73f881ee7e45335e7b0a85de8b0da852_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

73f881ee7e45335e7b0a85de8b0da852_JaffaCakes118
Size

144KB
MD5

73f881ee7e45335e7b0a85de8b0da852
SHA1

35c4d2d5e3607516539d7acb98a238d648a273f4
SHA256

b55384291b1acad5ebecc3092e0b85e9a9e654def149e21aa75bd5ad4ff4857f
SHA512

0bcab77b63ca92513298a9d85e61fb49e3d2fffb9db38c218736dfe0b3f687c32386fb18404d11a66916f7cda7c7447ed823e4a6c2c7ffe3b79b50c5ca493bf8
SSDEEP

3072:CstpEsNBMfzbHoC7nHnp2TuK34HT15hyVh/GzVePSbgRzVeOlP3zuO:FEGyHHoCrHpw4HTDhYh/G6R/v

Score

1^/10

Malware Config

Signatures

Files

73f881ee7e45335e7b0a85de8b0da852_JaffaCakes118
.exe windows:5 windows x64 arch:x64

5f008dc411555eb6b416c075a6dde312

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:d2:d3:0e:26:0f:c2:89:cf:af:11:51:8f:2c:d3:6f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

15/12/2015, 00:00

Not After

06/02/2018, 23:59

Subject

CN=BeiJing Baidu Netcom Science Technology Co.\, Ltd,OU=\ Engineering Excellence,O=BeiJing Baidu Netcom Science Technology Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a2:6d:7c:79:60:37:91:96:21:de:06:9d:cb:74:85:f1:4a:c3:32:c1
Signer

Actual PE Digest

a2:6d:7c:79:60:37:91:96:21:de:06:9d:cb:74:85:f1:4a:c3:32:c1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\jenkins\workspace\minibaidu_tag_20160121_2.3.0_Normal\Basic\Output\Obj\Release\Exe\BrowserClient\MiniInjectX64\BDDockerX64.pdb

Imports

shlwapi

PathRemoveFileSpecW

kernel32

WideCharToMultiByte
LeaveCriticalSection
MultiByteToWideChar
GetLastError
SetLastError
EnterCriticalSection
GetLocalTime
GetModuleFileNameA
OpenFileMappingW
OpenEventW
DeleteCriticalSection
GetCurrentThreadId
OutputDebugStringA
CloseHandle
GetCurrentProcessId
GetCurrentProcess
WaitForSingleObject
OutputDebugStringW
CreateRemoteThread
OpenProcess
VirtualFreeEx
GetModuleFileNameW
GetProcAddress
VirtualAllocEx
GetExitCodeThread
Module32FirstW
InitializeCriticalSection
lstrcmpiW
CreateToolhelp32Snapshot
Module32NextW
WriteProcessMemory
ReadFile
GetProcessHeap
SetEndOfFile
LCMapStringW
LoadLibraryW
HeapReAlloc
SetStdHandle
WriteConsoleW
SetFilePointer
CreateFileA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapCreate
GetVersion
HeapSetInformation
GetFileType
SetHandleCount
GetModuleHandleW
SetEvent
UnmapViewOfFile
MapViewOfFile
IsValidLocale
GetSystemInfo
CreateFileW
EnumSystemLocalesA
GetEnvironmentStringsW
FreeEnvironmentStringsW
EncodePointer
DecodePointer
GetCommandLineA
GetStartupInfoW
RaiseException
RtlPcToFileHeader
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapAlloc
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
Sleep
HeapSize
ExitProcess
GetStdHandle
GetLocaleInfoW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
GetUserDefaultLCID
GetLocaleInfoA
GetStringTypeW

user32

FindWindowExW
IsWindow
DestroyWindow
GetMessageW
PostQuitMessage
PostMessageW
LoadCursorW
FindWindowW
wsprintfW
TranslateMessage
ShowWindow
SendMessageTimeoutW
CreateWindowExW
RegisterClassW
SendMessageW
UpdateWindow
DefWindowProcW
GetWindowThreadProcessId
DispatchMessageW
FindWindowA

advapi32

LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
AdjustTokenPrivileges

ole32

CoInitialize
CoUninitialize

Exports

Exports

?OutputDebugHex@Log@Base@@YAXHPEBDH0PEBEI@Z
?OutputDebugInfo@Log@Base@@YAXHPEBDH0ZZ
?OutputDebugInfo@Log@Base@@YAXHPEBDHPEB_WZZ
?OutputDebugInfoEx@Log@Base@@YAXHPEBD0IH0ZZ
?OutputDebugInfoEx@Log@Base@@YAXHPEBD0IHPEB_WZZ
?SetLogFileName@Log@Base@@YAXPEBD@Z
?SetLogFileName@Log@Base@@YAXPEB_W@Z
?SetLogProcID@Log@Base@@YAXH@Z

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f008dc411555eb6b416c075a6dde312

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

1f:d2:d3:0e:26:0f:c2:89:cf:af:11:51:8f:2c:d3:6fCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

a2:6d:7c:79:60:37:91:96:21:de:06:9d:cb:74:85:f1:4a:c3:32:c1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

advapi32

ole32

Exports

Exports

Sections

.text Size: 91KB - Virtual size: 91KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

1f:d2:d3:0e:26:0f:c2:89:cf:af:11:51:8f:2c:d3:6f
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

a2:6d:7c:79:60:37:91:96:21:de:06:9d:cb:74:85:f1:4a:c3:32:c1
Signer

.text
Size: 91KB - Virtual size: 91KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB