89cef6b76fbf1336572a14a415acba6f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

89cef6b76fbf1336572a14a415acba6f_JaffaCakes118
Size

18.0MB
MD5

89cef6b76fbf1336572a14a415acba6f
SHA1

70e31d5c8bf22f05a62af26fe45006720c0378fe
SHA256

5dbf1b6301ff3dc9021af5e8e731fe389ae8602b29d8fff6dd93961c05c815f9
SHA512

de97987268cdbf14a876eeb66e6ef3db6b93ff3be54d0b46fcfc821569c9f6f1c49c3b228bf80946edc78a469b305e60828f4edcd4dd0291b4ba8af515905028
SSDEEP

393216:j8w01WAck+gVqffU3aE9nRVpVWY+bL2oFKeHzv:gRITcqTE80szzv

Score

1^/10

Malware Config

Signatures

Files

89cef6b76fbf1336572a14a415acba6f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

04e152d5611b425c6e5e745cb33974ea

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

30:05:7d:6e:26:0d:0a:17:ff:ad:1b:da:f6:67:eb:f4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/10/2017, 00:00

Not After

12/11/2019, 23:59

Subject

CN=Shanghai Oriental Webcasting Co. Ltd.,OU=IT,O=Shanghai Oriental Webcasting Co. Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:15:bf:0d:75:ea:66:90:38:08:05:c5:e4:5c:fa:82
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/10/2017, 00:00

Not After

12/11/2019, 23:59

Subject

CN=Shanghai Oriental Webcasting Co. Ltd.,OU=IT,O=Shanghai Oriental Webcasting Co. Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

63:94:05:c2:d1:b9:1b:39:df:a4:4b:09:26:bd:c6:db:ff:8c:ba:65:43:d1:32:07:6a:82:47:06:75:ed:79:29
Signer

Actual PE Digest

63:94:05:c2:d1:b9:1b:39:df:a4:4b:09:26:bd:c6:db:ff:8c:ba:65:43:d1:32:07:6a:82:47:06:75:ed:79:29

Digest Algorithm

sha256

PE Digest Matches

true

e2:5e:3f:33:26:2f:64:90:25:64:ec:5d:1e:54:03:bd:d2:cf:fc:bd
Signer

Actual PE Digest

e2:5e:3f:33:26:2f:64:90:25:64:ec:5d:1e:54:03:bd:d2:cf:fc:bd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\workspace\kt_code\KanTu\ChengXu\Branch\Bin\WanNengApplication\PDB\setup_wnkt.exe.pdb

Imports

kernel32

SleepEx
FormatMessageA
WaitForMultipleObjects
PeekNamedPipe
ExpandEnvironmentStringsA
VerSetConditionMask
VerifyVersionInfoW
GetDriveTypeW
GetFullPathNameW
SetThreadPriority
ReleaseSemaphore
CreateEventA
CreateSemaphoreA
GetDiskFreeSpaceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
WinExec
GetTempPathW
LockResource
MultiByteToWideChar
FindResourceW
LoadLibraryExW
lstrcmpiW
SizeofResource
LoadResource
InitializeCriticalSectionAndSpinCount
RaiseException
InterlockedDecrement
InterlockedIncrement
DecodePointer
QueryPerformanceFrequency
QueryPerformanceCounter
GetPrivateProfileIntW
DeleteFileW
lstrcpyW
WriteFile
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
QueryDosDeviceW
GetModuleHandleW
GetLogicalDriveStringsW
GetLastError
GetCurrentProcessId
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetModuleFileNameW
ReadFile
GetFileSize
CreateThread
WideCharToMultiByte
GetVersionExW
AreFileApisANSI
LoadLibraryW
lstrcpynW
CloseHandle
Sleep
WriteProcessMemory
ReadProcessMemory
GetCurrentProcess
OpenProcess
VirtualFreeEx
VirtualAllocEx
GlobalFree
GlobalAlloc
GetVersion
SetEndOfFile
WriteConsoleW
FlushFileBuffers
GetTimeZoneInformation
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetProcAddress
FreeLibrary
GetCPInfo
GetOEMCP
IsValidCodePage
GetStringTypeW
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetStartupInfoW
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetACP
GetTickCount
GetCurrentDirectoryW
FreeResource
ExitProcess
GlobalLock
GlobalUnlock
MulDiv
GetFileType
SetFilePointer
SetFileTime
DuplicateHandle
SystemTimeToFileTime
DosDateTimeToFileTime
CreateDirectoryW
GetLocalTime
FindFirstFileW
GetCommandLineW
FindNextFileW
RemoveDirectoryW
FindClose
WaitForSingleObject
SetFileAttributesW
GetSystemInfo
GetWindowsDirectoryW
MoveFileExW
CreateProcessW
CopyFileW
GetExitCodeProcess
GetLongPathNameW
GetVolumeInformationW
GetSystemDirectoryW
CreateMutexW
ReleaseMutex
MoveFileW
VirtualProtect
InterlockedExchange
InterlockedCompareExchange
SetPriorityClass
OutputDebugStringA
DeviceIoControl
SetLastError
LoadLibraryA
GetNativeSystemInfo
IsBadReadPtr
GetFileAttributesW
GetTempFileNameW
RtlUnwind
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetStdHandle
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CompareStringW
LCMapStringW
GetLocaleInfoW

