3ae14eac99c4414b55e9df32f4696b3f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3ae14eac99c4414b55e9df32f4696b3f_JaffaCakes118
Size

962KB
MD5

3ae14eac99c4414b55e9df32f4696b3f
SHA1

14c0c2330b40ce4e616e239460d6fabcc6f3d211
SHA256

0cb009f3cddf5f79fa01f55aae494ed213b3901ca20467af6fba4d0ba19e2586
SHA512

bfbe29559a17cff08182062bf104f34ed66fc6a144a6a86c388d49468ff89d2a7ca1a6ee6ea75408bc2d70e48986184e5e9c94e52f8d8dd98a7db9adbb61f745
SSDEEP

24576:pUtuP9QXY58QKZXRgtL4JL4mUFvv+Cgje:pUUPOQ8QKZX4L4KmUNmzC

Score

1^/10

Malware Config

Signatures

Files

3ae14eac99c4414b55e9df32f4696b3f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

011b79a1c8b3908b5d80d9e19456d6f9

Code Sign

5c:ca:a8:23:69:a2:6a:ee:30:d0:17:61:6b:1c:eb:69
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23-02-2017 00:00

Not After

23-02-2018 23:59

Subject

CN=Wondershare Technology Co.\,Ltd,OU=Information Security,O=Wondershare Technology Co.\,Ltd,L=Lasa,ST=Xizang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:57:24:d0:90:e9:62:0d:6f:f0:b1:84:72:79:a6:8d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22-02-2017 00:00

Not After

22-02-2018 23:59

Subject

CN=Wondershare Technology Co.\,Ltd,OU=Information Security,O=Wondershare Technology Co.\,Ltd,L=Lasa,ST=Xizang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8e:d6:1a:fe:05:f8:3f:bd:c1:a9:1c:ad:c8:47:93:51:96:28:cb:69:cf:7c:81:8c:8f:9e:42:f2:76:37:35:72
Signer

Actual PE Digest

8e:d6:1a:fe:05:f8:3f:bd:c1:a9:1c:ad:c8:47:93:51:96:28:cb:69:cf:7c:81:8c:8f:9e:42:f2:76:37:35:72

Digest Algorithm

sha256

PE Digest Matches

true

a2:fd:dd:60:fb:50:40:21:24:23:b2:39:7f:6e:65:bc:25:36:bb:d5
Signer

Actual PE Digest

a2:fd:dd:60:fb:50:40:21:24:23:b2:39:7f:6e:65:bc:25:36:bb:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

comctl32

ord17
_TrackMouseEvent

kernel32

GetCurrentProcessId
OpenProcess
GetCurrentThreadId
SetUnhandledExceptionFilter
lstrcmpW
GetEnvironmentVariableW
CreateProcessW
TerminateProcess
SetErrorMode
CreateSemaphoreW
GetFileAttributesW
GetCurrentDirectoryW
LoadLibraryW
ExitProcess
FreeResource
GetACP
InterlockedIncrement
InterlockedDecrement
GetFileType
DuplicateHandle
SystemTimeToFileTime
DosDateTimeToFileTime
CreateDirectoryW
SetFileTime
GetFileSize
MulDiv
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleHandleA
QueryPerformanceCounter
GetEnvironmentStringsW
GetModuleHandleW
GetModuleFileNameW
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetConsoleMode
GetConsoleCP
SetHandleCount
LCMapStringA
GetModuleFileNameA
GetStdHandle
HeapCreate
VirtualAlloc
VirtualFree
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitThread
MoveFileW
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
RaiseException
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetEnvironmentStrings
VirtualQuery
GetProcAddress
GetVolumeInformationA
GetSystemDirectoryA
lstrcatW
GetTimeZoneInformation
lstrlenA
GetTempPathW
TerminateThread
GetFileAttributesExW
GetSystemDefaultLCID
WaitForMultipleObjects
SetEndOfFile
ReadFile
SetFilePointerEx
SetFileAttributesW
GetFileSizeEx
Sleep
DeleteFileW
GetTickCount
SetFilePointer
WriteFile
CreateThread
SetEvent
CreateEventW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersionExW
GetCurrentProcess
SetPriorityClass
GetLastError
SetEnvironmentVariableA
DeviceIoControl
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateFileW
MultiByteToWideChar
lstrlenW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
CreateFileA
CompareStringA
CompareStringW
FreeEnvironmentStringsW

