8a8d5c84f95604ef98380fc533286e5f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8a8d5c84f95604ef98380fc533286e5f_JaffaCakes118
Size

3.3MB
MD5

8a8d5c84f95604ef98380fc533286e5f
SHA1

9de38cbd5ef60075fb4492329ebe1cdf77bff7ff
SHA256

79551f8b60e3bf7dd78e4fe2c724cae1b7c22c038f401bd423834cf7ccdd6d77
SHA512

901186fca9217c72826b79ead17ab0b64c29caa8ad257f7a1ff1d2deeab9d18481a1e45f604d785555e6b2270ea7ec9435c02cba92f55828ca2c9eeabd6dde23
SSDEEP

49152:XWJtxrI+y1PWBdWPkcvVPLBHUVzKLJq9/aPVZUVT1o7HyUS/:XMTIB1P2dwPVPNHUVzKLiUi

Score

1^/10

Malware Config

Signatures

Files

8a8d5c84f95604ef98380fc533286e5f_JaffaCakes118
.dll windows:5 windows x86 arch:x86

b29b24e93b82bfe894a545672e284ec5

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:f7:d9:5c:5b:27:8c:db:26:58:80:5e:08:76:75:ff
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/06/2018, 00:00

Not After

27/08/2019, 23:59

Subject

CN=Alibaba (China) Network Technology Co.\,Ltd.,OU=RDC,O=Alibaba (China) Network Technology Co.\,Ltd.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:a9:31:8d:11:5f:7c:a2:5c:65:ce:4d:48:dd:2c:cf
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/06/2018, 00:00

Not After

28/08/2019, 23:59

Subject

CN=Alibaba (China) Network Technology Co.\,Ltd.,OU=RDC,O=Alibaba (China) Network Technology Co.\,Ltd.,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:77:76:fd:bd:b3:d8:70:81:b8:3d:97:2f:21:d0:25:70:07:76:07:5c:4a:68:75:81:b6:9f:65:c2:c0:3c:94
Signer

Actual PE Digest

7c:77:76:fd:bd:b3:d8:70:81:b8:3d:97:2f:21:d0:25:70:07:76:07:5c:4a:68:75:81:b6:9f:65:c2:c0:3c:94

Digest Algorithm

sha256

PE Digest Matches

true

1d:5f:d9:2c:50:fa:14:35:c5:4a:47:f1:43:29:26:a9:e6:17:43:20
Signer

Actual PE Digest

1d:5f:d9:2c:50:fa:14:35:c5:4a:47:f1:43:29:26:a9:e6:17:43:20

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\SVN\install.v3\src\ikuUT_git_fabu\Release\UTForPC.pdb

Imports

ws2_32

freeaddrinfo
getaddrinfo
accept
listen
recvfrom
sendto
socket
setsockopt
ntohs
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
__WSAFDIsSet
ioctlsocket
gethostname
shutdown
WSAStartup
WSACleanup
WSAIoctl
ntohl
htonl
htons
WSAGetLastError
WSASetLastError
select

user32

MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
GetSystemMetrics

wtnet

NAL_resolve_host
NAL_session_SendFrame
NAL_session_Create
NAL_start_Tnet
NAL_session_Close
NAL_init_Tnet

advapi32

RegisterEventSourceA
RegOpenKeyExW
RegQueryValueExW
ReportEventA
RegCloseKey
DeregisterEventSource

wldap32

ord79
ord30
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord46
ord143
ord200
ord301
ord35

