5f87c1a10c35fbed35a7d085e6f4680b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5f87c1a10c35fbed35a7d085e6f4680b_JaffaCakes118
Size

3.0MB
MD5

5f87c1a10c35fbed35a7d085e6f4680b
SHA1

5f5b07792a0baacc768738ac82b80de19e56e660
SHA256

a8678ec3da42cea0cba4c362868a617e9f3f4b02db8b1590447baa5b1fbc038a
SHA512

e275a2aa5ae46e402abb1ff1e05ae156d77a99093297c5b05ddda9439f254f2e077f6c63ede8a5c581c0054ab1161d6b837b8c09cc8410f29ba63da5950b4635
SSDEEP

49152:p/41J0cwMAl8MzBGLTIzI8Roe3MARbOnwdwonsWzrufmsAYMmg:pQ1ScAZzBGIIeoetRGgsWahAYI

Score

1^/10

Malware Config

Signatures

Files

5f87c1a10c35fbed35a7d085e6f4680b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ff28a35fb45f1dfe7f42dc324870742e

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:42:dd:8a:7b:76:20:cd:41:1c:df:3d:73:91:a5:e9
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12/03/2019, 00:00

Not After

15/03/2021, 12:00

Subject

CN=Shanghai Hudun Information Technology Co.\, Ltd.,O=Shanghai Hudun Information Technology Co.\, Ltd.,L=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:42:dd:8a:7b:76:20:cd:41:1c:df:3d:73:91:a5:e9
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12/03/2019, 00:00

Not After

15/03/2021, 12:00

Subject

CN=Shanghai Hudun Information Technology Co.\, Ltd.,O=Shanghai Hudun Information Technology Co.\, Ltd.,L=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4f:5e:b0:ae:f4:60:f4:0e:23:5e:a2:15:5b:49:2f:e2:5d:fc:b2:57:ef:8c:0c:31:84:48:f6:f6:0e:21:02:82
Signer

Actual PE Digest

4f:5e:b0:ae:f4:60:f4:0e:23:5e:a2:15:5b:49:2f:e2:5d:fc:b2:57:ef:8c:0c:31:84:48:f6:f6:0e:21:02:82

Digest Algorithm

sha256

PE Digest Matches

true

d1:5b:8e:6d:25:94:3e:11:f2:cd:bf:0c:b7:a6:c3:a4:94:06:45:e8
Signer

Actual PE Digest

d1:5b:8e:6d:25:94:3e:11:f2:cd:bf:0c:b7:a6:c3:a4:94:06:45:e8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Work\NewInstallWork\Installer\src\Release\Installer.pdb

Imports

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindNextFileW
FindFirstFileExW
FindClose
GetFullPathNameW
SetStdHandle
FlushFileBuffers
GetFileAttributesExW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetOEMCP
IsValidCodePage
GetConsoleCP
ReadConsoleW
GetConsoleMode
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
SetFilePointerEx
GetModuleHandleExW
ExitThread
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
GetExitCodeProcess
IsProcessorFeaturePresent
TerminateProcess
SetEnvironmentVariableA
WaitForSingleObjectEx
ResetEvent
SetEvent
GetLocaleInfoW
LCMapStringW
CompareStringW
CreateEventW
QueryPerformanceCounter
GetCPInfo
GetCurrentThreadId
TryEnterCriticalSection
GetStringTypeW
WriteConsoleW
SetEndOfFile
GetVersionExW
CreateFileA
GlobalUnlock
GlobalLock
GlobalAlloc
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
GetThreadLocale
lstrcmpiW
WideCharToMultiByte
CreateDirectoryW
DosDateTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFilePointer
GetFileType
MulDiv
CreateFileW
GetFileSize
GetCurrentDirectoryW
GetTickCount
FindResourceW
SizeofResource
LoadResource
ExitProcess
LockResource
FreeResource
MultiByteToWideChar
GetACP
GetCommandLineW
LoadLibraryW
SetDllDirectoryW
GetProcAddress
GetModuleHandleW
GetSystemDirectoryW
ReleaseMutex
GetTempPathW
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
DecodePointer
LocalFree
OutputDebugStringW
ExpandEnvironmentStringsA
WaitForMultipleObjects
PeekNamedPipe
GetStdHandle
VerifyVersionInfoA
GetModuleHandleA
GetSystemDirectoryA
VerSetConditionMask
SleepEx
FormatMessageA
GetSystemTimeAsFileTime
InitializeCriticalSection
GetPrivateProfileStringA
WritePrivateProfileStringA
GetSystemInfo
LoadLibraryA
GetModuleFileNameA
GetShortPathNameA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
InterlockedPushEntrySList
SetLastError
RaiseException
CloseHandle
CreateProcessW
GetCurrentProcess
DuplicateHandle
CreatePipe
Sleep
GetModuleFileNameW
RtlUnwind
EncodePointer
GetLastError
CreateMutexW
GetLocalTime
UnhandledExceptionFilter
WritePrivateProfileStringW
WriteFile
SetUnhandledExceptionFilter
ReadFile
CreateThread
WaitForSingleObject
GetPrivateProfileStringW
IsDebuggerPresent

