410c11583a695a0ecb3d30fdabaf1512_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

410c11583a695a0ecb3d30fdabaf1512_JaffaCakes118
Size

6.8MB
MD5

410c11583a695a0ecb3d30fdabaf1512
SHA1

1bb7e2af3b5eb1d63b412668883e31f6c7fe43c3
SHA256

f428df62e1e8d589746e86440018102080070cf3f1c4b78afd3ef1bea1ac0a4f
SHA512

07cfa3b725a4cef8f881f7c616536d2c4dbaf9013b0e8f0de52b9412674c223f50a23772c62c740c693379f57d4f631a8fb83852b2fbe741387f3525c91a066b
SSDEEP

98304:preJK/qfXcrM0vt1+a+yGEGsdeyavOtkq3Aq4Qk79W5wYHL3FQKHc44IXv+Z/e:pXqfNU1+Gvpeyayl3AvD9W5w2mIXv+c

Score

1^/10

Malware Config

Signatures

Files

410c11583a695a0ecb3d30fdabaf1512_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5a151b91bb6127899b0b4a5587f11b5c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:c8:af:24:c6:02:cb:90:fe:71:87:5f:1c:4c:ec:80
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18-03-2014 00:00

Not After

17-03-2017 23:59

Subject

CN=Nanjing Tongxiang Network Technology Co.\,LTD,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT,O=Nanjing Tongxiang Network Technology Co.\,LTD,L=Nanjing,ST=Jiangsu,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:4c:1d:8d:d0:66:07:31:14:d0:f7:75:6a:9b:39:78
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

18-03-2016 00:00

Not After

17-03-2017 23:59

Subject

CN=Nanjing Tongxiang Network Technology Co.\,LTD,OU=IT,O=Nanjing Tongxiang Network Technology Co.\,LTD,L=Nanjing,ST=Jiangsu,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11-06-2015 00:00

Not After

29-12-2020 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01-01-1997 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b9:74:4c:c9:cc:1d:30:36:54:ad:4b:4e:f1:ee:6e:08:00:3c:2c:a0:12:31:03:cc:1d:5e:8b:95:7a:d4:d6:08
Signer

Actual PE Digest

b9:74:4c:c9:cc:1d:30:36:54:ad:4b:4e:f1:ee:6e:08:00:3c:2c:a0:12:31:03:cc:1d:5e:8b:95:7a:d4:d6:08

Digest Algorithm

sha256

PE Digest Matches

true

7c:31:0b:b3:c0:a6:4b:f2:6a:56:93:cc:68:c0:7b:18:dc:e7:44:45
Signer

Actual PE Digest

7c:31:0b:b3:c0:a6:4b:f2:6a:56:93:cc:68:c0:7b:18:dc:e7:44:45

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\WorkSpace\Setup4.0\build_temp\Win32\link\release_static\txWifigxSetup\txWifigxSetup.pdb

Imports

msimg32

AlphaBlend

comctl32

_TrackMouseEvent

riched20

ord4

kernel32

ReadFile
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
TerminateThread
SuspendThread
ResumeThread
MulDiv
WideCharToMultiByte
MultiByteToWideChar
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
InterlockedIncrement
GetModuleFileNameW
WriteFile
LocalFree
GetProcessHeap
WriteConsoleW
FlushFileBuffers
SetStdHandle
CreateFileA
GetConsoleMode
GetConsoleCP
SetEndOfFile
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetCurrentProcessId
QueryPerformanceCounter
HeapCreate
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
RtlUnwind
ExitProcess
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
RaiseException
HeapReAlloc
HeapAlloc
HeapFree
CreateThread
GetCurrentThreadId
ExitThread
GetSystemTimeAsFileTime
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DecodePointer
EncodePointer
SetFilePointer
GetFileSize
lstrlenW
CreateFileW
SetFileTime
GetFullPathNameW
Sleep
InterlockedDecrement
GetVersion
GetNativeSystemInfo
FreeResource
OpenEventW
CreateEventW
ResetEvent
SetEvent
SetFileAttributesW
DeleteFileW
GetFileAttributesW
CreateDirectoryW
LoadLibraryW
OutputDebugStringA
SetCurrentDirectoryW
FindClose
FindFirstFileW
LockResource
GetLastError
SizeofResource
LoadResource
FindResourceW
GetTickCount
WaitForSingleObject
CreateProcessW
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetProcAddress
TerminateProcess
OpenProcess
GetModuleHandleW
OutputDebugStringW