normaliz

IdnToAscii

kernel32

WriteConsoleW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
VirtualProtect
VirtualFree
SetEnvironmentVariableA
VirtualAlloc
FreeLibraryAndExitThread
GetThreadTimes
SetStdHandle
ReadConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
GetConsoleCP
GetOEMCP
IsValidCodePage
GetCurrentThread
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
CreateSemaphoreW
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
GetCPInfo
RtlUnwind
ResumeThread
GetLogicalProcessorInformation
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
GetFileInformationByHandle
CreateWaitableTimerA
OpenEventA
WaitForMultipleObjectsEx
SetFilePointerEx
GetCurrentDirectoryW
ResetEvent
InterlockedIncrement
InterlockedDecrement
CreateEventA
SetEvent
LeaveCriticalSection
InterlockedExchange
GetLastError
EnterCriticalSection
InterlockedExchangeAdd
PostQueuedCompletionStatus
TlsAlloc
CloseHandle
TlsFree
WaitForSingleObjectEx
TlsGetValue
FreeLibrary
LoadLibraryW
GetTickCount
GetProcAddress
GetCurrentThreadId
HeapReAlloc
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapAlloc
HeapFree
HeapDestroy
RaiseException
HeapSize
DecodePointer
DeleteCriticalSection
ReleaseSemaphore
DuplicateHandle
EncodePointer
CreateSemaphoreA
GetSystemTimeAsFileTime
GetModuleHandleA
OutputDebugStringA
CreateMutexW
SetWaitableTimer
GetQueuedCompletionStatus
VerSetConditionMask
WaitForSingleObject
InterlockedCompareExchange
SleepEx
TlsSetValue
TerminateThread
VerifyVersionInfoW
OpenMutexW
SetLastError
QueueUserAPC
CreateEventW
WaitForMultipleObjects
CreateIoCompletionPort
CreateWaitableTimerW
Sleep
MoveFileExW
GetFileAttributesW
GetModuleFileNameW
GlobalMemoryStatusEx
GetSystemInfo
WideCharToMultiByte
MultiByteToWideChar
SystemTimeToFileTime
GlobalAlloc
GlobalFree
GetFullPathNameW
GetFullPathNameA
CreateFileA
GetFileSize
HeapCompact
SetFilePointer
TryEnterCriticalSection
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
QueryPerformanceCounter
UnlockFile
FlushViewOfFile
LockFile
OutputDebugStringW
UnlockFileEx
FormatMessageA
WriteFile
InitializeCriticalSection
FormatMessageW
QueryPerformanceFrequency
GetFileAttributesA
HeapCreate
HeapValidate
ReadFile
CreateFileW
FlushFileBuffers
GetTempPathW
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetFileAttributesExW
GetVersionExA
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
GetStdHandle
GetFileType
VerifyVersionInfoA
GetDriveTypeW
GetModuleHandleW
FileTimeToSystemTime
GetACP
FindClose
SetConsoleCtrlHandler
RemoveDirectoryW
DeviceIoControl
FileTimeToLocalFileTime
GetSystemDirectoryA
PeekNamedPipe
ExpandEnvironmentStringsA
GlobalMemoryStatus
FlushConsoleInputBuffer
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
GetModuleHandleExW
ExitProcess
IsProcessorFeaturePresent
IsDebuggerPresent
CreateDirectoryW
LoadLibraryExW
ExitThread
GetCurrentProcess
GetVersionExW
GetTimeZoneInformation
GetCommandLineA
CreateThread
GetStringTypeW

shell32

SHGetSpecialFolderPathW

ole32

CoSetProxyBlanket
CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysAllocString
VariantClear
SysFreeString

iphlpapi

GetAdaptersInfo

wininet

InternetTimeToSystemTimeA

Exports

Exports

addDimension
addDimensionValue
addMeasure
addMeasureValue
alarmCommitFail
alarmCommitFail2
alarmCommitSuccess
alarmCommitSuccess2
counterCommit
counterCommit2
createDimension
createDimensionSet
createDimensionValue
createDimensionValueSet
createMeasure
createMeasureSet
createMeasureValue
createMeasureValueSet
crossinitUTPC
customEvent
enterBackground
enterForeground
finiUTPC
getGlobalProperty
initUTPC
originalEvent
pageAppear
pageButtonClicked
pageDisAppear
removeGlobalProperty
sendData
setBoundsForMeasure
setCarrier
setGlobalProperty
setRangeForMeasure
setValueForMeasureValue
skipPage
statCommit
statQuickCommit
statRegister
turnOffRealTimeDebug
turnOnRealTimeDebug
updatePageName
updatePageProperties
updateSessionProperty
updateUserAccountAndUserID
userRegister

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 510KB - Virtual size: 509KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b29b24e93b82bfe894a545672e284ec5

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

26:f7:d9:5c:5b:27:8c:db:26:58:80:5e:08:76:75:ffCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

5c:a9:31:8d:11:5f:7c:a2:5c:65:ce:4d:48:dd:2c:cfCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

7c:77:76:fd:bd:b3:d8:70:81:b8:3d:97:2f:21:d0:25:70:07:76:07:5c:4a:68:75:81:b6:9f:65:c2:c0:3c:94Signer

1d:5f:d9:2c:50:fa:14:35:c5:4a:47:f1:43:29:26:a9:e6:17:43:20Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

user32

wtnet

advapi32

wldap32

normaliz

kernel32

shell32

ole32

oleaut32

iphlpapi

wininet

Exports

Exports

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 510KB - Virtual size: 509KB

.data Size: 107KB - Virtual size: 129KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 142KB - Virtual size: 142KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

26:f7:d9:5c:5b:27:8c:db:26:58:80:5e:08:76:75:ff
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5c:a9:31:8d:11:5f:7c:a2:5c:65:ce:4d:48:dd:2c:cf
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

7c:77:76:fd:bd:b3:d8:70:81:b8:3d:97:2f:21:d0:25:70:07:76:07:5c:4a:68:75:81:b6:9f:65:c2:c0:3c:94
Signer

1d:5f:d9:2c:50:fa:14:35:c5:4a:47:f1:43:29:26:a9:e6:17:43:20
Signer

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 510KB - Virtual size: 509KB

.data
Size: 107KB - Virtual size: 129KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 142KB - Virtual size: 142KB