2b2f8dacc77fe1d5f08d732d8e2381ff_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b2f8dacc77fe1d5f08d732d8e2381ff_JaffaCakes118
Size

912KB
MD5

2b2f8dacc77fe1d5f08d732d8e2381ff
SHA1

7b8ceb31ab178674d4ba9fd1644c0a048dd67536
SHA256

a59637ace52fe78006048a50b8995cafdfe85f2d83cf1bdc31f4d17118f267b9
SHA512

758b3a0c07ed57e3358daeba2f2fdca9932ab0ae59fb0df03ee65181864c4ed4e579fd892dbb6ca893d4df96729d210d1ea44a420d03c5c6165f5f560df1a148
SSDEEP

24576:EkQU4omfEeyn/KwWJwHdxxuV7Li7P1Ho/n7:EkyZcxsV7WP1sn7

Score

1^/10

Malware Config

Signatures

Files

2b2f8dacc77fe1d5f08d732d8e2381ff_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6709267dde36969e27627bb0a666e3bd

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:5e:ea:2a:41:de:1b:0f:f5:3a:c5:b1:4a:e5:bb:1b
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

18/01/2017, 00:00

Not After

18/03/2020, 23:59

Subject

CN=厦门美图网科技有限公司,O=厦门美图网科技有限公司,L=厦门,ST=福建,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3f:58:0b:35:45:18:a1:a5:54:0e:38:61:c8:35:30:a6:e0:6b:ad:10
Signer

Actual PE Digest

3f:58:0b:35:45:18:a1:a5:54:0e:38:61:c8:35:30:a6:e0:6b:ad:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\MTXXDownLoad\MTDownLoad\MTDL\MTDownLoad.pdb

Imports

kernel32

LoadResource
SizeofResource
LockResource
GetFileSize
CreateDirectoryW
GlobalLock
WriteFile
GlobalAlloc
GetModuleFileNameW
CreateFileW
GlobalUnlock
CloseHandle
DeleteFileW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
LoadLibraryW
GetLastError
CreateSemaphoreW
WideCharToMultiByte
MultiByteToWideChar
AreFileApisANSI
SetFilePointer
SetEndOfFile
HeapAlloc
HeapFree
SetEvent
GetProcessHeap
InitializeCriticalSection
SetEnvironmentVariableA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
WaitForMultipleObjects
SetThreadPriority
TerminateThread
WaitForSingleObject
DeleteCriticalSection
CreateEventW
ResetEvent
GlobalFree
EnterCriticalSection
GetFileAttributesW
LeaveCriticalSection
GetVersionExW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetACP
GetCurrentDirectoryW
GetProcAddress
GetModuleHandleW
GetTickCount
ReadFile
FreeLibrary
DosDateTimeToFileTime
SystemTimeToFileTime
GetCurrentProcess
GetFileType
DuplicateHandle
MulDiv
lstrlenW
InterlockedIncrement
InterlockedDecrement
SetLastError
LocalFree
FormatMessageW
GetCurrentThreadId
GetCurrentProcessId
lstrcmpW
InterlockedExchange
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GlobalDeleteAtom
SetErrorMode
LocalAlloc
lstrlenA
GetVersionExA
LoadLibraryA
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
FindResourceW
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetModuleHandleA
GlobalFlags
FlushFileBuffers
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetStartupInfoW
HeapReAlloc
Sleep
ExitProcess
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
HeapSize
SetStdHandle
GetCPInfo
GetOEMCP
IsValidCodePage
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
GetConsoleCP
GetConsoleMode
HeapCreate
VirtualFree
VirtualAlloc
GetTimeZoneInformation
LCMapStringW
GetTimeFormatA
GetDateFormatA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW

