421c8b1230436f3caf0d6e15d8296695_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

421c8b1230436f3caf0d6e15d8296695_JaffaCakes118
Size

3.7MB
MD5

421c8b1230436f3caf0d6e15d8296695
SHA1

128dcd72392689e48906fee8abf04eaad6363c33
SHA256

2884c2623c62a559fb8a26894234c423600a1824a79111c1755eaede56ba6968
SHA512

cbd7092888312e2c9de7eebae672869a66e907a1a74947075aa192197ed9e9a93764dc50fe8e958a18c6a09907296e4b8dd3de1992b69ad514d9883088503c61
SSDEEP

49152:0mTbz/JqX6SU9kTT2KquNJmG5LIEdtNYVW1YqUcut/A+RKQvRzUUOcZnMsoHf7Te:0ok4kVquNtbdtNAqS1A+BvF/bJ5Yf/e

Score

1^/10

Malware Config

Signatures

Files

421c8b1230436f3caf0d6e15d8296695_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7d9019729c435f39dfe382c7670cfa9f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/02/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/01/2016, 00:00

Not After

28/03/2019, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:db:93:34:ed:2a:c8:b5:e5:7d:52:7a:aa:87:be:fe:9e:26:a1:81:26:60:08:97:a1:25:ae:e6:59:f9:93:10
Signer

Actual PE Digest

74:db:93:34:ed:2a:c8:b5:e5:7d:52:7a:aa:87:be:fe:9e:26:a1:81:26:60:08:97:a1:25:ae:e6:59:f9:93:10

Digest Algorithm

sha256

PE Digest Matches

true

44:8c:16:72:03:d4:c4:03:0e:93:b8:d9:be:ae:df:da:3e:17:7a:f1
Signer

Actual PE Digest

44:8c:16:72:03:d4:c4:03:0e:93:b8:d9:be:ae:df:da:3e:17:7a:f1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\QQPCMatrix\trunk\Output\PacketTool\RunWin10.pdb

Imports

kernel32

RaiseException
DeleteCriticalSection
GetModuleHandleW
InterlockedIncrement
TerminateProcess
SetUnhandledExceptionFilter
GetSystemDirectoryW
FreeResource
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
Process32NextW
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
ExitProcess
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetCPInfo
HeapCreate
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
UnhandledExceptionFilter
CreateFileA
GetVersionExW
GlobalLock
FreeLibrary
Process32FirstW
CreateToolhelp32Snapshot
GetProcAddress
GetCurrentProcess
OpenProcess
lstrcmpiW
ProcessIdToSessionId
LoadLibraryW
WideCharToMultiByte
LoadLibraryExW
InterlockedDecrement
GetLastError
FindResourceExW
LoadResource
LockResource
SizeofResource
lstrlenW
FindResourceW
lstrlenA
MultiByteToWideChar
WritePrivateProfileStringW
GetPrivateProfileStringW
GetCurrentProcessId
GetLocalTime
GetFileType
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
Sleep
InterlockedExchange
SetFilePointer
WriteFile
InterlockedCompareExchange
CreateFileW
GetCurrentThreadId
CloseHandle
EnterCriticalSection
InitializeCriticalSection
GetFileAttributesW
GlobalAlloc
ReadFile
GetFileSize
VirtualAlloc
VirtualFree
LoadLibraryA
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
GetVersion
LCMapStringA
HeapAlloc
HeapDestroy

user32

UnregisterClassA
CharNextW
InflateRect
CopyImage
GetDC
ReleaseDC

gdi32

BitBlt
CreateBitmap
StretchBlt
Rectangle
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontIndirectW
GetStockObject
GetObjectW
ExtTextOutW
SetBkColor
DeleteObject
SelectObject
CreatePen
SetTextColor
DeleteDC

advapi32

RegOpenKeyW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
CreateProcessAsUserW
DuplicateTokenEx
LookupPrivilegeValueW
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW

shell32

SHCreateDirectoryExW

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemRealloc

oleaut32

VarUI4FromStr
OleLoadPicture

shlwapi

PathFileExistsW
StrToIntA

gdiplus

GdipCreateSolidFill
GdipFillRectangleI
GdipFree
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipCreateHBITMAPFromBitmap
GdipLoadImageFromStream
GdipCreateBitmapFromStream
GdipCloneImage
GdipDisposeImage
GdipDeleteGraphics
GdiplusShutdown
GdiplusStartup
GdipDrawImageRectI
GdipCloneBrush
GdipAlloc
GdipDrawImageRectRectI
GdipDeleteBrush
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes

userenv

CreateEnvironmentBlock

Sections

.text
Size: 232KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d9019729c435f39dfe382c7670cfa9f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9Certificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

74:db:93:34:ed:2a:c8:b5:e5:7d:52:7a:aa:87:be:fe:9e:26:a1:81:26:60:08:97:a1:25:ae:e6:59:f9:93:10Signer

44:8c:16:72:03:d4:c4:03:0e:93:b8:d9:be:ae:df:da:3e:17:7a:f1Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

userenv

Sections

.text Size: 232KB - Virtual size: 230KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 3.4MB - Virtual size: 3.4MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

74:db:93:34:ed:2a:c8:b5:e5:7d:52:7a:aa:87:be:fe:9e:26:a1:81:26:60:08:97:a1:25:ae:e6:59:f9:93:10
Signer

44:8c:16:72:03:d4:c4:03:0e:93:b8:d9:be:ae:df:da:3e:17:7a:f1
Signer

.text
Size: 232KB - Virtual size: 230KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 3.4MB - Virtual size: 3.4MB