82b6a40029481bb36b197297ecb6eb5e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

82b6a40029481bb36b197297ecb6eb5e_JaffaCakes118
Size

9.6MB
MD5

82b6a40029481bb36b197297ecb6eb5e
SHA1

4a938ddc3c1db9006eb0489e00ac4e3850972fce
SHA256

95eb986fd43f7253ec5c965bd61a34d7d90ff29f1bbe0f53fff59935de62f458
SHA512

aeff0e0c69618c51b13f64d4b3de70d5e484c22f0a05c3f08546dfb9db9461fb43f1831da8ca655cab27cce8f2a2c4768e6a6706487c54342e591ba8829c3c60
SSDEEP

196608:0WtLZpZ0iASo2wf64wgya1glN7iWhuUKgsP3k70Mnb1fzsIJx:rZh4w4wgyaC20Xsfk4Mnbp

Score

1^/10

Malware Config

Signatures

Files

82b6a40029481bb36b197297ecb6eb5e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

30fbaa470abf4ebd7038e38e82d03a33

Code Sign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:52:bb:b8:8a:77:1d:70:fe:94:e7:20:b3:bc:cb:5e
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

27/09/2018, 10:47

Not After

26/09/2020, 10:47

Subject

CN=昆山百诺信息科技有限公司,O=昆山百诺信息科技有限公司,L=苏州市,ST=江苏省,C=CN,1.2.840.113549.1.9.1=#0c1079756875696a756e403630322e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5f:d0:fa:6e:3e:36:fa:a4:5d:94:66:54:d4:0e:54:c1:05:7d:ae:05:a3:df:d7:38:40:3b:b2:11:81:bc:12:aa
Signer

Actual PE Digest

5f:d0:fa:6e:3e:36:fa:a4:5d:94:66:54:d4:0e:54:c1:05:7d:ae:05:a3:df:d7:38:40:3b:b2:11:81:bc:12:aa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\work\yxbox\trunk\bin\Win32\Release\build\leyoubox\yxtest.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

InternetQueryDataAvailable
InternetSetOptionExW
InternetQueryOptionW
InternetCanonicalizeUrlW
DeleteUrlCacheEntryW
GetUrlCacheEntryInfoW
InternetOpenW
InternetReadFile
InternetConnectW
HttpSendRequestW
HttpAddRequestHeadersW
HttpQueryInfoW
HttpOpenRequestW
InternetOpenUrlW
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetCloseHandle
InternetCrackUrlW

