7fd9969e86e9d12f3af9b97d746183ce_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7fd9969e86e9d12f3af9b97d746183ce_JaffaCakes118
Size

4.4MB
MD5

7fd9969e86e9d12f3af9b97d746183ce
SHA1

c31ab342d039ea618fe29fba44a04530f85a13c2
SHA256

37d210866fd2719e4f1d3536781795b1677edebd716d288dde25547835f68723
SHA512

051cd7ca21a698bb941453e469a4a88c7c121b82fd90ebc976fea2b1eb4c45b488f448371a882a9f62a92a43bd1a18387f3067a35711f48e7752ea55e19d1703
SSDEEP

98304:+5REiyLZ2W8dYXp3ydkYz3MxZvkRxWtflytx:+5REifGYiZsRxWtYn

Score

1^/10

Malware Config

Signatures

Files

7fd9969e86e9d12f3af9b97d746183ce_JaffaCakes118
.exe windows:5 windows x86 arch:x86

df6cbdd866eea34f19b8f25eb774c33a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1a:eb:55:8c:95:a6:ae:78:84:89:0b:41:90:e6:80:c3
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

13/05/2019, 00:00

Not After

11/07/2020, 23:59

Subject

CN=(주)호넷,OU=IT Team,O=(주)호넷,L=Geumcheon-gu,ST=SEOUL,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\work\svn_local\svn_local\웹하드\filehon_new_Multi\src\Client\Up\Release\Up.pdb

Imports

shell32

DragFinish
DragQueryFileA
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHAppBarMessage
SHGetFileInfoA
ShellExecuteA
Shell_NotifyIconA
SHGetSpecialFolderPathA
ShellExecuteExA

kernel32

IsProcessorFeaturePresent
IsValidCodePage
GetStdHandle
GetTimeZoneInformation
GetStringTypeW
GetConsoleCP
GetConsoleMode
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetDriveTypeW
CompareStringW
IsDebuggerPresent
WriteConsoleW
GetCurrentDirectoryW
CreateFileW
GetProcessHeap
SetEnvironmentVariableA
GetFileType
SetStdHandle
HeapSize
HeapQueryInformation
ExitProcess
HeapReAlloc
VirtualQuery
VirtualAlloc
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSetInformation
GetLastError
FindResourceW
SizeofResource
LockResource
LoadResource
WideCharToMultiByte
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
SetLastError
CloseHandle
WaitForSingleObject
CreateRemoteThread
GetExitCodeProcess
DuplicateHandle
GetCurrentProcess
GetModuleHandleA
DeleteFileA
CreateFileA
GetDiskFreeSpaceExA
FindClose
FindFirstFileA
CreateDirectoryA
GetVolumeInformationA
GetCurrentThreadId
lstrcpyA
lstrcmpA
GetDiskFreeSpaceA
GetDriveTypeA
GetLogicalDriveStringsA
GetModuleFileNameA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
OutputDebugStringA
MultiByteToWideChar
lstrlenA
InterlockedDecrement
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcpynA
VirtualFreeEx
CreateThread
ExitThread
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
FindFirstFileExA
DecodePointer
EncodePointer
RaiseException
RtlUnwind
FindResourceExW
VirtualProtect
SearchPathA
GetProfileIntA
GetNumberFormatA
GetWindowsDirectoryA
GetTempPathA
GetCurrentDirectoryA
GetTempFileNameA
GetACP
GetSystemDirectoryW
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
ReadProcessMemory
TerminateProcess
VirtualAllocEx
InterlockedIncrement
GetFileTime
GetFileSizeEx
GetFileAttributesA
GetFileAttributesExA
SetErrorMode
LocalAlloc
ResumeThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoA
LoadLibraryExA
GetModuleHandleW
InterlockedExchange
GetCurrentProcessId
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
InitializeCriticalSectionAndSpinCount
LoadLibraryW
lstrcmpW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
CopyFileA
GlobalSize
FormatMessageA
GetFullPathNameA
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
ActivateActCtx
DeactivateActCtx
lstrcmpiA
GetThreadLocale
lstrlenW
LocalFree
FindResourceA
GetUserDefaultLangID
FreeResource
GetCommandLineA
CreateMutexA
GetExitCodeThread
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThread
SetThreadPriority
ReadFile
SetEvent
SetFilePointer
CreateEventA
TerminateThread
Sleep
GetTickCount
OpenProcess

