49c380a8351f58f3a4624c82d7fc7b62_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

49c380a8351f58f3a4624c82d7fc7b62_JaffaCakes118
Size

1.9MB
MD5

49c380a8351f58f3a4624c82d7fc7b62
SHA1

7da49845598c6cd81919e5160bf7dcaf9d0706f1
SHA256

7ce3ae81a176f1319b73e09bfe6008c4260619850d02d530e97e2611407d1471
SHA512

e938b72028c922dc61b52da7998c4e6e1a2871e6f65ebdb664617e6ca35e34fdcfc89725054595a6c7fc7e27d56c18ae8e23f2b655d0fc6b80be177ed8a1f6b5
SSDEEP

49152:tHsHhhDb3O4NA+o3D6l+ZDQLnnL96/TBfb3V1bRIZsVJI:Zs/Dbe4A3Dk+ZDQLn56pV1b8

Score

1^/10

Malware Config

Signatures

Files

49c380a8351f58f3a4624c82d7fc7b62_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5b43f01bcb2ec1b2efec3ea792d8e017

Code Sign

03:3d:f7:55:e2:9d:8c:3b:b8:b5:89:6a:e9:e2:b8:54
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-09-2019 00:00

Not After

22-09-2020 12:00

Subject

CN=上海广乐网络科技有限公司,OU=运营部,O=上海广乐网络科技有限公司,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:4f:f3:c6:27:4b:bb:34:b8:8d:9c:05:58:46:97:94
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19-09-2019 00:00

Not After

22-09-2020 12:00

Subject

CN=上海广乐网络科技有限公司,OU=运营部,O=上海广乐网络科技有限公司,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:74:fb:49:d3:cd:07:fe:93:38:f0:66:c0:c3:ad:bc:c0:00:a0:f3:5a:5f:75:22:39:f9:f1:cc:23:f6:86:3c
Signer

Actual PE Digest

65:74:fb:49:d3:cd:07:fe:93:38:f0:66:c0:c3:ad:bc:c0:00:a0:f3:5a:5f:75:22:39:f9:f1:cc:23:f6:86:3c

Digest Algorithm

sha256

PE Digest Matches

true

f1:33:61:78:32:df:38:df:02:0b:bd:fc:8b:2e:f4:36:c2:58:ef:0e
Signer

Actual PE Digest

f1:33:61:78:32:df:38:df:02:0b:bd:fc:8b:2e:f4:36:c2:58:ef:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recv
send
bind
WSASetLastError
select
closesocket
connect
__WSAFDIsSet
getsockname
ioctlsocket
WSAGetLastError
ntohl
getsockopt
htons
ntohs
setsockopt
socket
WSAIoctl
WSAStartup
WSACleanup
getaddrinfo
freeaddrinfo
sendto
accept
listen
gethostname
htonl
getpeername
recvfrom

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcess
WaitForSingleObject
DuplicateHandle
Sleep
GetCurrentThread
RaiseException
CreateThread
ReadFile
QueryDosDeviceW
GetVolumeInformationW
GetLongPathNameW
GetTempPathW
GetFileAttributesW
UnmapViewOfFile
GetLogicalDriveStringsW
GetFileAttributesExW
GetCurrentDirectoryW
MoveFileExW
GetTempFileNameW
CreateFileMappingW
MapViewOfFile
GetCommandLineW
LocalFree
FileTimeToSystemTime
QueryPerformanceFrequency
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
TryEnterCriticalSection
CreateFileW
TlsAlloc
TlsGetValue
TlsFree
GetModuleHandleExW
GetVersionExW
GetNativeSystemInfo
GetFileSizeEx
LockFile
SetEndOfFile
UnlockFile
GetTickCount
FlushFileBuffers
FindFirstFileW
FindNextFileW
FindClose
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
LoadLibraryW
WaitForMultipleObjects
GetSystemInfo
QueryPerformanceCounter
OutputDebugStringA
WriteFile
GetModuleHandleW
GetCurrentThreadId
CreateEventW
GetModuleHandleA
ExpandEnvironmentStringsW
WideCharToMultiByte
WriteConsoleW
MultiByteToWideChar
lstrcmpiA
lstrcatW
GetModuleFileNameW
GetModuleFileNameA
GetCommandLineA
CloseHandle
CreateMutexW
GetLocalTime
WritePrivateProfileStringA
GetPrivateProfileStringA
LoadLibraryExW
GetProcAddress
FreeLibrary
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
IsDebuggerPresent
GlobalAlloc
GetFileTime
CreateProcessA
CreatePipe
HeapCreate
FlushInstructionCache
FormatMessageA
GetCurrentProcessId
SetFilePointerEx
DeleteFileW
SetEnvironmentVariableA
TlsSetValue
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExA
ReadConsoleW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
FreeLibraryAndExitThread
ExitThread
GetDriveTypeW
GetACP
SetStdHandle
ExitProcess
GetConsoleMode
GetConsoleCP
RtlUnwind
GetFullPathNameW
GetComputerNameW
DeviceIoControl
SetThreadAffinityMask
LoadLibraryExA
lstrcmpiW
ExpandEnvironmentStringsA
lstrcpynW
ReleaseMutex
CreateProcessW
GetFileSize
HeapFree
LoadLibraryA
HeapAlloc
GetProcessHeap
IsBadReadPtr
DeleteFileA
MoveFileExA
GetTempPathA
GetTempFileNameA
CopyFileA
FindFirstFileA
FindNextFileA
lstrcpyW
GetExitCodeProcess
DecodePointer
HeapDestroy
HeapReAlloc
HeapSize
InitializeCriticalSection
TerminateThread
lstrlenW
OpenProcess
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
WriteProcessMemory
CreateRemoteThread
TerminateProcess
FormatMessageW
EncodePointer
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
SwitchToThread
SleepEx
VerSetConditionMask
GetSystemDirectoryW
VerifyVersionInfoW
WaitForSingleObjectEx
GetStdHandle
GetFileType
PeekNamedPipe
AreFileApisANSI
GetSystemTime
LockFileEx
CreateFileMappingA
HeapCompact
CreateFileA
OutputDebugStringW
GetFileAttributesA
GetDiskFreeSpaceA
HeapValidate
UnlockFileEx
GetFullPathNameA
SetFilePointer
GetDiskFreeSpaceW

user32

PostQuitMessage
KillTimer
DestroyWindow
DefWindowProcW
TranslateMessage
CreateWindowExW
RegisterClassExW
DispatchMessageW
SetTimer
GetWindowLongW
IsWindowVisible
WindowFromPoint
GetWindowThreadProcessId
GetMonitorInfoW
MonitorFromWindow
EnumDisplayDevicesW
EnumDisplaySettingsW
wsprintfW
CharUpperA
FindWindowW
GetClassNameW
GetWindowTextW
GetSystemMetrics
OpenDesktopW
CreateDesktopW
SetThreadDesktop
MoveWindow
GetMessageW
CloseDesktop
SendMessageTimeoutW
CharLowerA
GetClassInfoExW
GetClientRect
SetWindowLongW
IsWindow
ShowWindow

advapi32

CryptDestroyHash
ConvertSidToStringSidA
OpenSCManagerW
EnumServicesStatusW
OpenProcessToken
GetTokenInformation
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyKey
CryptImportKey
RegQueryInfoKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptEncrypt
LookupAccountNameW

ole32

OleUninitialize
OleInitialize
CoInitialize
CoCreateInstance
StringFromCLSID
CoCreateGuid
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
StringFromGUID2
CoGetObject
CLSIDFromString
IIDFromString
OleSetContainedObject

shlwapi

PathAddExtensionW
StrCpyW
PathFindFileNameW
ord156
PathFileExistsA
PathFileExistsW
StrCmpIW
PathCombineW
StrIsIntlEqualW
PathAppendW
PathRemoveFileSpecW
PathStripPathW

wininet

FindCloseUrlCache
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA

crypt32

CertEnumCertificatesInStore
CryptUnprotectData
CertOpenStore
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryW
CertAddCertificateContextToStore
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

gdi32

CreateDCW
DeleteDC
GetDeviceCaps

iphlpapi

GetAdaptersInfo

oleaut32

VariantClear

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b43f01bcb2ec1b2efec3ea792d8e017

Code Sign

03:3d:f7:55:e2:9d:8c:3b:b8:b5:89:6a:e9:e2:b8:54Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

06:4f:f3:c6:27:4b:bb:34:b8:8d:9c:05:58:46:97:94Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

65:74:fb:49:d3:cd:07:fe:93:38:f0:66:c0:c3:ad:bc:c0:00:a0:f3:5a:5f:75:22:39:f9:f1:cc:23:f6:86:3cSigner

f1:33:61:78:32:df:38:df:02:0b:bd:fc:8b:2e:f4:36:c2:58:ef:0eSigner

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

version

kernel32

user32

advapi32

ole32

shlwapi

wininet

crypt32

gdi32

iphlpapi

oleaut32

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 298KB - Virtual size: 298KB

.data Size: 160KB - Virtual size: 189KB

.gfids Size: 1KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 57KB - Virtual size: 56KB

03:3d:f7:55:e2:9d:8c:3b:b8:b5:89:6a:e9:e2:b8:54
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

06:4f:f3:c6:27:4b:bb:34:b8:8d:9c:05:58:46:97:94
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

65:74:fb:49:d3:cd:07:fe:93:38:f0:66:c0:c3:ad:bc:c0:00:a0:f3:5a:5f:75:22:39:f9:f1:cc:23:f6:86:3c
Signer

f1:33:61:78:32:df:38:df:02:0b:bd:fc:8b:2e:f4:36:c2:58:ef:0e
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 298KB - Virtual size: 298KB

.data
Size: 160KB - Virtual size: 189KB

.gfids
Size: 1KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 57KB - Virtual size: 56KB