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExW
GetModuleBaseNameW

kernel32

LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetFileAttributesExW
DeleteCriticalSection
GetCurrentThreadId
OutputDebugStringA
GetVersionExA
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
SetFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
InterlockedDecrement
FileTimeToSystemTime
InterlockedIncrement
IsBadWritePtr
ResumeThread
SetEvent
CreateEventW
ExitThread
WaitForMultipleObjects
SetVolumeLabelW
MoveFileW
ReleaseSemaphore
CreateSemaphoreW
GetComputerNameW
GetVolumeInformationW
lstrcmpW
InterlockedExchange
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GlobalDeleteAtom
SetLastError
GlobalAddAtomW
FileTimeToLocalFileTime
LocalAlloc
HeapValidate
GetThreadLocale
DuplicateHandle
GetModuleHandleA
CompareStringW
GlobalFindAtomW
GlobalFlags
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetFileSizeEx
GetFileTime
SetErrorMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetConsoleCP
GetConsoleMode
GetFileType
SetStdHandle
RtlUnwind
RaiseException
VirtualProtect
VirtualAlloc
VirtualQuery
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
VirtualFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetDiskFreeSpaceW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetEnvironmentVariableA
GetCurrentDirectoryA
GetDriveTypeA
HeapCreate
GetFileAttributesA
LeaveCriticalSection
HeapDestroy
FormatMessageW
InitializeCriticalSection
FormatMessageA
GetProcessHeap
UnlockFileEx
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
HeapFree
QueryPerformanceCounter
SystemTimeToFileTime
HeapAlloc
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
TryEnterCriticalSection
SetFilePointer
HeapCompact
CreateMutexW
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
OutputDebugStringW
CreateThread
GetStdHandle
GetCurrentProcess
FindNextFileW
GetExitCodeProcess
FindClose
FindFirstFileW
CreatePipe
GetStartupInfoW
CreateProcessW
lstrcpyW
GetDiskFreeSpaceExW
WinExec
GetShortPathNameW
RemoveDirectoryW
TerminateProcess
LoadLibraryW
OpenProcess
GetLogicalDriveStringsW
FreeLibrary
GetDriveTypeW
GlobalFree
WaitForSingleObject
SetEnvironmentVariableW
UpdateResourceW
BeginUpdateResourceW
ReadFile
EndUpdateResourceW
GetFileSize
WriteFile
DeleteFileW
CreateFileW
GetProcAddress
GetLastError
CreateDirectoryA
WritePrivateProfileStringW
CopyFileW
Sleep
GetSystemDirectoryW
GetPrivateProfileStringW
GetModuleHandleW
CreateDirectoryW
FreeResource
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
GetSystemInfo
LockResource
Process32FirstW
GlobalUnlock
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
GetVersionExW
SizeofResource
WideCharToMultiByte
GlobalAlloc
GetTickCount
GlobalLock
LoadResource
FindResourceW
lstrlenA
SetFileAttributesW
GetFileAttributesW
GetSystemTimeAsFileTime
EnterCriticalSection
LockFileEx
HeapSize
GetTempPathW
GetStringTypeW
FlushFileBuffers
MulDiv

user32

EndDialog
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
SetActiveWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
TabbedTextOutW
CharUpperW
GetWindowTextLengthW
GetWindowTextW
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
GetNextDlgTabItem
SendDlgItemMessageW
GetDlgItem
RegisterClipboardFormatW
GetMenuItemID
GetMenuItemCount
PostThreadMessageW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
ValidateRect
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetLastActivePopup
IsWindowEnabled
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
IsRectEmpty
IntersectRect
SetRectEmpty
SetCursor
SetCapture
SetFocus
GetWindowLongW
SetWindowLongW
ReleaseCapture
CallWindowProcW
DefWindowProcW
IsWindow
DrawTextW
PtInRect
TrackPopupMenu
GetSubMenu
DeleteMenu
LoadMenuW
SetMenuItemInfoW
CreateDialogIndirectParamW
CharNextW
GetSysColorBrush
GetDesktopWindow
ClientToScreen
DestroyMenu
SetWindowRgn
SetTimer
ScreenToClient
PostMessageW
KillTimer
LoadCursorW
LoadIconW
OffsetRect
ReleaseDC
GetCursorPos
ShowWindow
SendMessageW
CopyRect
GetWindowThreadProcessId
GetWindow
GetClientRect
LoadStringW
InvalidateRect
GetSysColor
EnableWindow
SendMessageTimeoutW
GetDC
MessageBoxW
wsprintfW
GetSystemMetrics
UpdateWindow
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
UnhookWindowsHookEx
CopyAcceleratorTableW
PostQuitMessage

gdi32

CreateFontIndirectW
ScaleWindowExtEx
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
GetWindowExtEx
GetViewportExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetClipBox
ExtSelectClipRgn
DeleteDC
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
SelectObject
GetStockObject
CreateRoundRectRgn
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
CreateSolidBrush
GetMapMode
DeleteObject
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap
SelectClipRgn
CreateRectRgnIndirect

