7a92f640816a85c1768c32edf4452f84_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7a92f640816a85c1768c32edf4452f84_JaffaCakes118
Size

1.3MB
MD5

7a92f640816a85c1768c32edf4452f84
SHA1

abe37aa1b995fddf7446c451d0559a2397249d95
SHA256

e2565d3953fe6d9376a8e534144f26f3cd4c879836e067bceceb57107f19853a
SHA512

48b6d93357c3abd93aa62d920c5c718f532b1bf77027759d90039d27695b64c33148ae79ead706042cc53b14ebef49d8f1d1ab22087f4152d9582e89366fdcd9
SSDEEP

24576:njviw/2ynKJKOL1Sc1FRyvMz2GpLa0JtGADAhgjT2kZgEgGH:nTl/y4Ox3a0FbTrZgS

Score

1^/10

Malware Config

Signatures

Files

7a92f640816a85c1768c32edf4452f84_JaffaCakes118
.exe windows:5 windows x86 arch:x86

535da28adc0e7d4f6e55b7e328efc891

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4c:6d:7b:5e:a2:89:c2:74:42:64:34:e6:5b:41:7a:ba
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/02/2017, 00:00

Not After

19/03/2019, 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:3d:c0:c1:2d:50:e6:bd:31:c1:66:38:47:51:1d:e4
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/02/2017, 00:00

Not After

14/03/2020, 23:59

Subject

CN=Beijing Kingsoft Security software Co.\,Ltd,OU=IT,O=Beijing Kingsoft Security software Co.\,Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ad:0d:a2:29:01:37:92:88:f4:40:71:a3:63:81:17:15:82:e8:e2:6d:64:4f:2f:75:6e:49:22:14:ae:52:6c:87
Signer

Actual PE Digest

ad:0d:a2:29:01:37:92:88:f4:40:71:a3:63:81:17:15:82:e8:e2:6d:64:4f:2f:75:6e:49:22:14:ae:52:6c:87

Digest Algorithm

sha256

PE Digest Matches

true

59:b0:71:a9:af:ce:f6:fe:18:1f:a4:6f:f0:5f:87:cc:70:b0:ab:5e
Signer

Actual PE Digest

59:b0:71:a9:af:ce:f6:fe:18:1f:a4:6f:f0:5f:87:cc:70:b0:ab:5e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\liebao_src_pool\release.b57_stable_8003\src_import\build\Release\ManualUpgrade.pdb

Imports

gdiplus

GdipImageGetFrameDimensionsCount
GdipSetStringFormatLineAlign
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipImageSelectActiveFrame
GdipDrawImageI
GdiplusShutdown
GdipSetSolidFillColor
GdipGetFamily
GdipDrawImage
GdipGetImagePixelFormat
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteFont
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree
GdipDeleteGraphics
GdipCreateFromHDC
GdipGraphicsClear
GdipSetClipRectI
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRectI
GdiplusStartup
GdipImageGetFrameDimensionsList
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipCreateStringFormat
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipDrawString
GdipSetTextRenderingHint
GdipMeasureString
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawImageRectI
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipRestoreGraphics
GdipTranslateWorldTransform
GdipSaveGraphics
GdipLoadImageFromStream
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipCreateFont

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

kernel32

GetStringTypeW
EncodePointer
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
IsProcessorFeaturePresent
lstrlenW
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
HeapFree
SetLastError
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
GetVersionExW
HeapSize
GetLastError
HeapReAlloc
CloseHandle
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
LocalFree
DeleteCriticalSection
GetProcessHeap
GetModuleHandleW
FlushInstructionCache
CreateDirectoryW
SizeofResource
FindFirstFileW
FindNextFileW
RemoveDirectoryW
GetModuleFileNameW
FindClose
GetFileAttributesW
LockResource
DeleteFileW
FindResourceExW
LoadResource
FindResourceW
CopyFileW
GetPrivateProfileStringW
GetLocalTime
EnterCriticalSection
InterlockedDecrement
LeaveCriticalSection
GetCurrentThreadId
GlobalAlloc
GlobalLock
InterlockedIncrement
GlobalUnlock
lstrcmpW
MulDiv
CreateEventW
SetEvent
ResetEvent
Sleep
WriteFile
CreateMutexW
CreateFileW
MultiByteToWideChar
lstrcmpiW
LoadLibraryExW
GetPrivateProfileIntW
SetErrorMode
WaitForSingleObject
GetPrivateProfileSectionNamesW
WaitForMultipleObjects
CreateProcessW
GetTickCount
GetFullPathNameW
GetLongPathNameW
SetFileAttributesW
ReadFile
GetNativeSystemInfo
OutputDebugStringA
GetCurrentDirectoryW
GetStartupInfoW
FormatMessageA
GetVolumeInformationW
UnmapViewOfFile
MoveFileExW
ReplaceFileW
GetTempFileNameW
MapViewOfFile
MoveFileW
SetThreadPriority
DuplicateHandle
GetCurrentThread
GetThreadPriority
CreateThread
IsDebuggerPresent
GetCommandLineW
WideCharToMultiByte
TerminateProcess
OpenProcess
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
SetHandleInformation
GetStdHandle
AssignProcessToJobObject
ResumeThread
FindFirstFileExW
QueryPerformanceFrequency
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetUserDefaultLangID
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetModuleHandleExW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
VirtualFree
VirtualAlloc
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
GetDiskFreeSpaceExW
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
InitializeCriticalSection
DeleteFileA
ReleaseMutex
CreateMutexA
GetModuleFileNameA
CreateFileMappingA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetTempPathA
GetComputerNameA
GetFileType
InitializeSListHead
OutputDebugStringW
InterlockedPopEntrySList
InterlockedPushEntrySList
LoadLibraryExA
RtlUnwind
ExitThread
FreeLibraryAndExitThread
GetConsoleCP
GetConsoleMode
SetStdHandle
ExitProcess
ReadConsoleW
GetDriveTypeW
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
WriteConsoleW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentProcessId

