4b8340dabe0180229fc8f40ae5527409_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4b8340dabe0180229fc8f40ae5527409_JaffaCakes118
Size

631KB
MD5

4b8340dabe0180229fc8f40ae5527409
SHA1

2931cca636120c729618140dbfbb0c0fdac76bbc
SHA256

13832f7178a4b445d03068b28349ecfd8f98901491b637a2f6a7bcecd7adccb2
SHA512

9f16e795850233a85913bc07b04b07be366df695ef62404c66553da270bcf649a69a61af2d0c9de8da5a9bc90b552cbb67bbab907715a7c0226df83c34594a96
SSDEEP

12288:a2iwiiMCHSlJE9qfIfgzBzh313RLRLpPzuqjTpk4S/dBTEZmZ5mL2:aRCH8JE9kpS1BTEZmWq

Score

1^/10

Malware Config

Signatures

Files

4b8340dabe0180229fc8f40ae5527409_JaffaCakes118
.exe windows:5 windows x86 arch:x86

50650b42958f55599974578d96378425

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:cd:d3:18:7d:24:ef:e0:55:53:72:ef:da:7c:2a:f1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/11/2013, 00:00

Not After

27/01/2015, 23:59

Subject

CN=Industrial and Commercial Bank of China Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Software Development Center,O=Industrial and Commercial Bank of China Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b7:d1:44:6d:4d:ca:45:b8:c2:66:eb:be:7d:ed:ea:5f:7f:12:83:b6
Signer

Actual PE Digest

b7:d1:44:6d:4d:ca:45:b8:c2:66:eb:be:7d:ed:ea:5f:7f:12:83:b6

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\new code\AntiFishing\ICBC_WIN32\IcbcDaemon2K.pdb

Imports

kernel32

FindClose
CreateFileW
WriteFile
FlushFileBuffers
ExpandEnvironmentStringsW
SearchPathW
GetFileAttributesW
LocalFree
WaitForSingleObject
SetErrorMode
LoadLibraryExW
GetModuleHandleW
CreateToolhelp32Snapshot
Process32FirstW
lstrcmpiW
Process32NextW
Sleep
GetLocalTime
GetFileSizeEx
ReadFile
CreateFileA
SetFilePointer
CreateDirectoryW
FindNextFileW
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
SetFileTime
SetLastError
FileTimeToSystemTime
GetFileInformationByHandle
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
DeleteCriticalSection
GetSystemTimeAsFileTime
MoveFileW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FindFirstFileW
FreeLibrary
GetProcAddress
GetModuleFileNameW
LeaveCriticalSection
GetTickCount
OutputDebugStringW
EnterCriticalSection
InitializeCriticalSection
FindResourceExW
FindResourceW
LoadResource
LockResource
ExitThread
SizeofResource
SetEvent
CreateEventW
DeleteFileW
UnmapViewOfFile
MapViewOfFile
CloseHandle
CreateFileMappingW
GetFileSize
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GetLastError
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
CreateThread
ResumeThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
OpenProcess
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
RtlUnwind
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
LCMapStringA
HeapCreate
VirtualFree
VirtualAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringW
GetTimeFormatA
GetDateFormatA
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount

user32

GetDesktopWindow
wsprintfW
GetSystemMetrics

advapi32

CryptDestroyHash
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
QueryServiceStatus
DeleteService
ControlService
RegCreateKeyW
StartServiceW
CreateServiceW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
DeregisterEventSource
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
LookupAccountSidW
GetTokenInformation
OpenProcessToken
LookupAccountNameW
CryptDecrypt
CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextW
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

ole32

OleUninitialize
CoCreateGuid
CoTaskMemFree
CoCreateInstance
CoInitialize
OleInitialize

shell32

SHGetFolderPathW

oleaut32

SysStringLen
SysAllocStringByteLen
SysFreeString
SysStringByteLen
VariantCopy
SysAllocStringLen
VarUdateFromDate
VariantInit
VariantChangeType
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
VariantClear

shlwapi

SHDeleteKeyW
SHDeleteValueW
PathFindFileNameW
PathAppendW
SHCopyKeyW

urlmon

FindMimeFromData

wininet

InternetCloseHandle
HttpOpenRequestA
InternetOpenUrlW
InternetReadFile
InternetSetOptionW
HttpQueryInfoW
HttpSendRequestExW
HttpSendRequestW
InternetConnectW
InternetOpenW
HttpEndRequestW
InternetWriteFile
HttpAddRequestHeadersA

Sections

.text
Size: 410KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

50650b42958f55599974578d96378425

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

5b:cd:d3:18:7d:24:ef:e0:55:53:72:ef:da:7c:2a:f1Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

b7:d1:44:6d:4d:ca:45:b8:c2:66:eb:be:7d:ed:ea:5f:7f:12:83:b6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

urlmon

wininet

Sections

.text Size: 410KB - Virtual size: 409KB

.rdata Size: 131KB - Virtual size: 131KB

.data Size: 81KB - Virtual size: 84KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

5b:cd:d3:18:7d:24:ef:e0:55:53:72:ef:da:7c:2a:f1
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

b7:d1:44:6d:4d:ca:45:b8:c2:66:eb:be:7d:ed:ea:5f:7f:12:83:b6
Signer

.text
Size: 410KB - Virtual size: 409KB

.rdata
Size: 131KB - Virtual size: 131KB

.data
Size: 81KB - Virtual size: 84KB