39c1f400b5ce88d66565db0643998060_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

39c1f400b5ce88d66565db0643998060_JaffaCakes118
Size

1.1MB
MD5

39c1f400b5ce88d66565db0643998060
SHA1

ce0811e6ede51804763db8077a2c5eaa42801def
SHA256

ca88ba94f37bdfc3c00b3a7e643613396818adef263f22de77666bc91ea45bd8
SHA512

d17fdafdf3c16130244e19afd6c5f3e1e0b6452ebe97c0e7c9bdf67439b0d0b1e01585dc1efacd06248afc65fd3cc624700961dc74aae0256f53f06d0f1bc543
SSDEEP

24576:TPBloov9ya6ZoMZxV8EhgAzvWge35PVUesI4GSN:Vh9x6ZZ58M7JyyesI4GSN

Score

1^/10

Malware Config

Signatures

Files

39c1f400b5ce88d66565db0643998060_JaffaCakes118
.dll windows:5 windows x86 arch:x86

472a67b849a2344eb47727957a049fa4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

34:8a:4d:46:c9:a1:a9:ed:c2:b4:81:84:65:a6:6b:ed
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/05/2014, 00:00

Not After

21/06/2016, 23:59

Subject

CN=TAOBAO (CHINA) SOFTWARE CO.\,LTD.,OU=RDC,O=TAOBAO (CHINA) SOFTWARE CO.\,LTD.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e8:df:2f:97:80:89:d6:32:5b:c7:54:d8:ce:8c:75:0e:8b:31:11:00
Signer

Actual PE Digest

e8:df:2f:97:80:89:d6:32:5b:c7:54:d8:ce:8c:75:0e:8b:31:11:00

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\webapps\b\build\slave\repo\build\src\out\Release\updater.dll.pdb

Imports

rpcrt4

UuidCreate

imm32

ImmDisableIME

wininet

InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetQueryOptionW
InternetOpenW

ws2_32

WSASetLastError
setsockopt
ntohs
getaddrinfo
getsockopt
getsockname
getpeername
connect
bind
send
freeaddrinfo
WSAGetLastError
socket
closesocket
WSACleanup
WSAStartup
__WSAFDIsSet
select
accept
listen
recvfrom
sendto
ioctlsocket
gethostname
htons
recv

winmm

timeGetTime

shlwapi

PathCanonicalizeW
PathAppendW
PathIsDirectoryW
PathFindFileNameW
PathCommonPrefixW
PathFileExistsW
PathRemoveFileSpecW

advapi32

AddAce
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
CheckTokenMembership
SetSecurityInfo
GetSecurityInfo
SetEntriesInAclW
FreeSid
AllocateAndInitializeSid
CopySid
SystemFunction036
RegQueryValueExW
CreateProcessAsUserW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetUserNameW
IsValidSid
InitializeAcl
GetTokenInformation
GetLengthSid
GetAclInformation
GetAce
EqualSid
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW

kernel32

RtlUnwind
IsProcessorFeaturePresent
ExitProcess
AreFileApisANSI
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
GetCommandLineA
GetFullPathNameW
SetStdHandle
GetConsoleCP
GetConsoleMode
GetCPInfo
UnhandledExceptionFilter
GetStartupInfoW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
GetTimeZoneInformation
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FlushFileBuffers
GetFileAttributesW
GetFileSize
GetFileSizeEx
GetTempFileNameW
ReadFile
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFilePointerEx
WriteFile
GetTempPathW
DecodePointer
CloseHandle
RaiseException
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
GetExitCodeThread
SuspendThread
ResumeThread
FindResourceExW
GetModuleFileNameW
LoadResource
LockResource
SizeofResource
LocalFree
FindResourceW
CopyFileW
MoveFileExW
MultiByteToWideChar
FindNextFileW
GetCommandLineW
SetEvent
WaitForSingleObject
CreateEventW
OpenEventW
GetLocalTime
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LocalAlloc
lstrcmpiW
GetPrivateProfileIntW
WritePrivateProfileStringW
FileTimeToLocalFileTime
SetFileTime
Sleep
CreateProcessW
GetSystemTimeAsFileTime
GetTickCount
LoadLibraryW
GetPrivateProfileStringW
FileTimeToSystemTime
SystemTimeToFileTime
GetACP
SetUnhandledExceptionFilter
GetCurrentProcessId
GetExitCodeProcess
ReleaseMutex
CreateMutexW
OpenMutexW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetLastError
GetCurrentProcess
GetCurrentThread
GetVersionExW
ResetEvent
SystemTimeToTzSpecificLocalTime
QueryPerformanceCounter
QueryPerformanceFrequency
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentDirectoryW
GetFileAttributesExW
GetVolumeInformationW
TerminateProcess
DuplicateHandle
SetHandleInformation
AssignProcessToJobObject
GetStdHandle
ExpandEnvironmentStringsW
GetFileInformationByHandle
GetHandleInformation
FindFirstFileExW
IsDebuggerPresent
GetNativeSystemInfo
CreateThread
GetModuleHandleExW
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
WaitForMultipleObjects
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetDriveTypeW
GetVolumePathNamesForVolumeNameW
DeviceIoControl
CreateFileA
SleepEx
FormatMessageW
GetFileType
PeekNamedPipe
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
ReadConsoleW
SetEnvironmentVariableA
ExitThread
lstrlenA
GetStringTypeW
EncodePointer
OutputDebugStringW
LoadLibraryExA
WideCharToMultiByte

ole32

CoInitializeSecurity
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
StringFromGUID2
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CLSIDFromString
OleRun
CoSetProxyBlanket

oleaut32

VarUI4FromStr
SysAllocString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VariantClear
VariantInit
VarUdateFromDate
VariantTimeToSystemTime
VarDateFromStr
SysFreeString
SystemTimeToVariantTime

user32

GetMessageW
CharUpperW
PostThreadMessageW
wsprintfW
GetActiveWindow
TranslateMessage
DispatchMessageW
PeekMessageW
CharNextW
MsgWaitForMultipleObjects
MessageBoxW
FindWindowW

wintrust

WinVerifyTrust

userenv

CreateEnvironmentBlock
UnloadUserProfile
DestroyEnvironmentBlock

Exports

Exports

AliIMEntry
ChromeMain
GetHandleVerifier
RelaunchChromeBrowserWithNewCommandLineIfNeeded

Sections

.text
Size: 665KB - Virtual size: 664KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

472a67b849a2344eb47727957a049fa4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

34:8a:4d:46:c9:a1:a9:ed:c2:b4:81:84:65:a6:6b:edCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

e8:df:2f:97:80:89:d6:32:5b:c7:54:d8:ce:8c:75:0e:8b:31:11:00Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

imm32

wininet

ws2_32

winmm

shlwapi

advapi32

kernel32

ole32

oleaut32

user32

wintrust

userenv

Exports

Exports

Sections

.text Size: 665KB - Virtual size: 664KB

.rdata Size: 161KB - Virtual size: 160KB

.data Size: 10KB - Virtual size: 30KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 244KB - Virtual size: 244KB

.reloc Size: 29KB - Virtual size: 29KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

34:8a:4d:46:c9:a1:a9:ed:c2:b4:81:84:65:a6:6b:ed
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

e8:df:2f:97:80:89:d6:32:5b:c7:54:d8:ce:8c:75:0e:8b:31:11:00
Signer

.text
Size: 665KB - Virtual size: 664KB

.rdata
Size: 161KB - Virtual size: 160KB

.data
Size: 10KB - Virtual size: 30KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 244KB - Virtual size: 244KB

.reloc
Size: 29KB - Virtual size: 29KB