user32

RegisterClassExW
IsWindow
InvalidateRgn
RedrawWindow
ClientToScreen
DestroyAcceleratorTable
IsChild
GetSysColor
MoveWindow
CreateAcceleratorTableW
SetFocus
CharNextW
LoadCursorW
GetClassNameW
SetWindowTextW
SetWindowLongW
GetClientRect
GetDlgItem
GetDesktopWindow
GetClassInfoExW
GetParent
RegisterWindowMessageW
ReleaseCapture
InvalidateRect
ReleaseDC
BeginPaint
EndPaint
GetWindowTextW
UnregisterClassW
SendMessageW
ScreenToClient
CreateWindowExW
FillRect
SetActiveWindow
BringWindowToTop
EnableWindow
SetCursor
MessageBoxW
wsprintfW
CreateDialogParamW
GetCursorPos
UpdateLayeredWindow
OffsetRect
GetWindowPlacement
IsIconic
GetWindowDC
GetSystemMetrics
LoadImageW
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
MapWindowPoints
PostMessageW
SetTimer
MsgWaitForMultipleObjectsEx
CallMsgFilterW
GetQueueStatus
KillTimer
PostQuitMessage
ExitWindowsEx
GetMessageW
DispatchMessageW
PeekMessageW
TranslateMessage
ShowWindow
GetWindowLongW
GetWindowTextLengthW
DefWindowProcW
CallWindowProcW
GetWindow
GetFocus
DestroyWindow
GetDC
SetCapture
SetWindowPos

gdi32

BitBlt
CreateCompatibleBitmap
CreateDIBSection
GetObjectA
DeleteObject
SelectObject
CreateCompatibleDC
GetStockObject
GetDeviceCaps
DeleteDC
GetObjectW
CreateSolidBrush

advapi32

RegCreateKeyExW
CreateProcessAsUserW
RegQueryInfoKeyW
RegDeleteValueW
RegQueryValueExW
LookupPrivilegeValueW
RegOpenKeyExW
OpenProcessToken
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
RegCloseKey
AdjustTokenPrivileges

shell32

SHGetFolderPathW
CommandLineToArgvW

ole32

CoCreateInstance
CoGetClassObject
OleUninitialize
CoTaskMemAlloc
StringFromGUID2
CLSIDFromProgID
CoTaskMemFree
CreateStreamOnHGlobal
OleInitialize
CLSIDFromString
OleLockRunning
CoInitialize
CoUninitialize
CoTaskMemRealloc
CoGetMalloc
CoInitializeEx
CoCreateGuid

oleaut32

VarUI4FromStr
LoadRegTypeLi
VariantInit
LoadTypeLi
OleCreateFontIndirect
SysAllocStringByteLen
SysAllocString
SysStringLen
SysAllocStringLen
VariantClear
SysFreeString
SysStringByteLen

shlwapi

ord12
PathFindFileNameA
PathRemoveFileSpecW
SHSetValueW
PathAppendW
PathFileExistsW
SHGetValueW
PathRemoveBackslashW
SHSetValueA
SHGetValueA
PathRemoveFileSpecA

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

comctl32

_TrackMouseEvent
InitCommonControlsEx

iphlpapi

GetAdaptersInfo

winhttp

WinHttpReadData
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpConnect
WinHttpOpen
WinHttpReceiveResponse
WinHttpQueryHeaders

ws2_32

WSACleanup
WSAStartup
inet_addr

version

GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoSizeW
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeA

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 769KB - Virtual size: 769KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

535da28adc0e7d4f6e55b7e328efc891

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4c:6d:7b:5e:a2:89:c2:74:42:64:34:e6:5b:41:7a:baCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

07:3d:c0:c1:2d:50:e6:bd:31:c1:66:38:47:51:1d:e4Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

ad:0d:a2:29:01:37:92:88:f4:40:71:a3:63:81:17:15:82:e8:e2:6d:64:4f:2f:75:6e:49:22:14:ae:52:6c:87Signer

59:b0:71:a9:af:ce:f6:fe:18:1f:a4:6f:f0:5f:87:cc:70:b0:ab:5eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

winmm

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

comctl32

iphlpapi

winhttp

ws2_32

version

Exports

Exports

Sections

.text Size: 769KB - Virtual size: 769KB

.rdata Size: 285KB - Virtual size: 285KB

.data Size: 13KB - Virtual size: 25KB

.gfids Size: 1KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 197KB - Virtual size: 196KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4c:6d:7b:5e:a2:89:c2:74:42:64:34:e6:5b:41:7a:ba
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

07:3d:c0:c1:2d:50:e6:bd:31:c1:66:38:47:51:1d:e4
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

ad:0d:a2:29:01:37:92:88:f4:40:71:a3:63:81:17:15:82:e8:e2:6d:64:4f:2f:75:6e:49:22:14:ae:52:6c:87
Signer

59:b0:71:a9:af:ce:f6:fe:18:1f:a4:6f:f0:5f:87:cc:70:b0:ab:5e
Signer

.text
Size: 769KB - Virtual size: 769KB

.rdata
Size: 285KB - Virtual size: 285KB

.data
Size: 13KB - Virtual size: 25KB

.gfids
Size: 1KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 197KB - Virtual size: 196KB