user32

FillRect
DrawTextW
DrawIconEx
CopyImage
CharPrevW
RedrawWindow
ClientToScreen
GetSysColor
OffsetRect
GetAsyncKeyState
GetWindowTextLengthW
SetForegroundWindow
GetWindowTextW
SystemParametersInfoW
MapWindowPoints
SetWindowTextW
CharNextA
SetCursor
ChildWindowFromPointEx
CreateAcceleratorTableW
InvalidateRgn
DestroyAcceleratorTable
SetWindowPos
PostMessageW
PostQuitMessage
MoveWindow
DefWindowProcW
CreateWindowExW
ShowWindow
GetWindowRgn
SetWindowLongW
GetWindowLongW
RegisterClassExW
GetClientRect
CharNextW
DrawFocusRect
IntersectRect
IsRectEmpty
LoadStringW
LoadBitmapW
LoadImageW
GetClassInfoExW
SetPropW
RegisterClassW
GetSystemMetrics
EnableWindow
DestroyIcon
GetPropW
CallWindowProcW
EndPaint
TranslateAcceleratorW
UpdateLayeredWindow
SetWindowRgn
SetTimer
HideCaret
ScreenToClient
GetMessageW
IsIconic
IsChild
SetCapture
KillTimer
IsZoomed
GetKeyState
GetFocus
IsWindowEnabled
SetFocus
ShowCaret
BeginPaint
PtInRect
GetUpdateRect
GetDC
TranslateMessage
InvalidateRect
ReleaseDC
MonitorFromWindow
GetCursorPos
CreateCaret
IsWindow
ReleaseCapture
IsWindowVisible
SetCaretPos
SendMessageW
GetMonitorInfoW
GetWindow
DispatchMessageW
DestroyWindow
GetWindowRect
GetParent
LoadCursorW

gdi32

SelectObject
PtInRegion
CreateCompatibleDC
CreateRectRgn
SetBkColor
StretchBlt
GetTextExtentPoint32W
SetBitmapBits
DeleteDC
CreateCompatibleBitmap
PathToRegion
EndPath
FillRgn
GetRgnBox
DeleteObject
BeginPath
GetStockObject
CreatePen
CreateRoundRectRgn
GetObjectW
GetTextMetricsW
Rectangle
CombineRgn
CreateRectRgnIndirect
CreateFontIndirectW
EnumFontsW
SetStretchBltMode
AngleArc
GetCharABCWidthsW
ExtTextOutW
SelectClipRgn
CreateDIBSection
GetBitmapBits
SetBkMode
BitBlt
MoveToEx
CreateEllipticRgn
SetTextColor
GetDeviceCaps
CreateSolidBrush
TextOutW
ExtSelectClipRgn
RoundRect
LineTo
GetClipBox

advapi32

RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

OleDuplicateData
ReleaseStgMedium
OleLockRunning
DoDragDrop
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance

oleaut32

VariantInit
SysFreeString
OleLoadPicture
VariantClear
SysAllocString

Sections

.text
Size: 533KB - Virtual size: 533KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a151b91bb6127899b0b4a5587f11b5c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

6a:c8:af:24:c6:02:cb:90:fe:71:87:5f:1c:4c:ec:80Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

6e:4c:1d:8d:d0:66:07:31:14:d0:f7:75:6a:9b:39:78Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9eCertificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

b9:74:4c:c9:cc:1d:30:36:54:ad:4b:4e:f1:ee:6e:08:00:3c:2c:a0:12:31:03:cc:1d:5e:8b:95:7a:d4:d6:08Signer

7c:31:0b:b3:c0:a6:4b:f2:6a:56:93:cc:68:c0:7b:18:dc:e7:44:45Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msimg32

comctl32

riched20

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 533KB - Virtual size: 533KB

.rdata Size: 120KB - Virtual size: 120KB

.data Size: 11KB - Virtual size: 20KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 6.1MB - Virtual size: 6.1MB

.reloc Size: 57KB - Virtual size: 56KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

6a:c8:af:24:c6:02:cb:90:fe:71:87:5f:1c:4c:ec:80
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

6e:4c:1d:8d:d0:66:07:31:14:d0:f7:75:6a:9b:39:78
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

b9:74:4c:c9:cc:1d:30:36:54:ad:4b:4e:f1:ee:6e:08:00:3c:2c:a0:12:31:03:cc:1d:5e:8b:95:7a:d4:d6:08
Signer

7c:31:0b:b3:c0:a6:4b:f2:6a:56:93:cc:68:c0:7b:18:dc:e7:44:45
Signer

.text
Size: 533KB - Virtual size: 533KB

.rdata
Size: 120KB - Virtual size: 120KB

.data
Size: 11KB - Virtual size: 20KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 6.1MB - Virtual size: 6.1MB

.reloc
Size: 57KB - Virtual size: 56KB