user32

SetCapture
ReleaseCapture
KillTimer
GetDC
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
GetClientRect
CreateCaret
GetCaretBlinkTime
SetCaretPos
ScreenToClient
MapWindowPoints
PtInRect
GetParent
GetWindow
LoadIconW
wsprintfW
PeekMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
RegisterClassExW
GetClassInfoExW
MsgWaitForMultipleObjects
GetForegroundWindow
SetPropW
GetPropW
LoadImageW
MonitorFromWindow
GetMonitorInfoW
IsZoomed
SetWindowRgn
MessageBoxW
CreateWindowExW
FillRect
CharPrevW
DrawTextW
GetSysColorBrush
HideCaret
ShowCaret
GetCaretPos
ClientToScreen
GetSysColor
EnableWindow
SetWindowTextW
GetWindowTextW
GetKeyState
CreateAcceleratorTableW
InvalidateRgn
GetDesktopWindow
GetClassNameW
EnumWindows
WindowFromPoint
LoadStringW
GetSystemMetrics
DispatchMessageW
TranslateMessage
GetMessageW
LoadCursorW
UnionRect
InflateRect
GetCursorPos
OffsetRect
GetWindowLongW
FindWindowExW
GetShellWindow
GetWindowThreadProcessId
SystemParametersInfoW
IntersectRect
CharNextW
PostMessageW
PostQuitMessage
ShowWindow
SetWindowPos
SetTimer
InvalidateRect
SetCursor
wvsprintfW
SetForegroundWindow
FindWindowW
GetFocus
SetFocus
IsIconic
IsWindowVisible
UpdateLayeredWindow
IsWindow
SendMessageW
GetWindowTextLengthW
DestroyWindow
SetWindowLongW
MoveWindow
GetWindowRect
IsRectEmpty
SetRectEmpty
GetWindowRgn
SetRect

advapi32

CryptImportKey
RegOpenKeyW
DuplicateTokenEx
RevertToSelf
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumValueA
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptGetHashParam
CryptEncrypt
CryptCreateHash
CryptHashData
CryptDestroyHash
RegQueryInfoKeyW
ImpersonateLoggedOnUser
SetSecurityDescriptorDacl
RegEnumKeyW
OpenProcessToken
InitializeSecurityDescriptor

shell32

ShellExecuteW
SHBrowseForFolderW
SHGetDataFromIDListW
SHGetFileInfoW
Shell_NotifyIconW
ShellExecuteExW
SHGetDesktopFolder
SHGetFolderLocation
SHGetFolderPathW
ord155
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHAppBarMessage

ole32

CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
OleLockRunning
CLSIDFromProgID
CoTaskMemAlloc
CoInitialize
CreateStreamOnHGlobal
CLSIDFromString
CoCreateInstance

oleaut32

VariantClear
SysFreeString
VarUI4FromStr
SysAllocString
VariantInit

shlwapi

SHGetValueW
PathAppendW
PathFileExistsW

gdiplus

GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipCreatePath
GdipLoadImageFromStream
GdipDrawPath
GdipDrawRectangleI
GdipDrawLineI
GdipSetPenDashStyle
GdipSetPenMode
GdipDeletePen
GdipCreatePen1
GdipAddPathArcI
GdipAddPathLineI
GdipDeletePath
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectI
GdipDeleteBrush
GdipCreateTexture
GdipTranslateTextureTransform
GdipSetSmoothingMode
GdipFillEllipseI
GdiplusStartup

