74115afffbde225b9cd44139fbf42fab_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

74115afffbde225b9cd44139fbf42fab_JaffaCakes118
Size

674KB
MD5

74115afffbde225b9cd44139fbf42fab
SHA1

4eddbb55a943271cb9d6b3d514687ceb3170b036
SHA256

2fdece7b17d7d3460de7f794207fc1125b29d3e90cf5009a1254a06f004ca773
SHA512

792995a74bee0ea49163c15a06f781e73327c4400fb658fa1f96ee4f006bd0961246a27e3258582d56602b0fb99f39aa35bac9c5b10801d5e952dd4329056983
SSDEEP

12288:eb3PyZkjH6a+Us40A4ruz4G0qgVXwB2MGsOINCSGAIOroG/Kn0:e7Zf4uz4G0qglwLPOoCSGApMyKn0

Score

1^/10

Malware Config

Signatures

Files

74115afffbde225b9cd44139fbf42fab_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b677551390e7bc33e667825293715030

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

3f:95:ff:61:a7:95:c3:d5:35:4b:d1:bb:9f:b1:0a:f6
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

11/03/2009, 00:00

Not After

10/03/2012, 23:59

Subject

CN=北京暴风网际科技有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=北京暴风网际科技有限公司,L=北京,ST=北京,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

b4:bf:51:9b:20:08:6f:24:4d:bf:94:a8:7c:d7:15:ec:ea:0f:cb:a3
Signer

Actual PE Digest

b4:bf:51:9b:20:08:6f:24:4d:bf:94:a8:7c:d7:15:ec:ea:0f:cb:a3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\workspace\MidAD\2.0\SRC\Release\mcntr.pdb

Imports

kernel32

WriteFile
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
Sleep
InterlockedDecrement
GetLastError
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetModuleHandleA
GetProcAddress
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
GetCommandLineA
GetCurrentThreadId
GetThreadLocale
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
GetSystemInfo
VirtualProtect
CreateThread
ExitThread
RaiseException
OpenMutexW
GetExitCodeProcess
IsBadReadPtr
EnumResourceTypesW
MulDiv
lstrcmpiA
IsBadWritePtr
OutputDebugStringW
VirtualQuery
CreateFileA
lstrcatA
OutputDebugStringA
lstrcpynA
lstrcpyA
GetTempPathW
GetPrivateProfileStringW
GetCurrentDirectoryW
LocalFileTimeToFileTime
GetTempFileNameW
LoadLibraryW
GetFileSize
SetFilePointer
ReadFile
SetFileTime
SystemTimeToFileTime
CreateProcessW
lstrlenW
LocalFree
lstrcpyW
GetLocalTime
GetVersionExW
GetFileAttributesW
lstrlenA
CloseHandle
WaitForSingleObject
CreateEventW
SetEvent
ResetEvent
CreateFileW
FindResourceW
SizeofResource
LoadResource
LockResource
FreeResource
FindClose
FindFirstFileW
GetModuleFileNameW
DeleteFileW
SetFileAttributesW
GetModuleHandleW
CreateDirectoryW

shlwapi

StrCmpIW
StrDupW
StrToIntW
PathFindFileNameW
PathAddBackslashW
StrNCatW
StrCmpNIW
PathFindExtensionW
StrCatW
PathRemoveFileSpecW
StrStrW
PathFileExistsW
StrCmpW
SHGetValueW
StrStrIA
PathAddBackslashA
PathRemoveBackslashW
StrCpyW
StrCpyNW
StrCmpNW
StrToIntExW
StrChrW
StrStrIW
StrRChrW
StrChrIW

wininet

InternetOpenA
InternetConnectA
InternetAttemptConnect
InternetCloseHandle
HttpOpenRequestA
HttpAddRequestHeadersA
InternetSetCookieA
HttpSendRequestW
HttpSendRequestA
HttpSendRequestExW
InternetWriteFile
HttpEndRequestW
InternetSetStatusCallbackW
HttpSendRequestExA

urlmon

RegisterBindStatusCallback
CreateURLMoniker

gdiplus

GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectI
GdipLoadImageFromFile
GdipLoadImageFromStream
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageWidth
GdipFree

ws2_32

getsockname
htonl
sendto
select
__WSAFDIsSet
recvfrom
ntohl
ntohs
setsockopt
htons
bind
closesocket
socket
WSAGetLastError
WSAStartup

user32

DestroyWindow
LoadIconW
RegisterClassExW
CreateWindowExW
SetWindowLongW
SendMessageW
GetWindowLongW
DefWindowProcW
IsWindow
GetDC
ReleaseDC
KillTimer
GetFocus
GetAncestor
SetFocus
GetDoubleClickTime
SetTimer
ClientToScreen
RegisterWindowMessageW
PostMessageW
ShowCursor
wsprintfW
PeekMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
MsgWaitForMultipleObjects
FillRect
SetRect
EqualRect
CopyRect
GetWindowDC
SetForegroundWindow
WaitForInputIdle
EnableWindow
ShowWindow
IsWindowVisible
SetWindowPos
InvalidateRect
MoveWindow
GetDesktopWindow
ScreenToClient
GetParent
GetWindowRect
GetClientRect

gdi32

GetDeviceCaps
DeleteDC
GetObjectW
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateSolidBrush
GetStockObject
BitBlt

advapi32

SetFileSecurityW
GetSecurityDescriptorControl
AddAccessAllowedAce
AddAce
EqualSid
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
LookupAccountNameW
GetFileSecurityW
InitializeSecurityDescriptor
GetAclInformation
GetLengthSid
InitializeAcl
GetAce

shell32

SHGetFolderPathA
ShellExecuteExW
ShellExecuteW
SHGetFolderPathW

ole32

CLSIDFromString
StringFromGUID2
OleDraw
CreateBindCtx
OleSetContainedObject
CreateStreamOnHGlobal
CoUninitialize
OleRun
CoCreateInstance
CoInitialize
CLSIDFromProgID

oleaut32

VariantClear
SysAllocString
SysFreeString
GetErrorInfo
VariantTimeToSystemTime
SysAllocStringLen
SystemTimeToVariantTime
VariantCopy
DispGetParam
SysStringLen
VariantInit

Exports

Exports

CreateMidADInstance

Sections

.text
Size: 392KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b677551390e7bc33e667825293715030

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

3f:95:ff:61:a7:95:c3:d5:35:4b:d1:bb:9f:b1:0a:f6Certificate

Extended Key Usages

Key Usages

b4:bf:51:9b:20:08:6f:24:4d:bf:94:a8:7c:d7:15:ec:ea:0f:cb:a3Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

shlwapi

wininet

urlmon

gdiplus

ws2_32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 392KB - Virtual size: 390KB

.rdata Size: 84KB - Virtual size: 82KB

.data Size: 80KB - Virtual size: 88KB

.rsrc Size: 72KB - Virtual size: 68KB

.reloc Size: 36KB - Virtual size: 33KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

3f:95:ff:61:a7:95:c3:d5:35:4b:d1:bb:9f:b1:0a:f6
Certificate

b4:bf:51:9b:20:08:6f:24:4d:bf:94:a8:7c:d7:15:ec:ea:0f:cb:a3
Signer

.text
Size: 392KB - Virtual size: 390KB

.rdata
Size: 84KB - Virtual size: 82KB

.data
Size: 80KB - Virtual size: 88KB

.rsrc
Size: 72KB - Virtual size: 68KB

.reloc
Size: 36KB - Virtual size: 33KB