfE6

Score

1^/10

Malware Config

Signatures

Files

2abca3766a98f7e06611018e2f0cfd3c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

54305f9258bb6abb275b442e43932bb3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4c:6d:7b:5e:a2:89:c2:74:42:64:34:e6:5b:41:7a:ba
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/02/2017, 00:00

Not After

19/03/2019, 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3d:c0:c1:2d:50:e6:bd:31:c1:66:38:47:51:1d:e4
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/02/2017, 00:00

Not After

14/03/2020, 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f6:76:de:e8:1f:f8:2b:94:da:5f:18:56:16:c9:9d:07:35:73:d0:ee:03:21:13:dd:c3:4b:67:b5:ba:91:45:2b
Signer

Actual PE Digest

f6:76:de:e8:1f:f8:2b:94:da:5f:18:56:16:c9:9d:07:35:73:d0:ee:03:21:13:dd:c3:4b:67:b5:ba:91:45:2b

Digest Algorithm

sha256

PE Digest Matches

true

bb:fe:6c:81:13:ba:06:65:ad:42:84:12:da:ce:15:07:e5:d4:26:f4
Signer

Actual PE Digest

bb:fe:6c:81:13:ba:06:65:ad:42:84:12:da:ce:15:07:e5:d4:26:f4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\liebao_src_pool\release.b57_stable_8002\src_import\build\Release\liebao_exe.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

advapi32

SetEntriesInAclW
GetTokenInformation
EqualSid
DuplicateTokenEx
RegCloseKey
RegCreateKeyExW
RegOpenKeyW
RegQueryValueExW
OpenProcessToken
DuplicateToken
CreateRestrictedToken
CreateWellKnownSid
CopySid
GetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetTokenInformation
SetKernelObjectSecurity
GetSecurityDescriptorSacl
GetLengthSid
GetKernelObjectSecurity
GetAce
ConvertStringSidToSidW
ConvertSidToStringSidW
SetThreadToken
CreateProcessAsUserW
RegDisablePredefinedCache
RevertToSelf
SystemFunction036
RegOpenKeyExW
LookupPrivilegeValueW

kernel32

GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentProcess
CreateProcessW
GetStartupInfoW
GetLocalTime
GetSystemInfo
GetTickCount
VirtualAlloc
VirtualFree
WriteProcessMemory
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
LoadLibraryExW
SetUnhandledExceptionFilter
WideCharToMultiByte
FlushInstructionCache
VirtualProtect
VirtualQuery
MultiByteToWideChar
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualProtectEx
WriteFile
GetCurrentProcessId
GetCurrentThreadId
LocalFree
FindFirstFileExW
GetVersionExW
GetNativeSystemInfo
ExpandEnvironmentStringsW
CreateEventW
IsDebuggerPresent
WaitForSingleObject
Sleep
CreateThread
RtlCaptureStackBackTrace
QueryPerformanceFrequency
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetUserDefaultLangID
RegisterWaitForSingleObject
UnregisterWaitEx
TerminateProcess
GetExitCodeProcess
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetModuleHandleExW
TlsSetValue
TlsAlloc
HeapSize
TlsFree
SetFilePointerEx
FlushFileBuffers
QueryDosDeviceW
ReadConsoleW
SetEvent
ResetEvent
SetInformationJobObject
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
VirtualQueryEx
HeapSetInformation
TerminateJobObject
GetUserDefaultLCID
VirtualAllocEx
GetThreadContext
AssignProcessToJobObject
GetFileType
SetHandleInformation
ProcessIdToSessionId
GetProcessHandleCount
SignalObjectAndWait
CreateMutexW
VirtualFreeEx
CreateJobObjectW
CreateNamedPipeW
CreateRemoteThread
ReadProcessMemory
SuspendThread
ResumeThread
DebugBreak
SearchPathW
LoadLibraryExA
GetStringTypeW
EncodePointer
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
OutputDebugStringW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
HeapFree
HeapReAlloc
HeapAlloc
SetLastError
GetLastError
RaiseException
DuplicateHandle
CloseHandle
DecodePointer
SetFilePointer
ReadFile
GetFileAttributesW
FindNextFileW
FindClose
CreateFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
GetCommandLineW
LoadLibraryW
lstrlenW
GetProcAddress
FreeLibrary
FreeEnvironmentStringsW
TlsGetValue
GetLongPathNameW
WriteConsoleW
EnumSystemLocalesW
RtlUnwind
ExitProcess
GetConsoleCP
GetConsoleMode
SetStdHandle
GetStdHandle
GetACP
IsValidLocale

shlwapi

SHGetValueW

psapi

GetMappedFileNameW

Exports

Exports

GetHandleVerifier
IsSandboxedProcess
base_cs_cmd

Sections

.text
Size: 408KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 154KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 640KB - Virtual size: 640KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54305f9258bb6abb275b442e43932bb3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4c:6d:7b:5e:a2:89:c2:74:42:64:34:e6:5b:41:7a:baCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

07:3d:c0:c1:2d:50:e6:bd:31:c1:66:38:47:51:1d:e4Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

f6:76:de:e8:1f:f8:2b:94:da:5f:18:56:16:c9:9d:07:35:73:d0:ee:03:21:13:dd:c3:4b:67:b5:ba:91:45:2bSigner

bb:fe:6c:81:13:ba:06:65:ad:42:84:12:da:ce:15:07:e5:d4:26:f4Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

advapi32

kernel32

shlwapi

psapi

Exports

Exports

Sections

.text Size: 408KB - Virtual size: 408KB

.rdata Size: 154KB - Virtual size: 154KB

.data Size: 154KB - Virtual size: 165KB

.gfids Size: 1024B - Virtual size: 964B

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 640KB - Virtual size: 640KB

.reloc Size: 19KB - Virtual size: 19KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4c:6d:7b:5e:a2:89:c2:74:42:64:34:e6:5b:41:7a:ba
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

07:3d:c0:c1:2d:50:e6:bd:31:c1:66:38:47:51:1d:e4
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

f6:76:de:e8:1f:f8:2b:94:da:5f:18:56:16:c9:9d:07:35:73:d0:ee:03:21:13:dd:c3:4b:67:b5:ba:91:45:2b
Signer

bb:fe:6c:81:13:ba:06:65:ad:42:84:12:da:ce:15:07:e5:d4:26:f4
Signer

.text
Size: 408KB - Virtual size: 408KB

.rdata
Size: 154KB - Virtual size: 154KB

.data
Size: 154KB - Virtual size: 165KB

.gfids
Size: 1024B - Virtual size: 964B

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 640KB - Virtual size: 640KB

.reloc
Size: 19KB - Virtual size: 19KB