user32

GetMessageW
TranslateMessage
DispatchMessageW
SendMessageW
PostMessageW
DefWindowProcW
PostQuitMessage
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
ShowWindow
SetWindowPos
IsIconic
SetFocus
EnableWindow
GetSystemMetrics
SetPropW
GetPropW
GetDC
GetWindowRect
GetParent
GetWindow
LoadCursorW
LoadImageW
MonitorFromWindow
GetMonitorInfoW
wvsprintfW
SetCursor
UnionRect
OffsetRect
DestroyWindow
MoveWindow
GetWindowRgn
SetTimer
KillTimer
MessageBoxW
IsWindow
SetWindowLongW
GetWindowTextW
CreateAcceleratorTableW
SetWindowTextW
GetSysColor
ClientToScreen
GetCaretPos
SetCaretPos
IsZoomed
SetWindowRgn
ShowCaret
GetWindowTextLengthW
GetWindowLongW
GetGUIThreadInfo
HideCaret
GetCaretBlinkTime
ScreenToClient
IsWindowVisible
InvalidateRgn
GetClientRect
CharNextW
GetActiveWindow
GetFocus
GetKeyState
SetCapture
ReleaseCapture
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetCursorPos
MapWindowPoints
IntersectRect
IsRectEmpty
PtInRect
CharPrevW
DrawTextW
FillRect
SetRect
CreateCaret

gdi32

CreateSolidBrush
CreateRectRgn
DeleteDC
DeleteObject
CreatePatternBrush
GetDeviceCaps
GdiFlush
ExtTextOutW
TextOutW
MoveToEx
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
RoundRect
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateCompatibleDC
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
GetObjectA
SetWindowOrgEx
GetObjectW
GetTextMetricsW
SaveDC
RestoreDC
Rectangle
GetStockObject
CreatePen
CreateFontIndirectW
CreateCompatibleBitmap
BitBlt
CreateRoundRectRgn
CreateDIBSection
SelectObject
PtInRegion

shell32

CommandLineToArgvW
SHBrowseForFolderW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetPathFromIDListA

ole32

CLSIDFromProgID
CoCreateGuid
CreateStreamOnHGlobal
OleLockRunning
CoInitialize
CLSIDFromString
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

ws2_32

WSAStartup
ioctlsocket
gethostname
htonl
ntohl
recvfrom
listen
accept
WSACleanup
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSAIoctl
getaddrinfo
freeaddrinfo
sendto

advapi32

CryptDestroyHash
CryptImportKey
CryptEncrypt
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
CryptDestroyKey

crypt32

CertFreeCertificateContext

wldap32

ord41
ord50
ord60
ord211
ord35
ord46
ord22
ord26
ord27
ord32
ord33
ord301
ord200
ord30
ord79
ord143

gdiplus

GdipFree
GdipDisposeImage
GdipAlloc
GdipCloneImage
GdipGetImageWidth
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipLoadImageFromStream
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipGetFamily
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDeleteFontFamily
GdipDrawImage
GdipGraphicsClear
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipCreateFromHDC
GdipCreateLineBrushI
GdipDeleteBrush
GdipCloneBrush
GdiplusShutdown
GdiplusStartup
GdipDrawImageRectI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImageHeight

shlwapi

StrCmpW
PathFileExistsW
PathRemoveFileSpecW
PathStripPathW

wininet

FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW
FindCloseUrlCache

urlmon

URLDownloadToFileW

winmm

timeGetTime

comctl32

_TrackMouseEvent
ord17

imm32

ImmSetCompositionWindow
ImmSetCompositionFontW
ImmGetContext
ImmReleaseContext

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff28a35fb45f1dfe7f42dc324870742e

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0a:42:dd:8a:7b:76:20:cd:41:1c:df:3d:73:91:a5:e9Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0a:42:dd:8a:7b:76:20:cd:41:1c:df:3d:73:91:a5:e9Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

4f:5e:b0:ae:f4:60:f4:0e:23:5e:a2:15:5b:49:2f:e2:5d:fc:b2:57:ef:8c:0c:31:84:48:f6:f6:0e:21:02:82Signer

d1:5b:8e:6d:25:94:3e:11:f2:cd:bf:0c:b7:a6:c3:a4:94:06:45:e8Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

ws2_32

advapi32

crypt32

wldap32

gdiplus

shlwapi

wininet

urlmon

winmm

comctl32

imm32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 240KB - Virtual size: 240KB

.data Size: 14KB - Virtual size: 36KB

.gfids Size: 3KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 512B - Virtual size: 32B

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 54KB - Virtual size: 54KB

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:42:dd:8a:7b:76:20:cd:41:1c:df:3d:73:91:a5:e9
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:42:dd:8a:7b:76:20:cd:41:1c:df:3d:73:91:a5:e9
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

4f:5e:b0:ae:f4:60:f4:0e:23:5e:a2:15:5b:49:2f:e2:5d:fc:b2:57:ef:8c:0c:31:84:48:f6:f6:0e:21:02:82
Signer

d1:5b:8e:6d:25:94:3e:11:f2:cd:bf:0c:b7:a6:c3:a4:94:06:45:e8
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 240KB - Virtual size: 240KB

.data
Size: 14KB - Virtual size: 36KB

.gfids
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 32B

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 54KB - Virtual size: 54KB