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegQueryValueW
RegEnumKeyW
LookupAccountNameW
RegEnumValueW
RegDeleteValueW
ConvertSidToStringSidW
RegQueryValueExW
GetTokenInformation
GetUserNameW
OpenProcessToken
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
InitializeSecurityDescriptor
RegOpenKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

shell32

SHGetPathFromIDListW
ExtractIconW
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetSpecialFolderLocation

comctl32

_TrackMouseEvent

shlwapi

PathIsDirectoryW
PathFileExistsW
PathRemoveBackslashW
StrCpyW
PathFindExtensionW
PathFindFileNameW
UrlUnescapeW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoRegisterMessageFilter
OleFlushClipboard
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeSecurity
CoGetMalloc
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
OleIsCurrentClipboard
CoRevokeClassObject
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal

oleaut32

OleCreatePictureIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
OleCreateFontIndirect
VariantChangeType
SysStringLen
SysAllocStringLen
SafeArrayGetUBound
SafeArrayUnaccessData
VariantInit
SafeArrayAccessData
SafeArrayGetLBound
SysFreeString
VariantClear
SysAllocString

urlmon

URLDownloadToFileW

gdiplus

GdipDeleteFont
GdipSetStringFormatAlign
GdipDeleteFontFamily
GdipCreateSolidFill
GdipCreateFont
GdipDrawString
GdipCreateFontFamilyFromName
GdipCreateStringFormat
GdipDeleteStringFormat
GdipDeletePen
GdipSetImageAttributesColorMatrix
GdipSetImageAttributesWrapMode
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipSetSolidFillColor
GdipFillRectangleI
GdipCreatePen1
GdipDrawRectangleI
GdipGetPathWorldBounds
GdipGetFontStyle
GdipGetFamily
GdipAddPathString
GdipGetFontSize
GdipDeletePath
GdipCreatePath
GdipCloneBrush
GdipDeleteBrush
GdipDrawImageRectRect
GdipGetImageWidth
GdipCreateFromHDC
GdipDeleteGraphics
GdipGetImageHeight
GdiplusStartup
GdipDisposeImage
GdipAlloc
GdipLoadImageFromStreamICM
GdipFree
GdipLoadImageFromStream
GdiplusShutdown
GdipSetTextRenderingHint
GdipCloneImage

iphlpapi

IcmpCloseHandle
IcmpCreateFile
GetAdaptersAddresses
GetAdaptersInfo
IcmpSendEcho

netapi32

Netbios

snmpapi

SnmpUtilVarBindFree
SnmpUtilOidNCmp
SnmpUtilOidCpy

ws2_32

inet_ntoa
inet_addr
WSACleanup
connect
select
WSAStartup
WSAGetLastError
htons
recv
socket
__WSAFDIsSet
closesocket
gethostbyname
send

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30fbaa470abf4ebd7038e38e82d03a33

Code Sign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47Certificate

Extended Key Usages

Key Usages

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:afCertificate

Extended Key Usages

Key Usages

10:52:bb:b8:8a:77:1d:70:fe:94:e7:20:b3:bc:cb:5eCertificate

Extended Key Usages

Key Usages

5f:d0:fa:6e:3e:36:fa:a4:5d:94:66:54:d4:0e:54:c1:05:7d:ae:05:a3:df:d7:38:40:3b:b2:11:81:bc:12:aaSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

wininet

psapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

gdiplus

iphlpapi

netapi32

snmpapi

ws2_32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 280KB - Virtual size: 280KB

.data Size: 62KB - Virtual size: 90KB

.rsrc Size: 7.5MB - Virtual size: 7.5MB

.reloc Size: 104KB - Virtual size: 104KB

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

10:52:bb:b8:8a:77:1d:70:fe:94:e7:20:b3:bc:cb:5e
Certificate

5f:d0:fa:6e:3e:36:fa:a4:5d:94:66:54:d4:0e:54:c1:05:7d:ae:05:a3:df:d7:38:40:3b:b2:11:81:bc:12:aa
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 280KB - Virtual size: 280KB

.data
Size: 62KB - Virtual size: 90KB

.rsrc
Size: 7.5MB - Virtual size: 7.5MB

.reloc
Size: 104KB - Virtual size: 104KB