user32

CopyIcon
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetUpdateRect
FrameRect
IsClipboardFormatAvailable
WaitMessage
PostThreadMessageA
CreateMenu
IsMenu
UpdateLayeredWindow
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
DefFrameProcA
UnionRect
RegisterClipboardFormatA
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
LockWindowUpdate
SetCursorPos
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawStateA
GetSystemMenu
SetClassLongA
GetAsyncKeyState
NotifyWinEvent
DestroyAcceleratorTable
SetParent
IsZoomed
MessageBeep
GetNextDlgGroupItem
DeleteMenu
CharNextA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
BringWindowToTop
TranslateAcceleratorA
InvalidateRgn
CopyAcceleratorTableA
UnregisterClassA
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
RealChildWindowFromPoint
LoadCursorA
GetSysColorBrush
GetMenuItemInfoA
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
GetMessageA
TranslateMessage
PostQuitMessage
MapVirtualKeyA
GetKeyNameTextA
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
LoadCursorW
DrawIcon
SystemParametersInfoA
IsRectEmpty
IsIconic
IntersectRect
EndPaint
CharUpperBuffA
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
MoveWindow
SetWindowTextA
IsDialogMessageA
CheckDlgButton
SendDlgItemMessageA
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
ScrollWindow
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
ExitWindowsEx
SetWindowPos
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
IsWindowVisible
ValidateRect
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcA
GetMenu
GetWindow
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetKeyState
IsWindowEnabled
GetMenuState
GetMenuStringA
GetMenuItemID
InsertMenuA
GetMenuItemCount
RemoveMenu
CharUpperA
LoadIconW
ScreenToClient
GetDoubleClickTime
MapVirtualKeyExA
SubtractRect
DestroyCursor
GetWindowRgn
BeginPaint
GetForegroundWindow
FindWindowA
MessageBoxA
LoadIconA
ShowWindow
SendMessageA
SetTimer
DestroyMenu
TrackPopupMenu
GetCursorPos
SetMenuDefaultItem
AppendMenuA
CreatePopupMenu
KillTimer
CloseWindow
GetSystemMetrics
GetSysColor
ReleaseCapture
DrawIconEx
GetIconInfo
IsCharLowerA
LoadImageA
DestroyIcon
CopyRect
PtInRect
InflateRect
OffsetRect
GetClientRect
ClientToScreen
InvalidateRect
GetCapture
SetCapture
WindowFromPoint
EnableWindow
SetCursor
UpdateWindow
RedrawWindow
CallWindowProcA
SetWindowLongA
IsWindow
GetWindowRect
GetParent
SetRect
LoadBitmapW
GetDC
ReleaseDC
GetActiveWindow
GetWindowLongA
SetWindowRgn
PostMessageA
FillRect
GetClassNameA
EnumChildWindows
MapWindowPoints
RegisterWindowMessageA
keybd_event
GetClassInfoA
ReplyMessage
GetSubMenu
LoadMenuW

gdi32

GetLayout
SetLayout
SelectClipRgn
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
GetObjectType
CreateHatchBrush
CreateRectRgnIndirect
SetRectRgn
PatBlt
CreateEllipticRgn
LPtoDP
Ellipse
CreateDIBitmap
GetTextMetricsA
SetTextAlign
GetTextCharsetInfo
GetRgnBox
GetBkColor
GetTextColor
CreateRoundRectRgn
CreatePolygonRgn
Polyline
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
SetPixel
EnumFontFamiliesExA
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetTextFaceA
SetPixelV
LineTo
MoveToEx
IntersectClipRect
ExcludeClipRect
GetClipBox
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
SetTextColor
CopyMetaFileA
CreateDCA
GetPixel
CreateRectRgn
CreateFontA
GetDeviceCaps
CreatePen
CreateDIBSection
ExtCreateRegion
CombineRgn
StretchBlt
CreateCompatibleDC
DeleteObject
CreateSolidBrush
GetStockObject
GetObjectA
GetTextExtentPoint32A
EnumFontFamiliesA
Rectangle
SelectObject
DPtoLP
CreateBitmap
CreateCompatibleBitmap
GetMapMode
SetMapMode
BitBlt
SetBkColor
DeleteDC
CreateFontIndirectA

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

LookupPrivilegeValueA
OpenProcessToken
RegConnectRegistryA
RegOpenKeyExA
RegEnumKeyA
RegEnumValueA
RegCloseKey
RegQueryInfoKeyA
RegQueryValueExA
RegEnumKeyExA
RegQueryValueA
AdjustTokenPrivileges
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA

comctl32

ord17
ImageList_GetIconSize

shlwapi

PathFindFileNameA
PathFindExtensionA
PathRemoveFileSpecW
PathIsUNCA
PathStripToRootA
PathGetArgsA
PathRemoveFileSpecA
StrFormatByteSize64A
UrlUnescapeA

ole32

OleUninitialize
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoInitialize
CLSIDFromProgID
OleDuplicateData
OleDraw
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
CoUninitialize
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
OleInitialize
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
CoRevokeClassObject
CoRegisterMessageFilter
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoInitializeEx
CoCreateGuid

oleaut32

SysAllocString
VariantChangeType
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantCopy
SysStringByteLen
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VarBstrFromDate
OleCreateFontIndirect
SysAllocStringByteLen
VariantClear
SysFreeString
SysAllocStringLen

oledlg

ord8

urlmon

URLDownloadToFileA

wsock32

WSAStartup
setsockopt
send
__WSAFDIsSet
socket
ioctlsocket
htons
connect
select
WSAGetLastError
closesocket
WSACleanup

ws2_32

WSASocketA
WSASend
WSARecv
WSAConnect
WSAWaitForMultipleEvents

gdiplus

GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipDrawImageI
GdipFree
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdiplusShutdown
GdipSetInterpolationMode
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdipCreateFromHDC

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wininet

InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
HttpAddRequestHeadersA
InternetGetLastResponseInfoA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetOpenUrlA
InternetQueryDataAvailable
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetCloseHandle
DeleteUrlCacheEntry

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmGetOpenStatus
ImmGetContext
ImmReleaseContext

winmm

PlaySoundA

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df6cbdd866eea34f19b8f25eb774c33a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1a:eb:55:8c:95:a6:ae:78:84:89:0b:41:90:e6:80:c3Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

ole32

oleaut32

oledlg

urlmon

wsock32

ws2_32

gdiplus

version

wininet

oleacc

imm32

winmm

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 324KB - Virtual size: 324KB

.data Size: 27KB - Virtual size: 58KB

.rsrc Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 187KB - Virtual size: 187KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1a:eb:55:8c:95:a6:ae:78:84:89:0b:41:90:e6:80:c3
Certificate

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 324KB - Virtual size: 324KB

.data
Size: 27KB - Virtual size: 58KB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 187KB - Virtual size: 187KB