user32

GetWindowTextW
wvsprintfW
SetCursor
InflateRect
OffsetRect
SetWindowRgn
IsZoomed
GetWindowTextLengthW
SetWindowTextW
CharNextW
IntersectRect
FillRect
DrawTextW
CharPrevW
SetRect
MonitorFromWindow
LoadImageW
CallWindowProcW
GetWindowRect
GetSystemMetrics
SetWindowPos
wsprintfW
PostMessageW
InvalidateRgn
MoveWindow
CreateAcceleratorTableW
MessageBoxW
FindWindowW
IsIconic
ShowWindow
SetForegroundWindow
GetLastActivePopup
CreatePopupMenu
AppendMenuW
TrackPopupMenu
ScreenToClient
PtInRect
LoadIconW
PostQuitMessage
GetCursorPos
BringWindowToTop
SetActiveWindow
GetKeyState
GetDC
GetClientRect
SetWindowLongW
GetWindowLongW
InvalidateRect
SetTimer
KillTimer
IsWindow
SetCapture
ReleaseCapture
ReleaseDC
DestroyWindow
SetFocus
GetPropW
GetFocus
CreateWindowExW
MapWindowPoints
SendMessageW
IsRectEmpty
EndPaint
BeginPaint
GetUpdateRect
GetWindow
GetParent
DispatchMessageW
TranslateMessage
GetMessageW
GetClassInfoExW
RegisterClassExW
DefWindowProcW
EnableWindow
LoadCursorW
RegisterClassW
GetMenu
AdjustWindowRectEx
SetPropW
GetMonitorInfoW

gdi32

CreateCompatibleBitmap
SaveDC
BitBlt
RestoreDC
Rectangle
DeleteDC
CreatePen
GetStockObject
GetObjectW
CreateFontIndirectW
DeleteObject
SetTextColor
GetTextMetricsW
SetStretchBltMode
ExtTextOutW
CreateCompatibleDC
LineTo
MoveToEx
CreatePenIndirect
RoundRect
TextOutW
GetTextExtentPoint32W
GetCharABCWidthsW
GetDeviceCaps
GetObjectA
SetBkMode
SelectClipRgn
ExtSelectClipRgn
CreateRectRgnIndirect
CreateRoundRectRgn
SetBkColor
CreateSolidBrush
GetClipBox
CombineRgn
StretchBlt
SelectObject
SetWindowOrgEx
CreateDIBSection

advapi32

RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegQueryInfoKeyW

shell32

ShellExecuteExW
SHBrowseForFolderW
Shell_NotifyIconW
SHFileOperationW
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteW
ord165
SHGetFolderPathW
SHGetPathFromIDListW

ole32

OleLockRunning
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoInitialize
CoCreateGuid

oleaut32

VariantInit
SysFreeString
VariantClear
SysAllocString

shlwapi

PathFileExistsW

gdiplus

GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateLineBrushI
GdiplusStartup
GdipDeleteFont
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipAlloc
GdipFree
GdipDeleteBrush
GdiplusShutdown
GdipCloneBrush

ws2_32

send
WSAStartup
gethostbyname
recv
select
WSAGetLastError
connect
htons
closesocket
ioctlsocket
inet_ntoa
socket
WSACleanup

winhttp

WinHttpSendRequest
WinHttpOpen
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpCrackUrl
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpConnect
WinHttpSetTimeouts

iphlpapi

GetAdaptersAddresses

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 438KB - Virtual size: 437KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 380KB - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

011b79a1c8b3908b5d80d9e19456d6f9

Code Sign

5c:ca:a8:23:69:a2:6a:ee:30:d0:17:61:6b:1c:eb:69Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

3d:57:24:d0:90:e9:62:0d:6f:f0:b1:84:72:79:a6:8dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

8e:d6:1a:fe:05:f8:3f:bd:c1:a9:1c:ad:c8:47:93:51:96:28:cb:69:cf:7c:81:8c:8f:9e:42:f2:76:37:35:72Signer

a2:fd:dd:60:fb:50:40:21:24:23:b2:39:7f:6e:65:bc:25:36:bb:d5Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

ws2_32

winhttp

iphlpapi

dbghelp

Sections

.text Size: 438KB - Virtual size: 437KB

.rdata Size: 88KB - Virtual size: 87KB

.data Size: 11KB - Virtual size: 24KB

.rsrc Size: 380KB - Virtual size: 379KB

.reloc Size: 31KB - Virtual size: 31KB

5c:ca:a8:23:69:a2:6a:ee:30:d0:17:61:6b:1c:eb:69
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

3d:57:24:d0:90:e9:62:0d:6f:f0:b1:84:72:79:a6:8d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

8e:d6:1a:fe:05:f8:3f:bd:c1:a9:1c:ad:c8:47:93:51:96:28:cb:69:cf:7c:81:8c:8f:9e:42:f2:76:37:35:72
Signer

a2:fd:dd:60:fb:50:40:21:24:23:b2:39:7f:6e:65:bc:25:36:bb:d5
Signer

.text
Size: 438KB - Virtual size: 437KB

.rdata
Size: 88KB - Virtual size: 87KB

.data
Size: 11KB - Virtual size: 24KB

.rsrc
Size: 380KB - Virtual size: 379KB

.reloc
Size: 31KB - Virtual size: 31KB