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
EnumProcessModules

crypt32

CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose
CryptQueryObject

msimg32

AlphaBlend

d3d9

Direct3DCreate9

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

urlmon

URLDownloadToFileW

netapi32

NetApiBufferFree
NetWkstaGetInfo

iphlpapi

GetAdaptersInfo

ws2_32

bind
send
recv
closesocket
select
__WSAFDIsSet
WSAGetLastError
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSAIoctl
getaddrinfo
freeaddrinfo
recvfrom
sendto
accept
listen
WSASetLastError
WSACleanup
WSAStartup
gethostname
ioctlsocket

winmm

timeKillEvent
timeGetDevCaps
timeBeginPeriod
timeEndPeriod
timeGetTime
timeSetEvent

gdi32

TextOutW
ExtTextOutW
SetViewportOrgEx
GetDeviceCaps
SetGraphicsMode
GetCurrentObject
GetViewportOrgEx
GetTextColor
GetDIBits
GetClipBox
GetCharABCWidthsW
CreateRectRgnIndirect
CombineRgn
GetTextExtentPoint32W
GetPixel
CreateDIBSection
PtInRegion
CreateRectRgn
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
GetTextMetricsW
SelectObject
SaveDC
RestoreDC
GetStockObject
DeleteObject
DeleteDC
CreateSolidBrush
SetStretchBltMode
StretchBlt
SetDIBits
SetBkMode
SetBkColor
ExtSelectClipRgn
SetPixel
SelectClipRgn
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetTextColor

comctl32

_TrackMouseEvent
ord17

imm32

ImmAssociateContext
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

wininet

HttpQueryInfoW
InternetCloseHandle
InternetOpenUrlW
InternetReadFile
InternetSetOptionW
InternetOpenW

wldap32

ord118
ord46
ord14
ord216
ord208
ord41
ord26
ord27
ord127
ord167
ord142
ord79
ord133
ord147
ord301
ord145

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16.3MB - Virtual size: 16.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04e152d5611b425c6e5e745cb33974ea

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

30:05:7d:6e:26:0d:0a:17:ff:ad:1b:da:f6:67:eb:f4Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

4f:15:bf:0d:75:ea:66:90:38:08:05:c5:e4:5c:fa:82Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

63:94:05:c2:d1:b9:1b:39:df:a4:4b:09:26:bd:c6:db:ff:8c:ba:65:43:d1:32:07:6a:82:47:06:75:ed:79:29Signer

e2:5e:3f:33:26:2f:64:90:25:64:ec:5d:1e:54:03:bd:d2:cf:fc:bdSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

psapi

crypt32

msimg32

d3d9

version

urlmon

netapi32

iphlpapi

ws2_32

winmm

gdi32

comctl32

imm32

wininet

wldap32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 274KB - Virtual size: 274KB

.data Size: 12KB - Virtual size: 107KB

.gfids Size: 1024B - Virtual size: 564B

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 512B - Virtual size: 32B

.rsrc Size: 16.3MB - Virtual size: 16.3MB

.reloc Size: 67KB - Virtual size: 66KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

30:05:7d:6e:26:0d:0a:17:ff:ad:1b:da:f6:67:eb:f4
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

4f:15:bf:0d:75:ea:66:90:38:08:05:c5:e4:5c:fa:82
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

63:94:05:c2:d1:b9:1b:39:df:a4:4b:09:26:bd:c6:db:ff:8c:ba:65:43:d1:32:07:6a:82:47:06:75:ed:79:29
Signer

e2:5e:3f:33:26:2f:64:90:25:64:ec:5d:1e:54:03:bd:d2:cf:fc:bd
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 274KB - Virtual size: 274KB

.data
Size: 12KB - Virtual size: 107KB

.gfids
Size: 1024B - Virtual size: 564B

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 32B

.rsrc
Size: 16.3MB - Virtual size: 16.3MB

.reloc
Size: 67KB - Virtual size: 66KB