43f074cb354cc457b2e3050c7ea4f8d7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

43f074cb354cc457b2e3050c7ea4f8d7_JaffaCakes118
Size

340KB
MD5

43f074cb354cc457b2e3050c7ea4f8d7
SHA1

84b3a9a50ac341c70292df6d8e5a2248000102d4
SHA256

146633ea70409a295c1c0dcf194a78e5b7f3dd3ffc87a2d8c440e38bd655f278
SHA512

870bc8dee1216a57cb48582d02f6a89c449e76ef7befa214ce3e5c73bd493592d14608cd5fcae1a9701056e78593cbc567de46f74785998d2850a78511e4f195
SSDEEP

6144:MSfOf4EPwQXJrfB3+pqFOqLVJ5bbZXegqw48gyH0YtnbvK/kFZj:MShEPwQXJrp3j0WJtbZU8JFtrymB

Score

1^/10

Malware Config

Signatures

Files

43f074cb354cc457b2e3050c7ea4f8d7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

74c8e1a7d906b084a42f6d694e7201b2

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:70:22:1d:7d:90:98:4a:40:cc:fd:a9:40:78:aa:46
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

30/09/2009, 00:00

Not After

30/09/2010, 23:59

Subject

CN=Shenzhen DriveTheLife Software Technology Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen DriveTheLife Software Technology Co.Ltd,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2d:ae:3c:64:17:ff:d6:83:20:10:08:f4:0b:bd:d1:3e:68:db:75:a3
Signer

Actual PE Digest

2d:ae:3c:64:17:ff:d6:83:20:10:08:f4:0b:bd:d1:3e:68:db:75:a3

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\WORK\玩一下10.1\6.24玩一下\release\wanyixiaUpdateUI.pdb

Imports

gzipdll

unzip

mfc80ud

ord7034
ord4114
ord2522
ord5313
ord7276
ord8601
ord6873
ord1341
ord5287
ord7570
ord2644
ord2689
ord6009
ord8669
ord5279
ord8667
ord5613
ord5655
ord386
ord1416
ord2634
ord5045
ord6278
ord5770
ord8386
ord7991
ord8391
ord8424
ord5502
ord573
ord832
ord7664
ord4646
ord3469
ord2725
ord6482
ord289
ord3663
ord3187
ord422
ord742
ord3121
ord1975
ord4487
ord1669
ord2784
ord5941
ord6179
ord3999
ord6998
ord2152
ord2221
ord2222
ord2580
ord6970
ord1864
ord6730
ord4655
ord8670
ord5280
ord8668
ord2064
ord2992
ord3002
ord7036
ord3268
ord3266
ord3284
ord3296
ord3273
ord3289
ord3294
ord3277
ord3279
ord3281
ord3275
ord3291
ord3271
ord1184
ord1180
ord1182
ord1178
ord1173
ord7050
ord7052
ord8194
ord2153
ord5961
ord6455
ord4775
ord1802
ord2994
ord7001
ord5856
ord8666
ord6841
ord2508
ord6946
ord5922
ord1916
ord5499
ord2176
ord2179
ord8117
ord9157
ord2100
ord2101
ord2244
ord2245
ord6638
ord6468
ord5884
ord6977
ord9137
ord288
ord2029
ord919
ord3402
ord1160
ord5503
ord6266
ord7046
ord7011
ord7553
ord3508
ord3803
ord3972
ord5990
ord3780
ord3975
ord3511
ord3684
ord3503
ord5151
ord5152
ord5142
ord3682
ord5506
ord6174
ord5940
ord2891
ord1757
ord7685
ord4638
ord3080
ord714
ord2646
ord2595
ord3253
ord5633
ord1578
ord1358
ord8227
ord1396
ord1485
ord5311
ord908
ord888
ord662
ord5087
ord6237
ord1142
ord1145
ord286
ord299
ord673
ord921
ord901
ord1435
ord3286
ord893

msvcr80d

_crt_debugger_hook
_except_handler4_common
_invoke_watson
_controlfp_s
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_initterm_e
_initterm
_CrtDbgReportW
_CrtSetCheckCount
_wcmdln
_cexit
_XcptFilter
_exit
__wgetmainargs
_amsg_exit
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_errno
exit
_beginthreadex
wcslen
memmove_s
_wcsicmp
memcmp
_recalloc
calloc
__CxxFrameHandler3
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_snprintf_s
_CxxThrowException
_CrtDbgReport
free
strcpy
wcscpy
_vsnprintf_s
memset
_vsnwprintf_s
_snwprintf_s
wcscpy_s
wcsncpy_s
strcpy_s

kernel32

SetThreadPriority
CloseHandle
Sleep
CreateMutexW
SetLastError
GetLastError
GetCurrentProcess
GetModuleFileNameW
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
ResumeThread
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
FatalAppExitA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
OpenFileMappingA
GetVersion
MultiByteToWideChar
GetTickCount
GetCurrentThread
CreateFileMappingA
MapViewOfFile
QueryPerformanceCounter
GetSystemInfo
UnmapViewOfFile
VirtualAlloc
lstrlenA
OutputDebugStringW
OutputDebugStringA
OpenEventA
SetEvent
RaiseException
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
MulDiv

user32

OffsetRect
InflateRect
EqualRect
SetRectEmpty
SubtractRect
IntersectRect
IsRectEmpty
RegisterClassW
GetSysColor
PtInRect
UnionRect
LoadCursorW
SetRect
CopyRect
PostMessageW
GetSystemMetrics
FindWindowW
DefDlgProcW

gdi32

CreateSolidBrush

shell32

ShellExecuteW
SHFileOperationW

comctl32

InitCommonControlsEx

shlwapi

PathRemoveFileSpecW

ws2_32

WSAStartup

gdiplus

GdiplusStartup
GdiplusShutdown

advapi32

SetThreadToken
RevertToSelf
OpenThreadToken

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

(b
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

74c8e1a7d906b084a42f6d694e7201b2

Code Sign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0dCertificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

6a:70:22:1d:7d:90:98:4a:40:cc:fd:a9:40:78:aa:46Certificate

Extended Key Usages

Key Usages

2d:ae:3c:64:17:ff:d6:83:20:10:08:f4:0b:bd:d1:3e:68:db:75:a3Signer

Headers

File Characteristics

PDB Paths

Imports

gzipdll

mfc80ud

msvcr80d

kernel32

user32

gdi32

shell32

comctl32

shlwapi

ws2_32

gdiplus

advapi32

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 24KB - Virtual size: 23KB

(b Size: 240KB - Virtual size: 240KB

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

6a:70:22:1d:7d:90:98:4a:40:cc:fd:a9:40:78:aa:46
Certificate

2d:ae:3c:64:17:ff:d6:83:20:10:08:f4:0b:bd:d1:3e:68:db:75:a3
Signer

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 24KB - Virtual size: 23KB

(b
Size: 240KB - Virtual size: 240KB