42fbaaacd8d4b528f9205e28aa036789_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42fbaaacd8d4b528f9205e28aa036789_JaffaCakes118
Size

2.7MB
MD5

42fbaaacd8d4b528f9205e28aa036789
SHA1

0e8e3abbfd1d951523586a7d4809643ac06a209e
SHA256

69d1624b129fcc0b9d963383ab6c304e8a933a42b068aab36832518943dcc781
SHA512

0e6b4804b3990325aaf4c0a93b3544711cb39f58ceafe23cf8a5b70b71125ac88195a991355ffb1d8cdf3b5253c7fdf4c19ff10eacfef6a6f062d5a307dec4c5
SSDEEP

49152:IQhLdQ183FYg3ak1oh+IicU3FTFCIDlUAWlBaJldGf5bBE:Vi839ak1oh+IisIJU9lBapGxu

Score

1^/10

Malware Config

Signatures

Files

42fbaaacd8d4b528f9205e28aa036789_JaffaCakes118
.exe windows:6 windows x86 arch:x86

ef6c6ad08c13f9cb5a329e5283ebb6b5

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:ee:cc:f7:3f:05:11:35:54:88:70:d3:38:6e:4a:9c
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2019, 00:00

Not After

04/01/2023, 12:00

Subject

CN=SHENZHEN THUNDER NETWORKING TECHNOLOGIES LTD.,O=SHENZHEN THUNDER NETWORKING TECHNOLOGIES LTD.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:ee:cc:f7:3f:05:11:35:54:88:70:d3:38:6e:4a:9c
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2019, 00:00

Not After

04/01/2023, 12:00

Subject

CN=SHENZHEN THUNDER NETWORKING TECHNOLOGIES LTD.,O=SHENZHEN THUNDER NETWORKING TECHNOLOGIES LTD.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ba:e5:11:d7:8b:dd:ff:be:25:66:8e:bb:16:e3:cf:0c:02:51:0e:bc:92:d6:35:0b:0a:9a:26:7a:9a:c6:c9:03
Signer

Actual PE Digest

ba:e5:11:d7:8b:dd:ff:be:25:66:8e:bb:16:e3:cf:0c:02:51:0e:bc:92:d6:35:0b:0a:9a:26:7a:9a:c6:c9:03

Digest Algorithm

sha256

PE Digest Matches

true

2d:c2:dd:19:b5:63:9f:9a:63:01:00:ec:aa:26:6d:7e:a7:6c:35:fd
Signer

Actual PE Digest

2d:c2:dd:19:b5:63:9f:9a:63:01:00:ec:aa:26:6d:7e:a7:6c:35:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\workspaces\thunderx\setup\pdb\ProductRelease\ThunderUninstall.pdb

Imports

wininet

InternetOpenUrlA
InternetCloseHandle
InternetOpenA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

CreateThread
WaitForMultipleObjects
lstrcpyW
lstrcatW
GetCPInfoExW
SetFileAttributesW
ReadFile
CreateFileA
CreateDirectoryW
FreeResource
GetDiskFreeSpaceExW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetLocalTime
GetModuleFileNameW
GetSystemDirectoryW
lstrlenW
GetCurrentThreadId
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
SetLastError
MultiByteToWideChar
K32GetModuleFileNameExW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LocalFree
OpenProcess
GetStartupInfoW
CreateProcessW
GetCurrentThread
TerminateProcess
GetCurrentProcessId
OpenMutexW
GetVersionExW
IsWow64Process
GetCurrentProcess
GetModuleHandleW
GetTempPathW
WritePrivateProfileStringW
GetPrivateProfileStringW
MoveFileExW
CopyFileW
CloseHandle
WriteFile
SetFilePointer
RemoveDirectoryW
ResetEvent
GetFileSize
FindNextFileW
FindFirstFileW
FindClose
InitializeCriticalSection
CreateFileW
Sleep
LoadLibraryW
SizeofResource
LockResource
LoadResource
GetProcAddress
FreeLibrary
FindResourceExW
WideCharToMultiByte
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
RtlUnwind
LoadLibraryExW
GetVersionExA
GetVolumeInformationA
DeviceIoControl
SetPriorityClass
GetPrivateProfileStringA
SetEndOfFile
ReadConsoleW
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetStdHandle
DeleteFileW
ReadProcessMemory
GetModuleHandleExW
FreeLibraryAndExitThread
ExitProcess
CreateMutexW
FindResourceW
GetFileSizeEx
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
FormatMessageW
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
GetACP
VerSetConditionMask
MulDiv
VerifyVersionInfoW
GlobalLock
GlobalUnlock
GetFileType
SetFileTime
DuplicateHandle
DosDateTimeToFileTime
SystemTimeToFileTime
GlobalAlloc
SetEvent
CreateDirectoryA
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
lstrcatA
GetFileAttributesA
lstrcpyA
WritePrivateProfileStringA
ExitThread

