490ceed98977fd3d80588d09716def56_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

490ceed98977fd3d80588d09716def56_JaffaCakes118
Size

397KB
MD5

490ceed98977fd3d80588d09716def56
SHA1

7b315bcd29d49742323f2d8f83ed3c6a4a80caca
SHA256

71fd5fb6a11e15a3adce811f52f2a80cff16756cd885637dd4504839f9fac107
SHA512

57917f9c5b60879698aa423f147b23f67bb13af2e122ca19baaba51424764ee9b648eae1e73781e792f03cfea166169a581ca2334f72dc07e0133fe71cef8d26
SSDEEP

6144:WVbpxrV0VTp/KevWWhflggv4QzR15ZMA7kEHUFjbP2fj7:6bpNV0VN/1OWhflnD51wVPc

Score

1^/10

Malware Config

Signatures

Files

490ceed98977fd3d80588d09716def56_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8211eeb6f598c471a9d543f8e0d8ef96

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:53:8d:50:dd:44:44:c1:8a:08:8f:c1:54:d9:e9:65
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

13/06/2016, 00:00

Not After

21/01/2017, 23:59

Subject

CN=Yu Bao,OU=Individual Developer,O=No Organization Affiliation,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ed:d1:7c:de:10:34:f4:3b:68:a0:b2:f6:42:d3:48:ec:fa:2e:69:b6
Signer

Actual PE Digest

ed:d1:7c:de:10:34:f4:3b:68:a0:b2:f6:42:d3:48:ec:fa:2e:69:b6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Cvighcrik\agasy.pdb

Imports

kernel32

FindNextFileW
FindClose
GetPrivateProfileStringA
lstrcmpiW
CreateProcessW
WaitForSingleObject
MultiByteToWideChar
FindFirstFileW
DeleteFileW
lstrlenA
GetTempPathW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
ReadFile
CreateFileW
DeleteCriticalSection
DecodePointer
HeapSize
RaiseException
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
ExitProcess
SetLastError
GetLastError
WideCharToMultiByte
CloseHandle
WriteFile
CreateFileA
Sleep
SetEndOfFile
GetStringTypeW
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
FlushFileBuffers
WriteConsoleW
SetStdHandle
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStartupInfoW
GetFileType
ReadConsoleW
GetTickCount
GetModuleFileNameW
GetProcessShutdownParameters
SetFilePointerEx
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetConsoleMode
GetConsoleCP
GetStdHandle
GetModuleHandleExW
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GetLogicalDriveStringsA
GetVolumeInformationA
GetModuleHandleW
GetUserDefaultLCID
GetSystemInfo
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
SetErrorMode
lstrlenW
SetUnhandledExceptionFilter
InitializeCriticalSection
GetCommandLineW
LocalFree
ExpandEnvironmentStringsW
lstrcmpW
CompareFileTime
MoveFileW
MoveFileExW
GetEnvironmentVariableW
GetShortPathNameW
GetFileAttributesW
RemoveDirectoryW
GetVolumeInformationW
GlobalAlloc
DeviceIoControl
GlobalFree
CreateDirectoryW
SetFileTime
SetFileAttributesW
FreeLibrary
LoadLibraryW
SetFilePointer
CreateThread
TerminateProcess
GetSystemTimeAsFileTime
EncodePointer
RtlUnwind
IsProcessorFeaturePresent

user32

RegisterClassExW
LoadIconW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
CreateWindowExW
ShowWindow
UpdateWindow
MessageBoxW
CharLowerW
wsprintfW
LoadCursorW

advapi32

CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptDestroyKey
CryptDecrypt
CryptSetKeyParam
CryptImportKey
CryptAcquireContextW
RegOpenKeyExW
RegCloseKey
CryptCreateHash
CryptGetHashParam
RegQueryInfoKeyW
RegEnumKeyW
RegQueryValueExW
CryptEncrypt

shell32

SHGetSpecialFolderPathW
ord165
SHCreateDirectoryExW
SHGetFolderPathW
CommandLineToArgvW

ole32

CoCreateGuid
CoUninitialize
StringFromGUID2
CoInitialize

shlwapi

StrToIntExA
StrToIntExW
PathFileExistsW
StrStrIW
SHGetValueW
SHDeleteKeyW
SHSetValueA
SHGetValueA
PathAppendW
PathAddBackslashW
SHSetValueW
PathRemoveBackslashW

wininet

HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetConnectA
InternetReadFile
InternetCrackUrlA
InternetOpenW
InternetCloseHandle
InternetOpenUrlW

crypt32

CryptBinaryToStringA

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8211eeb6f598c471a9d543f8e0d8ef96

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

4d:53:8d:50:dd:44:44:c1:8a:08:8f:c1:54:d9:e9:65Certificate

Extended Key Usages

Key Usages

ed:d1:7c:de:10:34:f4:3b:68:a0:b2:f6:42:d3:48:ec:fa:2e:69:b6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

wininet

crypt32

version

dbghelp

Sections

.text Size: 316KB - Virtual size: 316KB

.rdata Size: 67KB - Virtual size: 67KB

.data Size: 7KB - Virtual size: 33KB

.rsrc Size: 2KB - Virtual size: 1KB

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

4d:53:8d:50:dd:44:44:c1:8a:08:8f:c1:54:d9:e9:65
Certificate

ed:d1:7c:de:10:34:f4:3b:68:a0:b2:f6:42:d3:48:ec:fa:2e:69:b6
Signer

.text
Size: 316KB - Virtual size: 316KB

.rdata
Size: 67KB - Virtual size: 67KB

.data
Size: 7KB - Virtual size: 33KB

.rsrc
Size: 2KB - Virtual size: 1KB