user32

CharNextW
IntersectRect
FillRect
CreateCaret
ShowCaret
HideCaret
SetCaretPos
ClientToScreen
GetSysColor
DrawTextW
SetRect
CharPrevW
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
InvalidateRgn
CreateAcceleratorTableW
MoveWindow
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
UnhookWindowsHookEx
ValidateRect
PeekMessageW
IsWindowVisible
GetActiveWindow
CallNextHookEx
SetWindowsHookExW
GetLastActivePopup
GetWindowThreadProcessId
GetWindowPlacement
SystemParametersInfoA
CopyRect
GetDlgCtrlID
GetClassInfoW
SetMenu
GetMessagePos
GetMessageTime
GetTopWindow
GetDlgItem
GetForegroundWindow
RemovePropW
GetClassNameW
GetClassLongW
GetCapture
WinHelpW
RegisterWindowMessageW
CheckMenuItem
EnableMenuItem
ModifyMenuW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EndPaint
PtInRect
GetSysColorBrush
TabbedTextOutW
DrawTextExW
GrayStringW
DestroyMenu
InflateRect
OffsetRect
GetMenu
AdjustWindowRectEx
GetPropW
SetPropW
CallWindowProcW
RegisterClassExW
GetClassInfoExW
RegisterClassW
GetSystemMetrics
SystemParametersInfoW
GetParent
DispatchMessageW
TranslateMessage
SetFocus
GetMessageW
IsWindow
CreateWindowExW
DefWindowProcW
wsprintfW
SetWindowPos
SetWindowLongW
IsWindowEnabled
SetWindowRgn
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
IsZoomed
GetClientRect
ScreenToClient
SendMessageW
SetClassLongW
GetWindowLongW
LoadIconW
PostQuitMessage
MessageBoxW
ShowWindow
FindWindowW
SetForegroundWindow
IsIconic
GetWindow
GetDesktopWindow
EnableWindow
PostMessageW
BeginPaint
GetKeyState
GetDC
ReleaseDC
DestroyWindow
ReleaseCapture
SetCapture
KillTimer
SetTimer
GetFocus
GetCursorPos
MapWindowPoints
IsRectEmpty
GetUpdateRect
InvalidateRect
SetCursor
wvsprintfW
LoadCursorW

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyW
RegQueryValueW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW

ole32

CoInitialize
OleUninitialize
OleInitialize
CoUninitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
OleLockRunning

comctl32

_TrackMouseEvent
ord17

shlwapi

UrlUnescapeW
PathFindExtensionW
PathAddBackslashW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW

winmm

timeGetTime

gdiplus

GdipImageSelectActiveFrame
GdipDrawImageI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdiplusStartup
GdipLoadImageFromFile
GdipDrawString
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushI
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipFree
GdipAlloc
GdipCreateFontFromDC
GdiplusShutdown
GdipDisposeImage
GdipCloneImage
GdipImageGetFrameDimensionsCount
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipCreateStringFormat

wininet

HttpAddRequestHeadersW
InternetSetStatusCallbackW
InternetSetOptionW
HttpSendRequestW
InternetConnectW
InternetReadFileExA
InternetQueryOptionW
InternetOpenW
InternetGetLastResponseInfoW
InternetCanonicalizeUrlW
HttpOpenRequestW
InternetCrackUrlW
HttpQueryInfoW
InternetCloseHandle
InternetErrorDlg

d3d9

Direct3DCreate9

oleacc

LresultFromObject
CreateStdAccessibleObject

gdi32

PtInRegion
SetPixel
GetDeviceCaps
SelectClipRgn
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
CreateDIBSection
StretchBlt
SetStretchBltMode
SetBkColor
ExtTextOutW
MoveToEx
CreateRoundRectRgn
RoundRect
SetBkMode
SetTextColor
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
GetObjectA
CreateBitmap
SetMapMode
CombineRgn
GetPixel
CreateRectRgn
CreateSolidBrush
PtVisible
RectVisible
Escape
SetViewportOrgEx
OffsetViewportOrgEx
GetTextMetricsW
SetWindowOrgEx
Rectangle
RestoreDC
BitBlt
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SaveDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
CreatePen
CreateFontIndirectW
GetStockObject
GetObjectW
DeleteObject
LineTo

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

oleaut32

VariantChangeType
VariantClear
VariantInit
SysAllocString
SysFreeString

Sections

.text
Size: 584KB - Virtual size: 584KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6709267dde36969e27627bb0a666e3bd

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

4d:5e:ea:2a:41:de:1b:0f:f5:3a:c5:b1:4a:e5:bb:1bCertificate

Extended Key Usages

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

3f:58:0b:35:45:18:a1:a5:54:0e:38:61:c8:35:30:a6:e0:6b:ad:10Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

comctl32

shlwapi

winmm

gdiplus

wininet

d3d9

oleacc

gdi32

winspool.drv

oleaut32

Sections

.text Size: 584KB - Virtual size: 584KB

.rdata Size: 122KB - Virtual size: 121KB

.data Size: 14KB - Virtual size: 43KB

.rsrc Size: 124KB - Virtual size: 123KB

.reloc Size: 59KB - Virtual size: 58KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

4d:5e:ea:2a:41:de:1b:0f:f5:3a:c5:b1:4a:e5:bb:1b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

3f:58:0b:35:45:18:a1:a5:54:0e:38:61:c8:35:30:a6:e0:6b:ad:10
Signer

.text
Size: 584KB - Virtual size: 584KB

.rdata
Size: 122KB - Virtual size: 121KB

.data
Size: 14KB - Virtual size: 43KB

.rsrc
Size: 124KB - Virtual size: 123KB

.reloc
Size: 59KB - Virtual size: 58KB