user32

FindWindowW
GetParent
SetWindowLongW
GetWindowLongW
PostMessageW
SetCursor
InflateRect
UnionRect
OffsetRect
CharNextW
GetDC
ReleaseDC
MonitorFromPoint
MonitorFromWindow
GetMessageW
TranslateMessage
DispatchMessageW
IsWindow
IsWindowVisible
IsZoomed
SetFocus
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
SetTimer
KillTimer
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetClientRect
GetWindowRect
CreateCaret
GetCaretBlinkTime
SetCaretPos
ScreenToClient
MapWindowPoints
GetSysColor
IntersectRect
IsRectEmpty
PtInRect
GetWindow
RegisterClassW
ShowWindow
EnableWindow
SetPropW
GetPropW
DefWindowProcW
UpdateLayeredWindow
MoveWindow
GetWindowRgn
LoadIconW
CharPrevW
DrawTextW
FillRect
SetRect
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
TrackPopupMenu
HideCaret
ShowCaret
GetCaretPos
ClientToScreen
SystemParametersInfoW
SetWindowTextW
GetWindowTextLengthW
IsWindowEnabled
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
SetForegroundWindow
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
wsprintfW
LoadStringW
AllowSetForegroundWindow
CallWindowProcW
RegisterClassExW
GetClassInfoExW
SetWindowRgn
IsIconic
SetWindowPos
DestroyWindow
UnregisterClassW
PostQuitMessage
GetCursorPos
GetMonitorInfoW
GetWindowTextW
LoadImageW
GetSystemMetrics
SendMessageW
LoadCursorW
CreateWindowExW
GetWindowThreadProcessId

gdi32

RestoreDC
GetStockObject
DeleteDC
SaveDC
CreateFontIndirectW
CreateDIBitmap
CreateCompatibleDC
SelectObject
CloseEnhMetaFile
CreateEnhMetaFileW
CreatePen
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
GetEnhMetaFileHeader
DeleteObject
CreateRoundRectRgn
PlayEnhMetaFile
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRectRgn
PtInRegion
CreateDIBSection
CombineRgn
CreatePenIndirect
CreateRectRgnIndirect
CreateSolidBrush
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetTextColor
GetObjectA
MoveToEx
TextOutW
GdiFlush
EnumFontFamiliesExW
GetBitmapBits
SetBitmapBits
SetStretchBltMode

advapi32

RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
CreateProcessAsUserW
OpenProcessToken
OpenThreadToken
DuplicateTokenEx
GetLengthSid
SetTokenInformation
ConvertStringSidToSidW
RegEnumValueW
RegOpenKeyW
RegQueryInfoKeyW
RegCloseKey

shell32

ShellExecuteW
SHGetSpecialFolderPathA
Shell_NotifyIconW
DragQueryFileW
SHCreateDirectoryExW
SHGetFolderPathW
SHChangeNotify
CommandLineToArgvW
ShellExecuteExW

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance
RegisterDragDrop
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
DoDragDrop
OleInitialize
OleUninitialize
CoUninitialize

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

shlwapi

ord176
PathFileExistsW
StrCmpW
StrCmpIW
PathRemoveBackslashW
PathAddBackslashW
PathIsSameRootW
SHDeleteKeyW
PathCombineW
PathAppendW
PathRemoveFileSpecW
PathIsDirectoryW
PathFindFileNameW
StrCpyNW

userenv

UnloadUserProfile

winhttp

WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpQueryDataAvailable

iphlpapi

GetAdaptersInfo

ws2_32

gethostname
WSAStartup
gethostbyname

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

comctl32

InitCommonControlsEx
_TrackMouseEvent
ord17

gdiplus

GdipDeleteGraphics
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetStringFormatTrimming
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetImageAttributesColorKeys
GdipSetImageAttributesWrapMode
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImageRectRect
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign

Sections

.text
Size: 955KB - Virtual size: 954KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef6c6ad08c13f9cb5a329e5283ebb6b5

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

0d:ee:cc:f7:3f:05:11:35:54:88:70:d3:38:6e:4a:9cCertificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

0d:ee:cc:f7:3f:05:11:35:54:88:70:d3:38:6e:4a:9cCertificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

ba:e5:11:d7:8b:dd:ff:be:25:66:8e:bb:16:e3:cf:0c:02:51:0e:bc:92:d6:35:0b:0a:9a:26:7a:9a:c6:c9:03Signer

2d:c2:dd:19:b5:63:9f:9a:63:01:00:ec:aa:26:6d:7e:a7:6c:35:fdSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

winhttp

iphlpapi

ws2_32

imm32

comctl32

gdiplus

Sections

.text Size: 955KB - Virtual size: 954KB

.rdata Size: 196KB - Virtual size: 195KB

.data Size: 10KB - Virtual size: 39KB

.gfids Size: 1024B - Virtual size: 572B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 49KB - Virtual size: 49KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

0d:ee:cc:f7:3f:05:11:35:54:88:70:d3:38:6e:4a:9c
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

0d:ee:cc:f7:3f:05:11:35:54:88:70:d3:38:6e:4a:9c
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

ba:e5:11:d7:8b:dd:ff:be:25:66:8e:bb:16:e3:cf:0c:02:51:0e:bc:92:d6:35:0b:0a:9a:26:7a:9a:c6:c9:03
Signer

2d:c2:dd:19:b5:63:9f:9a:63:01:00:ec:aa:26:6d:7e:a7:6c:35:fd
Signer

.text
Size: 955KB - Virtual size: 954KB

.rdata
Size: 196KB - Virtual size: 195KB

.data
Size: 10KB - Virtual size: 39KB

.gfids
Size: 1024B - Virtual size: 572B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 49KB - Virtual size: 49KB